Director of
Security Engineering.
Over two decades of experience building security programs that bridge the gap between executive strategy and engineering execution — from government agencies to high-growth SaaS.
What I Do
Engineering Leadership
Turning security strategy into engineering reality. Staff and budget ownership, building teams, and embedding security into the development lifecycle across distributed organizations.
Information Security
Designing and implementing security programs grounded in ISO 27001, SOC 2, and risk management — from policy to production controls.
Advisory & Consulting
Senior advisory across industries — interim CISO engagements, security architecture reviews, and hands-on guidance for organizations building their security posture.
Technical Insights
View All Articles
The SDLC has an agent now. Your AppSec program wasn't designed for that.
Agentic development doesn’t just change how fast software is written — it changes who makes security decisions, and at what scale. Here’s what that actually means for AppSec.
Metrics That Matter: Driving AppSec Success with Data-Driven Insights (OWASP Global AppSec)
How to collect, visualize, and communicate actionable AppSec metrics that bridge the gap between security engineering and leadership priorities.
January 20255 recommendations when starting an appsec program
If you want to build an appsec program, here are five valuable recommendations to take into consideration.
Let's talk security.
Available for consulting engagements, advisory roles, and speaking opportunities. Let's find the right fit.