Canada
Proven strategic and technical leader for innovative security programs in organizations responsible for cloud service engineering and product security, protecting critical infrastructure, securing large enterprises, and ensuring safety and security through proactive management of threats and risks. Over 20 years of progressive experience in security roles, leading programs and teams which protect consumers, businesses, and the public sector. Thrives on solving complex security problems to deliver on strategic business outcomes and is passionate about developing highly skilled teams and emerging leaders. Excellent fit for roles that focus on strategic leadership of intelligence-led security programs which proactively research and design solutions that solve complex security problems and anticipate threats to people, businesses, and public safety.
Serving as Principal AI Security Architect and lead for a Microsoft Security Engineering AI Security v-team, shaping the secure architecture strategy that underpins how Microsoft builds and deploys AI systems such as M365 Copilot, orchestration frameworks, and agentic systems. I lead a cross-organizational effort to define secure-by-default patterns, identify and eliminate anti-patterns, and deliver prescriptive engineering guidance that accelerates innovation while strengthening security posture. The v-team brings coherence across Microsoft Security Engineering by establishing unified architecture standards, platform requirements, and reusable patterns that reduce duplicated work and enable teams to build secure AI solutions more efficiently. Our guidance is grounded in both cutting-edge research and practical engineering experience, ensuring product teams have consistent, safe, and well-supported paved paths. We continuously incorporate lessons learned to evolve Microsoft’s AI security architecture in a rapidly changing landscape.
Leadership of a security engineering team setting technical direction across a broad high-impact charter. Our group is responsible for security architecture and subject matter expertise across application security / penetration testing, code and engineering systems security, privacy engineering, security research and development of AI / LLM solutions, strategic architecture remediation initiatives, and product security architecture review.
Principal Security Lead in M365 Cloud Security with a charter focused on engineering systems, code security, privacy engineering, application security / penetration testing, and research to create and engineer novel solutions for security and privacy problems using AI and other advanced approaches. This charter is part of our evolving Secure Future Initiative (SFI) efforts that advance cybersecurity protection across our company and products including AI/LLM and Copilot services. Our team owns strategy and program management for security engineering that ensures we have the right platforms integrated with engineering systems, research and development for security and privacy flaw detections, and scales out mechanisms across Microsoft to discover, prevent, and anticipate software flaws throughout the Security Development Lifecycle (SDL).
Leadership of a team protecting the Amazon Web Services (AWS) cloud computing environment and all our customers. The team partners with teams building emerging technologies and services. We validate that services and applications are designed and implemented to the highest security standards. AWS Security is on the cutting edge of many security issues for a wide variety of platforms and technologies including cloud services, Internet of Things (IoT), identity and access management, mobile devices, virtualization and custom hardware, all operating at massive scale.
Global Head of Information Security for Visier. Strategy, vision, and leadership of Visier’s comprehensive Information Security program including: - Architecture and Standards: standards, best practices, and architecture; Secure Development Lifecycle - Analysis and Assessment: security assessment (vulnerability management, penetration testing); threat assessment (emerging threat assessment, threat modeling, Red teaming); threat intelligence - Assurance and Operations: detection and response; network security monitoring; enterprise security I was responsible for planning and implementation of security procedures and solutions throughout the organization that are consistent with company goals, industry best practices, and regulatory requirements. Our team supported strategic business objectives throughout a Secure Development Lifecycle. We reviewed and recommended security safeguards and configurations in a complex system infrastructure. We recognized and incorporated defense-in-depth safeguards for hybrid cloud, network perimeter, enterprise network, application, and data layers. We defined what “secure” looks like, ensured it was effective through regular verification, and led the organization in a “security engagement” culture where everyone is part of making a difference in protecting Visier and the customer data we are entrusted with.
Created the strategic plan for an innovative telecommunications Red Team & Cyber Threat Intelligence program over the span of one and a half years before implementation in November 2013. Led a matrix team delivering analytical and operational red teaming, including threat/attack modeling and live-attack testing. Applied operational, analytical, and practical red teaming methodologies to improve decision-making, counter organizational decision-making rigidity, and challenge entrenched assumptions about threats and risks. Chaired the Red Team Governance committee.
Leadership of security programs and teams responsible for mitigating risk due to vulnerable systems, including social and human factors, physical data centre facilities issues, and security policy/compliance gaps. Chaired the TELUS Vulnerability and Patch Management Steering Committee. Led a Data Protection Task Force which informed future strategies for data protection and loss prevention. Accountable for multiple security programs: Vulnerability Management Program; Security Assessment and Penetration Testing; Security Awareness and Communications Program; Policy and Compliance Program (until January 2013); Customer-Facing Security Officers (until January 2013)
Leadership of a multi-functional team including establishing the Network Security Analysis program while driving improvement and integration of teams that traditionally operated in silos. I provided technical leadership for three security programs within TELUS Network Operations: - Network Security Analysis: Proactive and strategic security; emerging threat research and assessment; security assessments; managed security service evolution; security technology standards - Network Security Infrastructure: security service design and implementation; Managed Security Services - Operational System Support (OSS) Infrastructure: administration and assurance
Responsible for security within the Engineering/Operations Shaw Operations Centre and Security Task Force, supporting hiring, mentoring, and professional development within a highly customer-focused culture.
Established security practices, cross-functional partnerships across business units, and international industry relationships. Earned trust as a subject-matter expert and chair of the Security Task Force for Operations, Engineering, and Legal & Regulatory departments. Led investigations as national liaison for law enforcement and Public Safety Canada.
In this role I was focused on system administration of UNIX and UNIX-like hosts (primarily Linux and Solaris), services and network management applications including HP OpenView Network Node Manager, as well as network forensics and operational network/Internet security responsibilities.