I am currently working as a Senior DevSecOps Engineer at TIAA, a Fortune 100 provider of retirement and investment plans, as well as advisory services such as retirement planning and estate planning
In my role at TIAA, I work on DevSecOps implementations, application security engineering, automated security testing, penetration testing, and code reviews.
Before joining TIAA, I worked as an Application Security Engineer at AppDirect, a leading end-to-end commerce platform that helps deliver digital services on any device and speeds up time to market. My responsibilities included application security engineering, automation, pentesting, and code reviews for AppDirect products.
Before AppDirect, I was an Application Security Analyst at Qualys, a leading provider of information security and compliance cloud solutions. My role involved ensuring that Qualys' products and services were secure, safe, and free from common client/server-side vulnerabilities.
In my free time, I enjoy reading and learning about application security programs. I have also played Capture the Flags (CTFs) on platforms such as hackthebox & lab.pentestit.ru. Additionally, I have contributed to open source security, the DevSecOps Newsletter & the Free Docker Security Course. I am also an active participant at Let’s Talk Software Security! & Null,OWASP chapter meets.
On my blog, you can read about my work and my learnings.
I have practical experience with tools such as Burp Suite, SonarQube, Checkmarx, Dependency-Check, Dependency-Track, WhiteHat Sentinel, Docker, Kubernetes, Maven, Gradle, Jenkins, AWS, Git, and Github Advanced Security.
I am interested in learning about various aspects of usable application and software security, developer education and advocacy, security culture, and automation, fuzzing and exploit development, and many other topics.
Please note that everything on this site reflects my personal views only and may contain errors. Feedback is always appreciated.