I'm a security person in a software world. My focus is on bringing holistic and pragmatic security solutions to software companies, and I'm especially partial to risk-reducing solutions which improve development processes or developer experience (bingo!).
Currently, I'm a Cloud Security manager @ Amazon as part of the Application Security organization. Corporate-speak aside, we reduce the cost of securing Amazon's applications in the cloud and promote long-term sustainable architecture, and we eliminate more annualized risk than our salaries and infrastructure costs. Sometimes we're building tools to 'shift left' in cool or unusual ways, sometimes we're pushing the limits of what issues can be detected from analyzing infrastructure at scale. My team is not the "run ScoutSuite and call it a day" type, thankfully. :)
My notable past roles include:
- Sr. Security Engineer, Amazon (completing an L4-through-L6 IC journey)
- Security Engineer, Vulnerability Management @ Luta Security on the Zoom contract
- Product Security Engineer @ Datto, and Software Engineer before that
I do security research across many topic in my spare time (read: whatever grabs my interest, little real theme), and either dump half- to fully-baked repos on GitHub or publish posts on my blog. If you'd like to chat or connect, you can find my social media and ways to message me on my contact page.