Security Architect

• Jan 2022 - Present

Working with solution architects and other stakeholders to identify security controls for solutions in several industries, including health, telecom and energy. Working with solution architects and other stakeholders to identify security controls for solutions in several industries, including health, telecom and energy.

Member Of The Board Of Advisors

• Jul 2020 - Present

Independent Security Architect

• Aug 2021 - Jan 2022

Enterprise Security Architect

• Jun 2020 - Jul 2021

Specialist Master

• Apr 2020 - Jun 2020

Security Consultant

• Jul 2019 - Mar 2020

Reviewed the security stance of third-party products and technologies being selected for use in a bank’s internal and customer-facing software solutions. Produced documentation describing threats, appropriate controls, and how to securely use the technologies. Engaged directly with delivery teams at a telecom operator, providing security advice on their solution designs, including solutions built in local datacentres, using AWS and Azure. Contributed to development of security reference architectures, security standards and policies.

Security Advisory Lead

• 2017 - 2019

Led a team of security advisors, with the goal of growing security capability within product teams and increasing security awareness within the entire organisation. This included performing most of the activities of a product security specialist, with the addition of creating and producing training materials.Provided in-person general security guidance to new employees, including basic security training for new developers; as well as training on threat modelling, OWASP top 10 and other security topics.Created or contributed to several online security training, including threat modelling, policies and standards relevant to security, privacy, and general security guidance.Helped product teams understand, implement and apply policies and standards created or updated as a result of ISO 27001 certification, and of updates to the company privacy practices as a result of GDPR.

Product Security Specialist

• 2016 - 2017

Responsible for evaluating application security of Xero apps and services, from early design stage unto deployment, including security testing, in an agile environment. Helped developers to understand specific security activities they need to perform, such as identifying sensitivity of data, whether approval is needed to collect or use some data, and completing a data privacy impact assessment.Facilitated threat modelling sessions and discussed concepts of secure development patterns and secure user experiences with product owners, designers, developers and QAs.Helped triage and prioritise identified threats. Participated in some ATO working groups that were involved in building the ATO Digital Services Provider framework, and communicated the relevant findings to other stakeholders within the business.Reviewed third party applications and services, as needed, to determine whether they can be safely used within the company environment; and helped create guidance to integrate and use those services securely.

Senior SDET

• 2007 - 2015

Devised and implemented test strategies for different Windows OS components, including the Windows Biometric service, roaming of user settings across devices, and the Windows search experience. Engaged frequently with developers and program managers to elicit test requirements on the design and architecture, and to clarify requirements and designs. Built diagrams and provided supporting data to clarify system or user behavior. Communicated with external partners and customers as appropriate via phone, email, face-to-face and other methods as appropriate. Designed, coded and ran test tools and scripts in C or whatever language was appropriate. Reviewed developer’s code, product requirements and customer feedback, providing recommendations and filing bugs.Selected Accomplishments:- Devised and coordinated implementation of a test strategy for roaming user settings, which necessitated cooperation across over nine separate teams in different organizations.- Partnered with PM and dev teams to author and drive execution of the set of self-hosting scenarios for the Windows Bing-powered search scenarios in Windows Blue. Tailored the scenarios to what new features were available and any areas of concern, by working frequently and closely with developers, program managers and management.- Wrote a test suite for external biometric device partners to validate their drivers. - Created a debugger extension to help debug the biometric framework. - Temporarily took on role of program manager to develop the Crypto Configuration feature specification. I worked with internal teams, partners and external customers to devise feature requirements.

Software Security Engineer

• 2007 - 2015

Responsible for coordinating security efforts across an organization comprising of roughly 300 developers, testers and other disciplines. Engaged with developers, program managers and others to help evaluate the security and privacy of new features. Routinely communicated with the entire organization, directors and internal partners, outlining the security work that needed to be done. Liaised with other security and privacy experts and groups to refine and update the strategy, define appropriate processes, and delegate work requiring specific expertise. Kept up-to-date on relevant security and privacy trends and used information to refine strategy or implementation. Occasionally performed some aspects of penetration testing to validate security assumptions and implemented designs. Mentored other security and privacy experts in the organization as appropriate. Attended security conferences as appropriate.Selected Accomplishments:- Devised, proposed and implemented strategy for coordinating security efforts across the PC, Tablet and Phone organization.- Persuaded developers, program managers and security experts from over nine different teams that there were potential gaps in a large new feature with components in several teams and services. I then partnered with those teams to build a threat model to understand and address those gaps, applying new methods to make the threat model clear, focused and relatively simple to follow.

Test Lead and Manager

• 2003 - 2007

Managed three teams comprising a total of around twenty testers, covering core cryptography, smart cards, Certificate Server, and other technologies. Performed all hiring activities, including travelling to colleges and other locations to interview and hire candidates. Coached and mentored engineers in all disciplines in the organization. Worked closely with upper management and managers of other disciplines to coordinate test efforts and strategy. Establishing working relationships with other teams to complete projects spanning multiple organizations.Selected Accomplishments:- Interviewed and helped select a full team in Ireland to perform smart card verification.

Software Development Engineer in Test

• 1996 - 2003

Researched and designed test harnesses in C/C++ for cryptographic components which shipped as part of multiple versions of IE and Windows. Contributed to the design of the cryptographic components by working with developers and program managers on design reviews, spec reviews, and by incorporating a deep understanding of the customers. Designed, implemented and executed test tools to verify the functionality of various features. Reviewed developer code, design requirements and user feedback, and provided recommendations for fixes or alterations. Selected Accomplishments:- Contributed to several KB articles and white papers on PKI in Windows, including the “Troubleshooting Certificate Status and Revocation” white paper (http://www.microsoft.com/technet/security/topics/cryptographyetc/tshtcrl.mspx).- Wrote a test harness and a tool that generates any set of certificate-related objects needed for testing purposes. The tool is used by several test teams throughout Microsoft, and the test harness has remained highly functional and useful throughout four major operating system releases.

Consultant & Technical Support Engineer

• 1994 - 1996

Provided technical phone support for the Win32 SDK and for Windows 95. Coached and mentored new employees. Travelled to customer sites to help devise and implement a messaging (Microsoft Mail) solution in their enterprise. Selected Accomplishments: - Selected to be a part of a team that was trained on Windows 95 support and then open a support office across the country in Oregon, USA area. - Held MCSE certification at that time. Provided technical phone support for the Win32 SDK and for Windows 95. Coached and mentored new employees. Travelled to customer sites to help devise and implement a messaging (Microsoft Mail) solution in their enterprise. Selected Accomplishments: - Selected to be a part of a team that was trained on Windows 95 support and then open a support office across the country in Oregon, USA area. - Held MCSE certification at that time.