Work History

Work History
Jul 1995 - Sep 1999

Principal Architect


Beaverton, OR Principal Architect Designed a Internet Service Provider from the ground up. Growing the operations from a single fractional T-1 and a handful of analog phone lines, brought the company to a competitive boutique ISP to support over 2000 users, dozens of servers and hundreds of digital channels of ISDN and digital circuits. Managed Telephone technical support users with two direct reports. Managed Linux servers and Cisco switches and routers.

Aug 1993 - Jan 1995

Network Engineer

United States Air Force

Computer Communications Systems Control Specialist (Network Engineer) Successfully completed Department of Defense, military data communications including Narrowband, Broadband analog and digital networking technology training. Held Department of Defense Top Secret security clearance. Trained in basic encryption and Mandatory Access Control methodologies. Helped maintain base-wide data communications..

Sep 1999 - Oct 2001

Senior Information Security Engineer-Professional Services Consultant

Interliant, Inc

Burlingame, CA Senior Information Security Engineer-Professional Services Consultant Provided Network Security and Unix Systems administration as work force augmentation. Customers included: Apple Computers, Lawrence Berkeley National Labs, Palo Alto Internet Exchange(PAIX), Life-Chart, Daimler, many others. Direct Customer Interface from Engineering /Architecture to Management of engagement. Successfully migrated VLSI environment from Solaris 5.1 to 6.2 Managed large cluster environment for Genome project. Successfully obtained Checkpoint Certified Security Engineer(CCSE) certification Successfully managed professional services engagements Maintained greater than 75% billable hours.

Oct 2001 - Sep 2003

Senior Information Security Engineer

Navisite, Inc

Formerly Conxion), San Jose, CA Senior Information Security Engineer Security group lead, managing and assigning tasks across multiple data centers for management security services for co-location hosting services. Developed and executed datacenter migration plan for all managed security services such as firewalls, IDS, VPNs and authentication servers with no impact to production environments. Responsible for maintenance of DNS, DHCP, Sendmail, Checkpoint Firewall-1, and Juniper Netscreen managed services.

Sep 2003 - Sep 2004

Senior Information Security Engineer

PaymentOne, Inc

San Jose, CA Senior Information Security Engineer Developed and Implemented corporate security policy based on industry standard best practices to meet regulatory requirements for financial institutions such as VISA's CISP now PCI-DSS. Facilitated Successful completion of SAS70 Type 1 and 2 external audits. Successfully re-architected key components of the Network Architecture including DNS increasing both reliability and security for hosted financial application. Successfully implemented new Sun Solaris/Oracle cluster environment.

Sep 2004 - Jan 2006

Senior Information Security Engineer

Ellie Mae Inc

Dublin, CA Senior Information Security Engineer Provided company-wide risk and exposure assessments to meet regulatory requirements for the finance, financial services, and mortgage industries including FDIC, PCI, and Privacy Regulations such as SB1386, HIPAA. Managed IT Security Devices. Lead engineer for company-wide risk and exposure assessment and audit. Performed quarterly infrastructure audits and penetration testing for mortgage software ASP Deployed and Maintain firewalls and multi-platform VPNs creating highly available secure network. Collaborated with IT, development, and MIS to implement company wide security measures and business continuity planning.

Feb 2006 - Sep 2006

Senior Information Security Engineer

Performant Financial Corp Ellie Mae Inc

Senior Information Security Engineer Worked directly with executive management to develop and implement information security policies and procedures for regulatory compliance. Introduced content management using squid and squidguard proxy servers followed by Blue-Coat systems to allow internal end users internet access while still being able to monitor and report on usage. Performed system and network audits against FISMA and FIPS200 regulatory requirements Managed Juniper Netscreen Firewalls and Intrusion Prevention and Detection(IDP) Devices

Sep 2006 - May 2009

Manager of Information Security and It

Valley Oak Systems, Inc.

Manager of Information Security and IT Deliver network and infrastructure support for Valley Oak Systems' complex Java J2EE, iVOS claims management product development environment and Software as a Service(SaaS) platform. Supporting enterprise user base with offices in multiple locations as well as 25% remote workforce. Successfully completed SAS/70 type 2 audits on time and budget, without exceptions or qualifications required.(SSAE16 SOC1 and AT101 SOC2 type 2 reports). Re-architected the network infrastructure and re-numbered the entire network with zero customer or internal impact in a single change window. Introduced change management policies and procedures for infrastructure changes reducing the number of unscheduled or unplanned outages by 75%. Reduced non-staff IT costs by 20% while maintaining key metrics through VMware virtualization, application rationalization, legacy system retirement, and SAN storage consolidation. Implemented a new operating system deployment scheme for all new Linux and windows servers using PXE boot and Kickstart/Slipstream which reduced time to deploy by 25%. Re-architected SaaS infrastructure to provide high-availability using Linux Cluster services and Global File System(GFS) along with Oracle Real Application Clustering(RAC) providing for 99. 99% up time. Managed 9 direct reports with differing focuses including Linux Systems Administrators, Windows Systems Administrators, Network Engineers, Database Administrators, and Information Security. Managed capital budget of $1.7M and completed all documented projects on time, and within budget. Created a capacity planning model for internal facing systems and virtualization as well as hosting architecture to predict spending needs. Successfully implemented centralized log management and intrusion prevention systems increasing auditability of network infrastructure. Managed Private Branch eXchange(PBX) supporting analog and digital systems(SIP/H.323) Deployed private Jabber/XMPP system for internal instant messaging

Oct 2009 - Aug 2010

Sr. Technical Support Engineer

Proofpoint, Inc

Sr. Technical Support Engineer Provide advanced level product support for the Proofpoint Email Protection Server to Self-Hosted as well as Proofpoint hosted customers. Achieve consistent high marks on customer satisfaction surveys. Sendmail, Proofpoint PPS subject matter expert. Advanced Linux Systems administration, LDAP, MySQL, PERL, SMTP SME in Networking and Information Security. Provide policy recommendations to customers for email security and encryption.

Aug 2010 - Oct 2012

Kaiser Permanente

Kaiser Permanente

Security Operations Center Lead Lead for team of 6 security analysts providing response and investigations into security events and incidents in large healthcare organization. Developed automation for data-loss-prevention(DLP) tools, reducing workload from 16 man hours for single operation to 2 man hours/day Responded to events from Security Incident Event Management(SIEM) system distilling 50 million events into a few hundred actionable items per week. Perform forensic investigation and analysis using Guidance Software EnCase Enterprise. Investigate cases of fraud and abuse. Provide tuning recommendations for SIEM and DLP systems

Oct 2012 - Jan 2014

Information Security Consultant Specialist

Kaiser Permanente

Pleasanton, CA Information Security Consultant Specialist Providing Risk Management and mitigation recommendations for projects in large healthcare organization covering Kaiser's multiple regions providing Project Lifecycle Security Engagements for information technology projects. Identify potential risk, consult on correcting or reducing risk, report if uncorrected Assist in the development of a risk register Perform Vulnerability assessments on projects Perform vendor security assessments Penetration Testing on projects or existing infrastructure Risk assessments on new projects, identify and reduce risk Consult with Security Operations Team on security events

Jan 2014 - Jan 2015

Security Engineer(Acting Chief Information Security Officer)

Blue Jeans Network, Inc

Mountain View, CA Security Engineer(Acting Security Officer) Developed Information Security Management System(ISMS) based on ISO27001/ISO27002 framework for cloud-based video conferencing solution. Developed and Implemented Information Security Policies and Procedures Implemented Change Management system with change verification Coordinated and validate periodic 3rd party vulnerability and penetration testing Implemented periodic review of access controls Work with sales team on pre-sales and post-sales customer security evaluations Facilitated SSAE 16 SOC 2 security audit. Perform control mapping from SIGv7, COBIT, COSO, ISO27000 Perform company-wide risk assessment Developed company-wide Risk Register


Apr 2013 - Oct 2014


Western Governors University

Information Security and Assurance

Oct 2012 - Mar 2013


Western Governors University

Information Technology with an emphasis on Security



penetration testing



Cisco Certified Network Associate - Security

Cisco Systems
Cisco Certified Network Associate Security (CCNA Security) validates associate-level knowledge and skills required to secure Cisco networks. With a CCNA Security certification, a network professional demonstrates the skills required to develop a security infrastructure, recognize threats and vulnerabilities to networks, and mitigate security threats. The CCNA Security curriculum emphasizes core security technologies, the installation, troubleshooting and monitoring of network devices to maintain integrity, confidentiality and availability of data and devices, and competency in the technologies that Cisco uses in its security structure.
Dec 2003 - Present

Certified Information Systems Security Professional (CISSP)

International Information Systems Security Certification Consortium (ISC)2
CISSP® certification is a globally recognized standard of achievement that confirms an individual's knowledge in the field of information security. CISSPs are information assurance professionals who define the architecture, design, management and/or controls that assure the security of business environments. This was the first certification in the field of information security to meet the stringent requirements of ISO/IEC Standard 17024.