Kitchener, Ontario, Canada
Hi folx! I am a Senior Manager at Wealthsimple. My team is made up of software developers using code to solve security problems. I have often described us as “boots on the ground” for the security organization. If there is a problem that needs solving and off the shelf components won’t cut it, we are the team that gets tasked with finding a solution. In my last role as Team Lead for the Application Security Team at Wealthsimple, I had the privilege of creating our wildly successful Security Champions program which continues to run to this day. Currently, I am working on developing solutions for a distributed authorization layer that makes security easy and improves the developer experience. In my spare time I am an avid reader. Recently, I challenged myself to see how many books I could read in just two months and am pleased to report I tapped out at 17. I am always looking for suggestions as well! Please feel free to DM me your favourites :D
Oversaw the strategy, tactics, and operations for three teams covering Cloud Security, Network Security, Endpoint Security, Application Security, and IAM leading to the implementation of a risk informed and resilient approach to enterprise security. Reorganized the department to align with business objectives based on integrating the team topologies model into the security context leading to better feedback loops and fewer inflight projects of lower priority. Led the development of the annual departmental budget and continue to coordinate with finance on a monthly and quarterly basis for variance and re-forecasting leading to significant cost savings, fewer overages, and better ROI. Co-authored quarterly security reports shared with the management team and the board which delivered a clear understanding of the program status and the on going work of the department. Directed the rollout of organization wide security initiatives that required building support with stakeholders, coordinating with cross-functional groups, evaluating and selecting between different implementation options and which enabled the business to reach its objectives while decreasing overall risk. Developed and implemented a framework for evaluating the security posture of potential external partners which enabled the business to make better decisions with regard to the risk associated with these partners.
Established the new platform security team and their associated mandate and workflows while also assisting in the promotion of a former direct report and the establishment of another security team. Reviewed and published ~8 job descriptions and ~4 hiring pipelines while also conducting many interviews for my own team and others. Coached and mentored ~7 individual contributors including growing team members from an intern to SWE 1 and from SWE 2 to Senior SWE. Managed through others on many projects ranging from risk mitigation, authorization, and data enrichment.
Assist students of the Cyber Security program with the course work and general security skillset. Collaborate with other mentors to provide feedback on the program.
Advised in a technical capacity on implementing process controls and changes in order to comply with California Consumer Privacy Act (CCPA). Led the effort to triage and resolve any vulnerabilities identified as part of our penetration test, static code analysis (SCA), and dynamic application security testing (DAST) by collaborating with and supporting our internal development teams. Enabled roughly a dozen internal development teams and approximately 100 developers to operate efficiently by serving as an expert resource for questions regarding security best practices, vulnerabilities, and potential mitigations. Identified opportunities to improve security through the implementation of changes to our people, processes, and tooling as part of establishing a DevSecOps practice. The intent of the project is to enable development teams to build secure MicroServices efficiently and in a self-service manner. Designed the Secure Code Review System in order to assist developers during application design review and code changes.
Project lead for the Hosted 2.0 Analytics instrumentation. In this capacity, I served to co-ordinate multiple stakeholders and acted as an advisor on all aspects related to analytics for this project. Accessibility (A11y) advocate and subject matter expert for Hosted and other related web development. Researched and implemented industry best practices as they relate to accessibility. Designed and implemented an Internationalization (I18n) system for the Hosted 2.0 project. The system allows for implementing custom translations, updating translation files on the fly, and is backed by a simple MicroService. Architected a MicroService system used to co-ordinate updates to multiple User Acceptance Testing (UAT) environments. The service also obfuscated sensitive information and created an audit-able log of actions against the UAT environments. These practices were developed in co-ordination with the InfoSec team. As a member of the Hosted team I actively participated in all agile ceremonies with a focus on being team first and looking for room to improve. I also serve to mentor other team members through informal tech talks and guilds, participate in code reviews, and develop new features from scratch or refactor existing code to increase performance and usability.
Facilitated the training on rapid eLearning Authoring using Articulate Storyline for ~25 developers over 3 semesters. Developed 2 interactive modules on Accessible Design and Copyright Management to be used as part of self-paced training for eLearning Developers. Designed a comprehensive module review system integrated into their LMS (D2L) with a set of how-to guides for use in course development.
Created the Accessible Development Policy Manual to bring course design and development into compliance with WCAG 2.0 Level AA. Designed the Copyright Management Process used to catalog over 2,100 pieces of media used in online courses to quickly identify potential infringement. Developed a micro-CMS application using AngularJS 1.5.x and PHP 5.6.X using a RESTful API structure to allow users to actively take part in course development. Maintained, expanded, and scaled 6+ active internal and external sites for the Centre for Flexible Learning using well designed, testable, and efficient code.
Lead facilitator for the "Digitizing Your Memoirs" workshop series offered jointly through Seneca College and Skill4Change for ~10 cohorts and approximately ~90 students. Successfully led the revision of course curriculum to adjust for technical incompatibilities. Recruited and managed 6 Teaching Assistants (TA) for the workshops.
Developed 11 modules for a degree level course using the rapid eLearning authoring tool Articulate Storyline Created the first version of the Module Review Feedback System using HTML5, CSS3, and Google SaaS Offerings. Collaborated with 11 other developers to perform peer reviews and communicated with SMEs to ensure that development adhered to their vision for the course.