I am a seasoned security professional with expertise spanning physical security, security operations, internal audit, and infrastructure security. My experience includes implementing and optimizing security controls, conducting risk assessments, and driving operational security strategies to safeguard critical assets. I excel in integrating security best practices across diverse environments, ensuring compliance while proactively mitigating threats.
With extensive experience across security domains, I have built a strong foundation in DevSecOps and infrastructure security, specializing in credential scanning within SCM, CI/CD pipelines, and container environments. My expertise extends to developing and operationalizing security tooling, enhancing detection capabilities, and driving security automation across engineering workflows. I actively contribute to security platforms, refining scanning policies and integrating advanced security solutions to strengthen defenses. Additionally, I am committed to open-source security, and inspire to contribute to tools like TruffleHog to improve secret detection and remediation strategies.
| Skill | Associated Project |
|---|---|
| AWS Asset Management | Led initiative for automated solution to discover and suspend unmanaged AWS accounts. |
| Code Review | Pre-triaged thousands of credential findings in code for tooling accuracy. |
| Security Rule Writing | Wrote hundreds of custom scanning policies for security tooling utilizing regex and YAML. |
| Linux | Perform credential scanning audits utilizing trufflehog on ubuntu with bash scripting. |
| Planning | Drive the roadmap for different company wide iniatives including credential scanning, cloud asset management and CSPM. |
-FF6F00?&style=for-the-badge&logo=ine&logoColor=white){kind=icon}