Panorama Education, Inc: Managing the security of an EdTech AI platform
(since 2022)
In my current position, I lead security engineering, product & AI safety, and security operations. Our cloud-native applications help 25,000 schools support 1 in 4 students in the US, with a wide range of AI features and integrations.
Doing this effectively starts with risk management and mitigation strategy, control frameworks (NIST 800-171), and assessment & testing (frequent penetration tests, quarterly and SOC2 Type II audits). Thanks to my team of 5 security engineers, new products are safe, and security improvements are a constant in the Technology department (Product, Data Science, and Engineering) as we guide SDLC (Secure Development Lifecycle) processes, including security reviews and offensive security.
Top highlights of my role have included spearheading AI security (policies, agentic threat modeling, adversarial testing, guardrails, and other controls) and the joy of supporting five security rockstars’ equally positive impact on the security posture and culture of a major EdTech platform.
Simplisafe, Inc: Managed a holistic information security program (corporate, product, cloud)
from 2019-2022
I had the honor of serving a team of 200+ engineers & IT, advising on information security safeguards, strategy, and coordination with heads of departments. I brought teams together for cyber readiness & resilience, privacy/compliance, and incident management.
Some highlights included developing a security program with the NIST CSF, enabling and securing remote work for COVID-19, orchestrating cybersecurity education and partnerships for technical and non-technical teams, vulnerability management, and managing Identity & Access programs (coordinating launches across multiple teams). As my team led an organization-wide software security program, we also developed comprehensive preventative and recovery processes across all engineering teams & systems.
Akamai, Inc: engineered products and processes to lead in WAF and Bot mitigation solutions
from 2015-2019
I designed and developed product solutions to protect Akamai customers from Bot traffic, which makes over 1 billion attacks per month on our distributed computing platform. This technology preserves 100% of the user experience while preventing transactions from even the most advanced automated scripts.
As a senior engineer, I drove designs, owned and assisted in the delivery of software enhancements. To operate security at the scale of Akamai’s customer base, I worked with our distributed team to keep this solution’s infrastructure ready for ever-larger crowds and botnets, so that everyone enjoys smooth online retail on black Friday or exclusive events. My work also powers the operations and systems monitoring for this security solution. Anomaly detections at a “macro” scale for continuous improvements also have “micro” anomaly equivalents, where I drove efforts for evolutions in deep learning and client identity.
Before joining the engineering team, I drove customer security integrations, seminars, and helped lead a team of 15 top performers. At the core, we deployed Web Application Firewall (WAF), Bot and DDoS mitigation solutions for high traffic sites and enterprise applications, reporting 45% annual growth at $365M/Y.
Automated footprint & risk assessments and “executive summary” documents
2017 Keynote speaker at a biannual technical conference (internal), presented on bot attacks.
To support my team, I built solutions for skill tracking, quantified hiring, and productivity automation
Internal Hackathon 2nd place team, Patent 16/014,033
Akamai, 2017
Leading a team of 5, we built a full prototype for a unique identity security solution in 48 hours. Making a proposal become reality was terrific, and we were proud to succeed in creating an end-to-end protection system, complete with a secure client-side, Edge-side, and admin-side experience supporting an unfailing demo. The output was highly acclaimed by judges, and many of the heuristics in our design were echoed in the January 2018 announcement of an acquisition positioning Akamai as a CIAM leader (integration of Janrain as the new Akamai Identity Cloud).
Internal Hackathon: Deep Learning
Akamai, 2018
Leading a team of 4, we built a functional pyTorch-based Multi-Layer Perceptron HTTP classifier trained on organic and artificial datasets (malicious and benign HTTP traffic). Our technology probe met our goal of generating CDN code automatically and re-using feature extraction already computed by the platform, affirming an open path for evaluations of Neural Networks in Web Security.
VMWare WorkspaceOne (Now Omnissa): large-scale mobile security across the US & Europe
from 2010 to 2015
I was lucky to be part of the core team (originally AirWatch), which grew from 75 to 2,000 employees by 2014, turning a software startup into a 15,000-customer ecosystem with numerous partners, culminating in a $1.5B merger.
As a security product manager, I improved and maintained security solutions from the cloud to mobile and the company's web footprint, ensuring the security of the infrastructure used by tens of thousands of companies.
Product Security Incident Response Team (PSIRT)
Expert role and point of contact on underlying technologies and threat intelligence
Assessment via CVSS/CWE/OWASP
Remediation coordination: agile process
Product Security
Facilitator role for Security Development Lifecycle: Product Security Requirements, Threat Modeling, Quality Gates
Architecture of the products and how data is secured
Project management to converge and deliver improvement milestones
Before joining R&D, I managed long-term relationships and projects with top-tier customers in Telecommunications, Aerospace, Finance, and Industry as a Technical Consultant
Responsible for 4 release cycles in 2 years with a major international telecom partner (Vodafone)
Helped to design, build, and maintain SaaS and on-site infrastructure deployments, many reaching 100,000+ managed devices
Roadmap, user acceptance testing, and adoption
Change control on complex architectures, maintenance, and support
Facilitated communication between AirWatch R&D and customers for agile feature development
Actively contributed to knowledge building, training, company conferences, and products
Developed relationships with internal and partner product teams to advance feature integration
Contributed 1,700 enhancements to security, features, and quality
Created a suite of 20+ web tools, launched internally to aid productivity (over 100 views per day)