Hello I'm
An experienced infrastructure security engineer. I build resilient, secure systems using modern cloud technologies and automation to create infrastructure that scales reliably, performs exceptionally, and protects what matters most.
I'm a Principal Security Engineer with 15 years of experience building secure, resilient infrastructure that enables teams to move fast without compromising safety. Throughout my career at companies like Workday, Pacific Gas & Electric, and GE Digital, I've specialized in the intersection of security, reliability, and automation, designing systems that protect what matters most while staying invisible to the users who depend on them.
I've led initiatives that delivered $24M in cost savings, achieved 99.9% uptime for critical SaaS applications, and maintained 100% FedRAMP compliance in government environments. But beyond the metrics, what drives me is the challenge of making security effortless: building secure defaults, automating away risk, and creating infrastructure that teams trust implicitly.
When I'm not architecting cloud security solutions or mentoring engineering teams, I'm working on personal projects that keep my skills sharp and let me explore emerging technologies. I recently built a Kubernetes security lab to experiment with runtime threat detection and network policies, and I'm developing open-source tools for cloud infrastructure security scanning. I also maintain a technical blog where I write about infrastructure security, automation strategies, and lessons learned from real-world security implementations.
Principal Security Engineer
nth degree, Remote
2025 - Present
Implement enterprise observability solutions using Cribl, designing data pipelines that reduce MTTR. Automate deployment workflows and service provisioning for new customer activations. Engineer distributed data routing across AWS, GCP, and Azure ensuring high availability. Lead technical workshops providing SRE best practices for scalable infrastructure.
Senior Security Engineer
Workday, Remote
2017 - 2025
Design and implement CI/CD pipelines with embedded security controls achieving 99.9% uptime. Architect multi-cloud security solutions across AWS and GCP, delivering $24M in savings. Build automated incident response workflows reducing MTTR by 45%. Lead distributed engineering team implementing Terraform and Chef for configuration management at scale.
Senior Incident Responder
GE Digital, San Ramon, CA
2015 - 2017
Develop Python automation tools integrating security product APIs, reducing manual intervention by 60%. Create business intelligence dashboards analyzing security operations trends and productivity metrics. Implement case management application with SIEM data ingestion for enhanced security workflows. Lead detection engineering initiatives using SIEM platforms to identify and mitigate risks proactively.
Bachelor of Science in Information Technology
Western Governers University
2021
Explore the skills that allow me to architect security solutions that protect what matters most.
Architecting secure multi-cloud environments across AWS, GCP, and Azure with proven results: $24M in savings and 99.9% uptime.
Embedding security into development pipelines to enable fast, secure deployments. Achieved 100% FedRAMP compliance at scale.
Building automation tools and SOAR playbooks that reduce manual security operations by 60% and MTTR by 45%.
Skilled in using Terraform, Chef, and other IaC tools to create and manage secure infrastructure.
Designing SIEM detection logic mapped to MITRE ATT&CK framework. Experienced in threat hunting and incident response to identify and mitigate security threats.
Managing security incidents end-to-end with automated response workflows and standardized procedures that scale.
Building comprehensive monitoring, alerting, and log aggregation systems using Cribl, Splunk, and Crowdstrike for real-time security visibility at scale.
Achieving rigorous security compliance including 100% FedRAMP, SOC 2, and ISO 27001 without slowing business velocity.
Leading distributed engineering teams and partnering cross-functionally to scale security through influence, not authority.
Hands-on security engineering work spanning cluster hardening, threat modeling, and DevSecOps tooling. Each project is built to production standards with documented threat models, verified controls, and reproducible infrastructure.
Built a production-grade Kubernetes security lab implementing defense-in-depth across six layers: RBAC with least-privilege certificate-based users, Pod Security Standards enforcing non-root containers with dropped capabilities, zero-trust Network Policies blocking lateral movement between tiers, Falco runtime threat detection with custom rules, and Trivy vulnerability scanning integrated into a CI/CD pipeline. Includes a full threat model, RBAC matrix, and documented attack simulations.
Kubernetes (kind), Calico CNI, Falco, Trivy, Helm, GitHub Actions. Deployed on a 3-node cluster (1 control plane, 2 workers) running K8s v1.29.2 on Apple Silicon.
Verified lateral movement blocked between all 3 app tiers. Custom Falco rules detecting shell execution, credential access, and package manager use. CI pipeline blocking HIGH/CRITICAL CVEs before deployment. STRIDE threat model covering 20+ attack scenarios with documented residual risk.
Ready to transform your vision into captivating designs?
Dive into practical security insights, lessons learned from building resilient infrastructure, and strategies for embedding security into DevSecOps workflows.
How I built a production-grade Kubernetes security lab from scratch, implementing RBAC, Pod Security Standards, Network Policies, Falco runtime detection, and Trivy vulnerability scanning โ including every mistake I made along the way.
