I lead the charge in building, scaling, and optimizing Application Security programs that protect enterprise applications from code to cloud. With experience spanning SAST, DAST, SCA, CWPP, WAF, and AI-driven security initiatives, I partner with developers, architects, and leadership to weave security seamlessly into modern development lifecycles.
Security should be an enabler, not a blocker. My mission is to make secure development the easiest path forward.
|
Secure the SDLC Embedding security from ideation through deployment. AppSec Strategy Aligning security controls with business objectives. Tooling Leadership Scaling platforms like Checkmarx, Snyk, Veracode, NexusIQ, and Prisma Cloud. |
Developer Empowerment Driving adoption via IDE plugins, CI/CD integration, and gamification. Risk Reduction Using AI, automation, and analytics to mitigate vulnerabilities faster. AI Security Securing LLM and ML systems, and applying AI to accelerate threat detection. Shift-Left Culture Championing security ownership across every team. |
| Domain | Skills & Tools |
|---|---|
| Application Security | SAST, DAST, SCA, RASP, IAST |
| DevSecOps | GitHub Actions, Azure DevOps, Kubernetes Security |
| Cloud Security | AWS, Azure, Container Security |
| Programming & Scripting | Python, Bash, PowerShell |
| AI in Security | ML-based risk scoring, LLM security research |
▸ AI-enhanced vulnerability detection and remediation
▸ Secure adoption and governance of AI-generated code
▸ Frictionless developer security experiences
▸ Application Security and AI risk management convergence
▸ Threat modeling for modern cloud-native architectures
▸ Cross-team collaboration for secure delivery
▸ Data-driven security program maturity and measurement
▸ Researching emerging attack techniques and defensive controls
▸ A pervasive shift-left security culture
▸ Scaling security through automation and intelligent workflows

