I lead the charge in building, scaling, and optimizing Application Security programs that protect enterprise applications from code to cloud.
With experience spanning SAST, DAST, SCA, CWPP, WAF, and AI-driven security initiatives, I partner with developers, architects, and leadership to integrate security seamlessly into modern application development lifecycles.
- Secure the SDLC β Embedding security from ideation to deployment
- AppSec Strategy β Aligning security controls with business objectives
- Tooling Leadership β Managing and scaling platforms like Checkmarx, Snyk, Veracode, NexusIQ, Prisma Cloud
- Developer Empowerment β Driving security adoption via IDE plugins, CI/CD integration, and gamification
- Risk Reduction β Leveraging AI, automation, and analytics to identify and mitigate vulnerabilities faster
| Domain | Skills & Tools |
|---|---|
| Application Security | SAST, DAST, SCA, RASP, IAST |
| DevSecOps | GitHub Actions, Azure DevOps, Kubernetes Security |
| Cloud Security | AWS, Azure, Container Security |
| Programming & Scripting | Python, Bash, PowerShell |
| AI in Security | ML-based risk scoring, LLM security research |
- Exploring AI-enhanced vulnerability detection
- Building frictionless developer security experiences
- Improving cross-team collaboration for secure delivery
- Championing βshift-leftβ security culture
- Led enterprise rollout of SAST & SCA tooling across 1,000+ repositories
- Reduced high-severity vulnerabilities in production by 45% within 12 months
- Presented at internal security summits and led executive AppSec briefings
- Collaborated with vendors to influence next-gen AI-powered security features
Security should be an enabler, not a blocker. My mission is to make secure development the easiest path forward.
Fun Fact: Iβve broken more applications in testing than most hackers have in production β and Iβm proud of it. π