Principle Product Security Architect with extensive experience in SDLs and PSIRT, information security operations, technologies, software development, and product management
CISSP, CISA, CISM, CRISC, CGEIT
4701 Forest Cove Dr.
McKinney, TX 75071
M: (801) 830-9987
IT and Product Security Architect with domain expertise in policy and regulatory compliance, risk analysis, vulnerability assessment, and network IPS/malware. Experienced in engineering application security, operational IT security, enterprise product management, product development, multicultural team building, and Fortune 100 client interfacing. Successfully defined, managed, built and launched dozens of enterprise security solutions from software and suites to hardware appliances.
- Bilingual in both business and technology
- Product and application security from SDL to PSIRT
- Security policy authoring, publishing, assessing, and enforcing
- Compliance audits and vulnerability assessments
- Security awareness and training programs
- Product management and process expert for teams in the USA, India, and Israel
- Project and team management, business plans, presentation skills, running steering committees, and organizing product advisory councils
- Software development, QA, launch and product lifecycle (SDLC)
- MS Electrical and Computer Engineering, Brigham Young University, 1989
- BS Electrical and Computer Engineering, Brigham Young University, Cum Laude, 1988
- CISSP, CISA, CISM, CRISC, CGEIT, ITIL v3, NSA IAM
- Security product certifications from McAfee, Symantec, AXENT, and ISS (IBM)
- Novell Master CNE
- Certified Network Telephony Integrator
- Amateur Radio (Ham) Technician Class Operator, Call sign: KD7VQU
Principal Product Security Architect McAfee LLC, Intel Security, & McAfee Inc. 2012 - Present
- Responsible for world-wide product security from cradle to grave.
- Train software developers secure coding best practices, static analysis tools, write policies, perform security reviews, and publish security bulletins for externally discovered vulnerabilities.
Calculus and Physics Tutor WyzAnt, Inc. 2009 - Present
- After my day job I tutor a dozen students in advanced math, physics, chemistry, SAT/ACT exam preparation, C++, and chess.
- See my WyzAnt profile at: www.wyzant.com/Tutors/CalculusTutor
Senior IT Security Engineer McAfee, Inc. 2010 - 2012
- Member of the Security Governance team under McAfee Global Security Services.
- Responsible for all IT and security policies. Design policy architecture and defined the corporate policy management process. Created and manage the McAfee policy intranet site containing 150+ corporate policies. Conducted multiple department training.
- Conduct compliance audits for PCI DSS, SOX 404 & 302, and ISO 27001 ISMS.
- Enabled the Security Governance team to be the first to obtain ISO 27001 certification.
- Launched a corporate-wide security awareness and training program.
Product Manager TES @ McAfee, Inc. 2009
- Successfully integrated the Endeavor Security acquisition (2009) into McAfee, including people, products and processes.
- Managed an advanced network malware detection solution, Network Threat Response (NTR), including working with Dell to deliver McAfee branded hardware appliances ahead of schedule.
- Helped generate $4M in revenue within the first year, more than paying for the acquisition.
Group Product Manager McAfee, Inc. 2006 - 2009
- Successfully led the acquisition and integration of both Citadel Software (2007) and Preventsys (2006) into McAfee to put McAfee on the IT GRC map.
- Led the creation of McAfee Policy Auditor 5 on ePO 4, touted as the poster child for tight ePO integration and exceeding FY 2008 sales goals.
- Nicknamed “Dr. Compliance” by my management team.
- Broke new ground by hiring and successfully managing a team of product managers in India which delivered top notch competitive analysis in the risk and compliance space.
- Became the resident expert in organizing both steering committee meetings as well as customer advisory councils.
Senior Product Manager Symantec Corporation 2001 - 2005
- Managed the product team for all security policy content for Enterprise Security Manager (ESM) introducing application, database, Web server, and firewall checks while supporting 50+ operating system platforms. Contributed to a sustained double-digit annual growth rate over seven (7) years. Addressed product security and breach notification protocols.
- Initiated development of best practice security policies covering ISO 17799, HIPAA, SOX, FISMA, NIST, Basel II and other regulations and standards, producing at least two new regulatory policies each quarter.
- Delivered a near flawless six (6) year track record of shipping on-time quarterly security content via LiveUpdate as well as bi-weekly patch content.
- Regularly interfaced with the security officers of dozens of Fortune 100 companies, learning “what keeps them up at night”, and addressing their feedback with product enhancements.
Technical Product Manager AXENT Technologies 1998 - 2001
- Managed network and host-based vulnerability scanners from cradle to grave, filling gaps in the product portfolio and generating $3M revenue annually.
- Frequent presenter at vender and security conferences, trade shows, and universities.
- Designed and implemented an externally-facing Web site to download NetRecon and issue license keys, logging over 10,000 downloads over a two (2) year period.
- Conducted in-depth competitive intelligence reconnaissance, raising both eyebrows and the bar.
VP of Engineering CallWare Technologies, Inc. 1994 - 1998
- Pioneered unified messaging by seamlessly integrating networked computers (NetWare and Windows) with PBX telephone systems while developing the industry’s first Windows-based client to display and manage voicemail messages similar to email.
- Rapidly promoted from Senior Software Engineer, to Development Team Leader, to Director of Development, then to VP of Engineering where I built and managed a team of 17 software development engineers.
- Extensive programming using C/C++ for telephony applications.
Network Software Engineer Novell, Inc. 1992 - 1994
- Developed Novell’s upgrade and migration products as well as core NetWare utilities for NetWare 4.x using C/C++. Designed and coded the user interface for Novell’s directory services management tools.
- Promoted from Software Engineer III to Development Manager. Managed a development team of six (6) software engineers for the NetWare operating system.
- Earned NetWare 4 CNA, CNE and ECNE (Master CNE) certifications.
Systems Engineer / Officer U.S. Air Force 1989 - 1992
- Commissioned Air Force officer (Captain), honorable discharge, SECRET security clearance.
- Supervised eight (8) engineers and directed all graphics programming for real-time flight simulations.
- Programmed in C, Ada, and FORTRAN on UNIX workstations. Developed TCP/IP and UDP network drivers as well as real-time graphical avionics consoles.
- System Administrator for UNIX workstations in a classified environment.
C++ and Mathematics Instructor Brigham Young University 1986 - 1989
- Tutored students in math from college algebra through 2nd year calculus at the BYU Math Lab, as well as a Teacher’s Assistant for several electrical engineering labs.
- Part-time college instructor for a C/C++ programming language course (CIS 233).
- Tutored students one-on-one to pay my way through college without parental financial aid.
Voluntary Representative South Africa & Zimbabwe 1983 - 1985
- Full-time voluntary service as a missionary in southern Africa, proselyting and supervising the activities of eight (8) other representatives.
- Developed extensive interpersonal relations, organizational, teaching, and time-management skills.
LEADERSHIP AND TRAINING
- Board of Directors, ISSA North Texas Chapter, Vice President, 2012
- Board of Directors, ISSA Utah Chapter, Education and Seminar Director, 2005 & 2006
- McAfee Emergency Response Team, certificate of proficiency, 2011
- McAfee VirusScan and ePolicy Orchestrator Training, McAfee, Inc., 2008
- Pragmatic Marketing Certified, Pragmatic Marketing, 2006 & 1999
- Professional Presenter Training, Blue Streak, 2003
- XP Immersion Training, Object Mentor, Inc., (agile programming methodology), 2001
- Real-World Project Management, Fred Pryor Seminars, 2000
- Advanced Uses of Symantec ESM – Part 1, Symantec, 2005
- Policy Compliance Checking: Making the Right Decisions,, Symantec, 2004
- Network vs. Host-Based Vulnerability Management, Symantec, 2004
- Securing Enterprise Wireless Networks, Symantec, 2003
- Corporate Security Policy and 80-20 Rule of Information Security, Symantec, 2003
- Progressive Scanning Technology – Understanding Assessment and Scanning Tools, AXENT, 1999
NetWare Migration Utilities Part I: The In-Place Upgrade NLM. A Novell NetWare Application Note, 1993
- Numerical Analysis Algorithms in C with 120+ mathematics algorithms coded in C
- QGC MVP, Group Recognition Award, Above and Beyond Execution, “MFETrust Access Bypass Resolution,” Intel Security, Q2 2016
- McAfee Certificate of Recognition, 10 Years of Dedicated Service, 2016
- Symantec A++ Award
- CallWare 5.1 Extra Miler Award
- Novell Employee of the Month
- U.S. Air Force Commendation Medal and Company Grade Officer of the Quarter
- BYU ROTC Distinguished Technical Graduate
- BSA Eagle Scout with silver palm and Wood Badge for the 21st Century
- Held a SECRET security clearance
- Travelled to 26 different countries on five (5) continents (all but Australia and Antarctica)
- Speak English, Afrikaans, some German, some Spanish, and eight (8) computer programming languages