Houston, Texas, United States
I help organizations move fast without compromising security. As a Principal Engineer with 12 years in cloud security, I sit at the intersection of engineering and business — translating complex risk landscapes into clear strategies that teams can actually act on. My work spans threat modeling, CI/CD security, and cloud-native architecture, with a focus on building security into the development lifecycle rather than bolting it on at the end. One of my most impactful contributions has been publishing a Container Security Standard adopted across an organization-wide build pipeline — turning a fragmented, ad-hoc process into a consistent, scalable security baseline that developers can rely on. What drives me is the belief that strong security and business velocity aren't in conflict — they reinforce each other when done right. I partner with engineering, product, and leadership teams to make that case and make it real. If you're working on cloud security challenges, building out a security program, or just want to trade ideas — I'd love to connect.
- Published Twilio Container Security Standards - Implemented Container Security Controls - Performed CICD Security Reviews and Remediation - Built secure-by-default Terraform modules as paved paths for next-gen Infrastructure as Code pipeline
- Worked with Platform team to implement AWS IAM Identity Center, integrating with ServiceNow, OKTA, and Terraform for automated account onboarding and Just-In-Time IAM role access to reduce persistent human access to permissive IAM role and reduce that time to only during perform their job - Planned and implemented AWS Organisation OUs for environment segmentation to allow tailored security controls over each OU - Wrote the Cloud Security Merger and Acquisition Runbook to secure AWS Accounts from multiple acquisitions to follow Twilio Cloud Security standards - Managed AWS Service Control Policy (SCP) for 3 AWS Organizations using Terraform to only allow modification of security IAM roles and sensitive API calls by security teams - Wrote the AWS Root Accounts Credentials Management Runbook to define the standards, contact info, and procedures to lock away and retrieve all of Twilio's AWS Root Accounts Credentials to prevent teams from ever using it and only Security team can access it during a break-glass scenario - Deployed and operated various CSPM tooling (Rapid7 InsightCloudSec & Orca Security) to gain cloud visibility across all cloud accounts in all CSP, ensuring the CSPM is healthy and alerts are accurate - Wrote automation to generate JIRA tickets for critical and high alerts to quickly allow dev teams to resolve the issues in a timely manner in their sprint - Automated removal of abandoned AWS IAM Users and Roles using data from CloudTrail and Billing information to reduce attack surface and prevent ex-employees from accessing current data - Worked with Platform team to implement automated security review for firewall requests, trust relationships and DNS requests to decrease on-call workload and increase engineering development speed - Worked with Platform team to implement Container Scanning using Anchore during commit phase to prevent images with high & above vulnerabilities from getting into Twilio's image registry
TLDR; in a world where scaling up/out is easy, my job is to secure and delete cloud resources with confidence (no outage) to reduce attack surface and eliminate IAM privilege escalation/creep.
I help students gain confidence and skills to handle real life self defense scenarios. Starting from the basics of a fighting stance to effective weapon disarm techniques.
- Led DevSecOps transformation initiatives, managing a team of 5+ engineers. - Automated and scaled security across multiple cloud projects, including TechStack. - Implemented Cloud Custodian for rule-based security checks and remediation in AWS. - Designed Multi AWS Accounts SSO, consolidating IAM users into a control-plane account. - Architected Hashicorp Vault and Consul HA clusters for secret management. - Deployed Splunk and Enterprise Security for SOC and SIEM capabilities. - Integrated CyberArk and Checkmarx to enhance DevOps security practices. - Initiated secure coding learning programs to shift security left. - Served as Security Incident Responder, conducting cyber forensics for AI team.
Continuing to secure Intuit's information day and night.
Proud member of Intuit's Cyber Attack Tiger Team Fun includes developing and maintaining Intuit's security operations and infrastructure; security incident response; security logging, monitoring, and alerting; security testing (Red Team); security issues consulting and remediation; whitelisting services for company use. DevSecOps.org
My responsibilities include developing and implementing an initial security risk assessment framework for Intuit to help the different business units within the organization understand their security risk postures and its business impacts. I also pilot the project with our internal business partner, Check, a newly acquired company by Intuit, to assess its security risks.