Skills & Experience

Table of Contents

Skills

Programming and Scripting Languages: .NET/C#, C/C++, Rust, Python, PowerShell, JavaScript/TypeScript, Go, Lisp, Bash
Security: Identity lifecycle management, permissions & privilege audits, static analysis tooling, fuzzing/penetration testing
DevOps: Git, CI/CD pipeline design and maintenance (Azure DevOps, GitHub Actions), automation, monitoring
Testing & QA: unit/integration/E2E testing, test automation, code coverage analysis, tooling, and frameworks
Cloud & Infrastructure: Serverless, IaC, Monitoring & Logging, Networking/Gateways
Virtualization & Containers: Docker, Proxmox, LXC/LXD, Hyper-V, Kubernetes
Blockchain & Cryptography: zk-SNARKs, zk-STARKs, vector commitment schemes (KZG, etc.), BFT consensus algorithms, EVM/Solidity, Ethereum node orchestration with high-uptime consensus and execution layers
Embedded & Hardware: Microchip ATtiny/ATMega, Espressif ESP8266/ESP32, STM32, Nordic nRF, Raspberry Pi RP2XXX, RISC-V
CAD & Prototyping: PCB layout/design (KiCad), 3D modeling (Fusion 360)

Azure:

Security & Identity: Azure Active Directory (AAD), Managed Identities, Azure Key Vault, Role-Based Access Control (RBAC), Conditional Access Policies, Defender for Cloud
Compute & Services:: App Services, Functions/Durable Functions, Virtual Machines, Kubernetes Service (AKS), Websites
Data Storage: Blob Storage, Cosmos DB, SQL Database, Redis, Service Bus, Tables
Data Analytics: Apache Spark, Azure Databricks, Azure Data Factory
Networking & Integration: Application Gateway, Logic Apps, API Management
DevOps & Monitoring: Azure DevOps (Pipelines, Boards, Repos, Artifacts), Azure Monitor, Application Insights, Log Analytics (KQL), Resource Manager (ARM), Azure Automation

AWS:

Defender for Cloud DevOpsSep 2023 – Apr 2024

Improved security evaluation pipelines for Azure and customers by developing and maintaining Security DevOps CLI tooling and workflows.
Owned and advanced the open-source Template Analyzer IaC static analysis tool, delivering major features like full Bicep support and source mapping integration.
Improved security reliability for Azure and customers by redesigning DevOps pipelines and dependency packaging to eliminate single points of failure in key downstream workflows.

C+AI Security Green TeamApr 2016 – Sep 2023

Founding member of a new security team paradigm focused on addressing systemic security issues, leading to the development of innovative solutions to address systemic organizational risk.
Took ownership of the widely adopted AppAuthentication library (250M+ downloads), added key features to simplify developer identity management, and led its successful transition to Azure.Identity.
Mitigated systemic risk from overprivileged RBAC roles in Azure by proposing and leading a scalable solution—work led to major security improvements, a dedicated team, and a patented algorithm.
Reduced risk from unused and compromised credentials by implementing a workflow to process all AAD sign-in telemetry and correlate it with sources like Red Team data.
Reduced credential exposure in Azure source code by 99.5% in one year by spearheading a PoC to detect credentials and drive remediation through automated attribution, bug creation, and reporting.
Drove adoption of a key Azure security hygiene tool in airgapped and nation-state clouds; contributed features to accelerate issue detection and remediation.

C+AI Security AssuranceMar 2014 – Apr 2016

Authored threat models and conducted reviews for authn/authz services.
Built security regression test frameworks using TAEF.
Managed external pen test reviews and designed baseline scanning agents for Azure environments.

Azure Active DirectoryOct 2010 – Mar 2014

Ensured robust and secure authentication across systems, including Office 365, by testing developing identity protocols and standards (OAuth2, SAML, WS-*, etc.)
Enabled seamless, issue-free live migrations of security token services for Azure customers with extensive testing.
Accelerated and improved test automation reliability for stakeholders by leading development of a robust testing infrastructure that compartmentalized tenant provisioning and management complexity.
Developed several internal tools used by teams for ad-hoc testing and manipulating authentication protocol flows.

Forefront Protection ManagerOct 2009 – Apr 2010

Conducted comprehensive testing of client agent and software across diverse environments, including localization and globalization scenarios.

University of California, Los AngelesSept 2005 – Apr 2009

English (fluent), Japanese (intermediate spoken & reading), German (conversational)

Take a look at my projects.