Professional Summary
Cybersecurity Engineer with close to a decade of experience across application security, cloud security, identity and access management, vulnerability management, penetration testing, and enterprise security engineering. Leads internal AI security and penetration testing programs, validates exploitable weaknesses across cloud, SaaS, web application, and hybrid environments, and turns technical findings into practical remediation plans. Proven record improving external attack surface posture, reducing enterprise vulnerability risk, strengthening Zero Trust controls, and supporting secure adoption of AI-enabled workflows.
Selected Impact
AI
Internal AI Security Program. Evaluates LLM-enabled workflows, AI-assisted development patterns, sensitive data exposure paths, approved tool boundaries, DLP controls, prompt handling, and secure adoption requirements.
PT
Internal Penetration Testing Program. Leads repeatable assessment activity across cloud, identity, SaaS, application, and hybrid environments with evidence capture, exploitability analysis, remediation validation, and stakeholder-ready reporting.
72%
Vulnerability Management Modernization. Transformed enterprise vulnerability operations around exploitability and business impact, contributing to a 72% reduction in enterprise vulnerabilities.
↑
External Attack Surface Improvement. Achieved highest-ever BitSight and SecurityScorecard ratings through exposure analysis, remediation coordination, and continuous validation of externally visible assets.
350K
Large-Scale Identity Resilience. Owned and migrated Duo MFA for 350,000+ identities, improving availability, recovery, policy control, and response readiness.
Experience
Cybersecurity Engineer
TherapyNotes
December 2024 – Present · Remote
Lead internal penetration testing and security assessment across Azure, M365, AWS, SaaS, identity systems, and externally exposed assets.
Lead internal AI security efforts, evaluating LLM-enabled workflows, data exposure risks, prompt handling, vendor risk, DLP controls, and secure implementation boundaries.
Strengthen Zero Trust through Conditional Access hardening, PIM administration, and identity governance.
Tune Microsoft Defender XDR and Microsoft Sentinel analytics. Lead vulnerability validation and remediation using Rapid7 and Microsoft Defender.
Independent Security Consultant
DeepDream Security / Freelance
2025 – Present · Remote
Provide practical security consulting through external exposure reviews, web application security assessments, AI security reviews, and risk-based remediation planning.
Assess AI-created and AI-powered web applications for authentication, authorization, API exposure, secrets handling, and data protection gaps.
Senior Information Security Analyst
EssilorLuxottica (EyeMed)
April 2023 – December 2024 · Mason, OH
Achieved highest BitSight and SecurityScorecard ratings in company history.
Led overhaul of vulnerability management program, reducing enterprise vulnerabilities by 72% through exploitability-based prioritization, SLA enforcement, and validation workflows.
Partnered with penetration testers and engineering teams to reproduce vulnerabilities, validate findings, and assess exploitability.
Information Security Analyst
University of Cincinnati
October 2021 – April 2023 · Cincinnati, OH
Owned Duo MFA for 350,000+ students, faculty, and staff, managing configuration, policy, monitoring, and escalations.
Re-architected and migrated the MFA platform to Azure, designing high availability, backup, and recovery procedures.
Supported identity security, endpoint security, access control, and incident response.
Network & Security Engineer
Nexus Wifi
August 2019 – October 2021 · West Chester, OH (Promoted from Network Administrator)
Engineered and operated wired and wireless networks for 800+ router, switch, and access point environments.
Hardened client environments through internal security policies, practical security assessments, and improved network segmentation.
Teaching & Leadership
Adjunct IT Instructor
Cincinnati State Technical and Community College
Current · Online
Teaches networking and cybersecurity concepts, translating technical material into clear, practical instruction.
Advisory Board Member
NETA/CSA Program, Cincinnati State
Provides industry input on networking and cybersecurity curriculum alignment with current security engineering practice.