Career Profile
Accomplished Software Engineer with extensive experience in vulnerability management, cloud security, and risk assessments. Proven track record of creating innovative full stack tools and solutions, standardizing processes, and driving compliance across teams and cloud environments. Adept at assessing risks, educating on security practices, and delivering strategic solutions.
Skills & Skill Levels
AWS
Python & Django
C/C++
Linux & Windows Administration
Azure
noSQL Databases
PCI Compliance
SQL
Projects
Side projects in the last two years
SucculentBot
- A simple discord bot originally built for rolling fudge dice, expanded to roll any number side of dice
Red Dress PDX webpage
- A website for Red Dress PDX, a 501(c)(3) organization based in Portland Oregon
Experience
- Transformed asset management by overhauling inefficiencies within existing infrastructure; designed and implemented seamless, resilient, and cost-effective solution that substantially lowered expenses while enhancing asset inventory accuracy
- Served as primary engineer for vulnerability management PCI assessments, successfully meeting and exceeding PCI requirements
- Orchestrated successful implementation and configuration of open-source vulnerability management reporting tool (Defect Dojo), ensuring 100% alignment with Nordstrom standards and bolstering security throughout multi-billion-dollar enterprise
- Deployed and maintained Qualys cloud infrastructure, leading to heightened identification and mitigation of vulnerabilities
- Established rigorous standards across teams, departments, and organization, fostering culture of security excellence
- Evaluated and communicated potential risks and threats, facilitating informed decision-making by stakeholders; spearheaded training and consultancy efforts to elevate organization’s adoption of best practices, fortifying overall security posture
- Completely transformed web precence to allow for easier identitfication, communication, legitamacy of one of the largest 2SLGBTQ+ organizations in Portland
- Assured PCI compliance of the organization through documentation and communication
- Evalutated and communicated insecurities within legacy web system and options for change
- Served as primary engineer for PCI cloud assessments, successfully ensuring organization’s alignment with PCI requirements
- Spearheaded construction of automated scanning, evidence gathering, and remediation system for AWS IAM Users, certifying regulatory compliance while decreasing need for manual intervention
- Pioneered creation of remediation suite for an in-house scanning tool, automating resolution of nondestructive failed CIS benchmarks, fortifying secure cloud infrastructure, and enabling multi-cloud benchmark scanning and visualization
- Thoroughly documented and remediated risks within Nordstrom’s dynamic cloud environments and instilled unified approach to cloud security across teams, ensuring robust measures and end-to-end compliance adherence
- Innovated scripts and deployments for diverse cloud platforms, increasing efficiency and reducing operational complexities
- Constructed intuitive, single-pane-of-glass compliance view spanning multiple cloud environments, streamlining audit process
- Ensured all volunteers received necessary supplies and were relieved as necessary to ensure seamless event
- Worked with board members, event staff, and venue staff to ensure any issues that arose were handled without disturbing guests
- Ensured all guests were safe within the event and ensuring all guests were given opportunities for ride share if necessary
- Used OLCC license to ensure no guests presented a risk to themselves or others
- Conducted meticulous assessments of internal technologies in accordance with industry best practices, and proactively surfaced concerns to proper leadership related to both internal and vendor technologies, driving regulatory compliance and risk management
- Instituted cutting-edge Lambda function to audit and analyze security group rules within AWS, eliminating overly permissive rules and maintaining PCI-compliant environment while logging results for comprehensive monitoring and assessment
- Built and launched new infrastructure solution after existing cloud architecture became overwhelmed and incapable of supporting regulated data, leading to improved ease, security, and compliance for application deployment across organization
- Engineered impactful security group remediation strategies as well as self-service agent check mechanism, significantly removing potential attack vectors, optimizing operational workflows, and automating security check process
- Took charge of on-call responsibilities, providing expert education on AWS services, Nordstrom infrastructure, and application team issues, contributing to swift issue resolution and continuous improvement