Resume

EXPERIENCE

Application Security Architect - 2021-present

DevSecOps - Premier, Inc.

• Implemented ongoing 8-week training program for Security Champions on basics of all DevSecOps tools and process

• Security Champions were then embedded in our development teams

• Held bi-weekly meetings to assist developers with mitigation

• Resulted in lower MTTR and higher engagement with development teams

• Performed in-depth evaluation of new security tools

• Acknowledged by one vendor on the thorough analysis

• Managed roll-out of OSS scanning tool from configuration, custom integration, and internal documentation, to user training, application on-boarding, and vulnerability mitigation

• Advised on enterprise security settings for cloud CI/CD platforms, including plugins

• Member of Architecture Review Board, which reviewed application deployments to Azure Cloud

• Led project planning, created and assigned stories to team members

Senior Software Engineer - 2018-2021

DevSecOps - Premier, Inc.

• Worked with developers to adopt security best practices in an agile environment using Threat Models with STRIDE, OSS and SAST scans from IDE and CI/CD pipeline, and DAST scans

• Performed Threat Modeling training sessions with 33 development teams

• Increased awareness of security risks

• The teams continued to Threat Model during each planning session

• Configured and triaged 700 OSS and 300 SAST scans

• Provided recommended mitigations

• Prevented critical vulnerabilities

• Protected client PHI and PII data

• Recommended developers create automated testing for vulnerabilities identified during SAST and DAST scans

• Focused on OWASP Top 10 – Web Application, Mobile, API Protection

• Created mitigation guides to supplement generic recommendations from scanning tools, CAPEC, CWE

• How to apply mitigations in the languages and frameworks used by development teams

• Created mitigation guides for OSS Security, License, and Operational risk

• How to mitigate direct vs transitive dependencies, review CVEs, review licenses

• Coordinated multiple initiatives with the Security Operations team on risk mitigation

• Subject Matter Expert of security tools and processes used by DevSecOps team

• Defined Standard Operating Procedures

• Trained new team members on all DevSecOps tools and processes

• Held weekly team meetings, including demos and Q&A

Software Engineer - 2016-2018

Customer Identity and Access Management - Premier, Inc.

• Designed and implemented several complex features for custom CIAM application

• Automated de-provisioning

• Customizable provisioning requirements, such as mapping permissions to roles

• Second-level approval process for elevated access

• Created provisioning how-to guides and FAQ of the custom CIAM application

• Trained new team members on internal operational support

Associate Software Engineer - 2015-2016

Customer Identity and Access Management - Premier, Inc.

• Agile Acceptance Test-Driven Development (ATDD) for custom CIAM application, which supported multiple upstream and downstream services

• Focused on APIs and back-end services

• Internal operational support

Research Assistant - 2013-2015

Computer Science Department - North Carolina A&T State University

• Researched the topic of Clickjacking attacks, and created a student lab for the Software Security Testing course

• Developed a case study for students on logic flaws, using e-commerce software integrated with a third-party payment processor (e.g. PayPal)

Teaching Assistant - 2013-2014

Computer Science Department - North Carolina A&T State University

• Helped students during weekly labs for Introduction to Computer Programming, using provided instructions (Fall 2013)

• Graded weekly labs and homework, and quizzes on assigned reading (Fall 2013)

• Held tutoring office hours for Discrete Structures, and Analysis of Algorithms (Spring 2014)

Sales Associate - 2010-2013

The Paradies Shops

• Worked independently at three different locations within the Piedmont Triad International Airport to provide quality customer service

• Handled questions and complaints to ensure a positive customer experience

• Assisted Team Leaders and other associates to keep the stores clean, well-stocked, and organized

VOLUNTEER EXPERIENCE

Convention Manager - 2006-2012

Yachting Club (Sci-Fi/Fantasy and Interactive Gaming) - Guilford College

• Directed all aspects of organizing a large event: Coordinated with convention guests/vendors, made venue, lodging and transportation reservations, created convention and staff work schedules, and managed a budget

• Led a staff of event supervisors and volunteers working as a team to set-up, operate, and break-down the convention

• Improved organization and marketing doubled the attendance to 400+

Webmaster - 2007-2009

Yachting Club (Sci-Fi/Fantasy and Interactive Gaming) - Guilford College

• Formed the new officer position and elected Webmaster 2007-2009

• Developed and implemented new website design, and performed weekly maintenance and updates

Certified National Field Archery Association (NFAA) Coach - 2004-2009

Archery Club - Northern VA and Guilford College

• Worked individually or with other volunteer coaches to teach students aged eight to adult

• Formed the Archery Club at Guilford College and elected President 2007-2009