Lead PRH’s Application Security program, managing strategy, governance, vulnerability management, secure SDLC, and AI-driven automation across hundreds of applications around the globe.
Lead AI Security oversight across PRH, reviewing and validating AI models, testing client tools, setting RBAC, defining guardrails, and advising engineering and business teams on secure patterns as new AI concepts and use cases are proposed.
Created PRH’s Threat Modeling Strategy, including a custom threat register MCP server, allowing AppSec engineers to complete focused threat modeling sessions in under 1 hour while aligning threats and mitigations to STRIDE and compliance requirements.
Led a team in enhancing the security posture of 100+ apps with OWASP, MITRE ATT&CK, NIST CSF guidelines.
Conducted STRIDE-based threat modeling sessions for 20+ development teams.
Designed and standardized a new application onboarding process, embedding security from inception.
Primary security liaison for global application development teams.
Established a pen-test framework focused on OWASP Top 10.
Developed a custom ASPM tool to consolidate and standardize issues from multiple sources, integrated with OpenAI's GPT-4 model to prioritize and remediate vulnerabilities.
Championed PRH WAF to protect applications.
Led security training sessions for 135+ developers.
Introduced SAST and SCA, reducing library vulnerabilities by 80%.
Developed a Python app to detect vulnerable WordPress plugins.
Defined Cloud Security standards for Docker and Kubernetes.
Developed Python program for SAST/DAST scan alerts via Slack.
Implemented RASP on 30+ applications.
Led the deployment for Data Loss Prevention on Slack.
Developed a C# program to uncover hidden web apps and APIs.
Triaged 3,000+ SAST/DAST findings across multiple technologies.
Senior Aviation Meteorologist providing aviation weather support worldwide.