All things security

Advisor

Advisor

Responsible for Infrastructure, Network and Data Security
- Create and Socialize Security Policies to the Technical Operations and Engineering teams
- Conduct security reviews on new cloud products
- Review all infrastructure, data and network components of all software and design documentation
- Refactored IAM usage from a broad access model down to a least privileged model
- Create a data catalog, with data classifications
- Create and document threat models, and determine the needed controls to minimize risks to an acceptable level
- Setup tools to scan the Cloud infrastructure against a set of security policies and alert on violations
- Audit the cloud infrastructure and IAM implementations to ensure defined policies and approved patterns are continuously being followed
- Work with Tech Ops and Engineering to define new patterns that meet the organization's security policies and goals as needed
- Defined a secure and auditable secret management solution and policy; provided a roadmap of how the Tech Ops team should implement the solution to minimize engineers ability to see all secrets
- Defined a Kubernetes Security Maturity roadmap to help improve the security posture of all microservices deployments and help ensure a least privileged model
- Led the infrastructure and security sub-teams for designing and standing up a new Kubernetes cluster with the Istio Service Mesh

Lead on the Enterprise Security Operations and Development team.
Responsibilities include:
- Implementation and administration of SaltStack for State Management and command channels
- Implementation and administration of Nagios XI for system and service monitoring
- Hardening of Infrastructure
- Manage Secret/key Management infrastructure that support revenue
- Patching of infrastructure
- Performing BCDR excercises
- Develop tools for process automation
- eBay Agile Leader
- eBay Privacy Champion
- eBay Security Champion
- Led a cross-function Cryptography team

Work on the Technical Operations Team.
- Used Ansible to create a reusable/extensible application deployment framework for deploying applications into AWS EC2
- Handled coordinating Vulnerability scans and vulnerability remediation of cloud applications on AWS in a HIPPA environment
- Achieved PCI Certification on production infrastructure through issue/vulnerability remediation
- Implemented SaltStack to handle AWS ec2 server config management
- Implemented Terraform to handle AWS Cloud Infrastructure State
- Utilized Terraform and docker to create a dynamic development environment
- Designed and implemented SSH Key management system for our AWS VPC environments
- Designed and implemented aws ec2 Security Group management system to handle managing AWS security groups rules
- Deployed a Mesosphere cluster into AWS and created a container infrastructure to allow for more flexible options with having multiple versions of the same microservice in operation at the same time
- Implemented Service Discovery, Centralized config management and Secret mamangement systems in AWS for creating a better security posture.

Came in as the first member of the IT Operations team. Handled SysOps, DevOps, NetOps and SecOps tasks. Setup all core company server infrastructure and currentCame in as the first member of the IT Operations team. Handled SysOps, DevOps, NetOps and SecOps tasks. Setup all core company server infrastructure and current support and maintain all infrastructure. Built a team of 5 Sys Admins and 2 Network Engineers.
- Created new corporate servers and services as part of the building move(DNS, LDAP, NTP, Radius, Rancid, Zabbix. Deployed all applications using Docker
- Implemented Kickstart for bare-metal provisioning until we were able to get BCFG2/Ansible in place. - Handle all security related functions including, badging, managing camera and security network, defining IT processes(AUP, password policies, etc.), On-boarding(Account creation), Off-board(Account suspension/deletion), review device and server logs to identify possible issues, litigation searches, server hardening, identifying security holes and recommending fixes. Setting up IDS and behavioral analysis tools
- Manage various IT Operations based projects and worked with stakeholders from gathering requirements through delivery.
- Review all RFCs submitted to the Change/Release Advisory Board, perform initial review of request and classification of request. Also responsible for determining if RFCs are approved, rejected or tabled
- Manage all corporate SAS solutions(Jira, Box.com, Github, Confluence, etc.)
- Work with the Operations team to constantly review processes and infrastructure to see where improvements can be made
- Implemented Zabbix and Nagios as our server monitoring solutions.
- Built a team of 5 Sys Admins and 2 Network Engineers.

Worked in the Developer Operations group within IT - Refactored portions of the web application resulting in both a 40% reduction in code and a more flexible configuration - Administered and maintained critical applications like Confluence, Jira and Jenkins - Lead for a site migrations from Zend Framework to Wordpress - Managed an outsourced design team in the redesign of the company's web properies

Joined as a Lead Software Engineer, the companies first engineering hire, promoted to Engineering Manager a short time after and to Director of Engineering a year later. - Recruited and hired a team of 15 software engineers. 10 Backend PHP/Java engineers and 5 Frontend engineers - Architected and built a RESTful SaaS web service for their electonic document workflow offering. - Mentored and promoted 2 engineers into management and created an SDK Development/Professional Services team - Architected the cloud based environment for hosting the SaaS offering in AWS, with failover and scalability adopting a hybrid cloud model

Worked with a small team to develop and maintain one of the largets video/community sites on the internet at the time, TV.com - Created a Unified Video Infrastructure that ingested videos from partners, normalizws the data and redistributes the videos out to partners - Create various tools for analyzing site performance and indentify performance bottlenecks - Created the TV.com HD Video Gallery

Worked as one of two Technical Consultants for North America - Attended pre-sales meetings with clients and partners to gather information and determine the type of consulting services needed - Conducted Webinars and on-site training on topics like Unit Testing, Continuous Integration, Application Security and Zend Framework usage - Traveled to customer and partner sites to provide training, consulting and application development

Managed the engineering team and companies compute infrastructure - Hired and managed a team of engineers, designers and system admins - Designed a sports wagering application framework that allowed for the easy lauch of 36 team rival sites based on theming and configuration changes - Architected a server/application architecture to handle 10,000 concurrent connections per second

Worked closely with the web marketing team and the techinical network team - Developed the Virtual Appliance Marketplace - Supported the VMWare Technical Network and helped migrate from a forum based site to a community based site - Took ownership of the code deployment process and refactored the legacy deployment architecture into a more robust architecture that allowed roll back without another deployement - Created the initial(pre-SFDC) VMWare Partner Portal

Responsible for consulting with potential clients - Managed a team of 6 developers - Mentored and handled code reviews for junior and mid-level engineers - Created Technical and End-user documentation - Worked with clients directly for periodic code drops and final milestone deliveries

Computer Science