Chicago, Illinois, United States
Accomplished Technical Product/Application Security Leader with 25 years of experience in technology, including more than 10 years of building security programs from the ground up and 6+ years leading cross-functional teams. I possess a strong blend of technical expertise and business acumen, with a deep, hands-on understanding of developer-centric security practices, thanks to over 15 years of coding experience across diverse technologies like Java and Microsoft solutions. Proven track record of successfully implementing security programs across multiple industries, such as finance, healthcare, retail, and real estate. Adept at fostering an environment where teams feel empowered, take ownership of their work, and have an active voice in shaping program-level decisions. Key Security Initiatives: Application/Product Security initiatives: Vulnerability Management , Security Champions, Threat Modeling, Developer Training Cloud Security, Container, IaC, Web Header Standardization, Secure SDLC, DevOps/DevSecOps, Software Supply Chain Security, Third Party Security Technologies: DAST, SAST, SCA, CSPM, ASPM, API Security | On prem, hybrid, multi-cloud, cloud native | SaaS, PaaS, IaaS | AWS, Azure
Created the program to monitor and manage the integration with the back end service provider for loan management. Identified security risks within the provider application and cloud environment and communicating to both OppFi leadership and provider technical teams. Created a wide ranging assessment to be used by all technical areas within OppFi to gauge the security posture of the provider services as well as the completely revamped in house loan origination application. Compiled an inventory of the third party services integrated with both OppFi and provider software and assessed the security controls based on integration method. Coordinated with the data team to ensure secure processes are in place to migrate millions of records from the previous loan management system to the new provider. Collaborated with the Application Security team to implement security coverage from end to end of both OppFi and provider applications. Contract through Fortitude Systems
Along with my previous Application Security responsibilities, added Cloud Security to the mix. My team and I stood up the security program around our cloud presence. This included both the Azure infrastructure and the IaC process. We purchased and implemented the Crowdstrike Cloud Security module across all tenants. We also championed a tenant reduction, from 11 to 3, to reduce the complexity deploying security measures across all cloud assets.
Leading the Application Security team to create the Application Security program and integrate it into the SDLC and DevOps framework.
Created the roadmap for the Application Security program. Met with development teams as well as DevOps to begin integrating Application Security into the SDLC.
Served as a manager for two security-focused development teams. Ensured tasks and features were prioritized and completed in a timely manner. Assisted with employee concerns and morale.
Adapted the framework of a previous AppSec program to be more aligned with industry maturity models. Expanded the use of the SAST tool to more applications and automated the scanning process with the CI solution. SME for all security-related issues with regard to the SDLC. Lead a review board for all Open Source and cloud-based solutions to ensure all were evaluated before adoption. Hired, trained, and managed all AppSec team employees.