One of a small number of practitioners who has built, secured, and governed agentic AI systems in production — at Fortune 100 scale, in regulated industries, with real consequences.
I created and deployed CRISP — a proprietary threat modeling framework operating as an MCP (Model Context Protocol) server — across ~20 Fortune 100 engagements. CRISP scans customer architectures, generates data attribute tables, and produces comprehensive security plans aligned to OWASP, Microsoft standards, and industry frameworks. Identified by ISE leadership as a top-priority accelerator.
I served as Security Lead for HVE-Core — ISE's agentic engineering platform with 34 autonomous agents executing Research-Plan-Implement workflows via GitHub Copilot. I defined security boundaries for agent tool-use and established governance patterns for autonomous code generation.
Forward deployed, embedded directly in customer engineering sprints using a discuss/build/upskill model — not auditing, but building alongside partner teams and transferring durable security capability.
At Halliburton/Project Helios, I designed an AI-assisted continuous security validation workflow combining CRISP MCP and HVE-Core — reducing the security planning cycle from weeks to approximately one hour per iteration while maintaining human-in-the-loop oversight for regulatory interpretation and risk prioritization.
20+ years across Microsoft ISE, GDIT, Oracle National Security Group, and Booz Allen Hamilton. Previously held TS/SCI CI-Poly Full Scope Lifestyle clearance. M.Eng. Systems Engineering (GWU), M.S. Cybersecurity (Georgia Tech), B.S. ECE (Michigan State). INFOSEC Hall of Fame, 2021.
Proprietary security architecture framework operating as a Model Context Protocol server. Scans customer architectures, generates data attribute tables, and produces comprehensive, continuously updated security plans. Built and deployed across ~20 Fortune 100 engagements.
Security Lead for ISE's Hypervelocity Engineering platform — 34 autonomous agents executing RPI workflows via GitHub Copilot. Defined agent tool-use boundaries, governed autonomous code generation, and led deployment workshops at KPMG and LSEG.
Designed an AI-assisted continuous security validation workflow for a multi-tenant AI platform processing proprietary oil & gas data across Azure. Combined CRISP MCP and HVE-Core to regenerate and validate security plans as architecture evolved weekly.
Hardened CRISP MCP and ISE accelerator platforms with CodeQL SAST, workflow token permissions, GitHub Actions SHA pinning, Trivy container scanning, CycloneDX SBOM generation and signing, and base image digest pinning. Aligned to OpenSSF Scorecard.
Built a hardened Bicep library spanning 11 Azure services — AKS, SQL, Cosmos, Key Vault, Redis, AI Foundry, Storage, VNet, NSG, PIM, Guardrails — with Zero Trust defaults enforced at the IaC layer: private networking, managed identity, least-privilege role assignments.
Co-led HVE security workshops with senior leadership at KPMG (New Jersey) and LSEG (London). Grounded discussions in real use cases for integrating security into AI delivery workflows. Presented at the LSEG HVE Hackathon Science Fair.
Security architecture and governance delivered across energy, financial services, automotive, capital markets, and public sector.
MCP architectures, autonomous workflow governance, tool-use boundaries, human-in-the-loop validation for production AI systems.
LLM pipelines, RAG architectures, inference infrastructure, prompt injection, data exfiltration, model integrity in regulated environments.
Azure, AWS, OCI. Zero Trust design, identity governance, Entra ID, PIM, conditional access across hybrid and multi-cloud environments.
CI/CD hardening, SBOM, SLSA, Sigstore, SHA pinning, SAST/DAST, container scanning, OpenSSF Scorecard alignment.
RMF, NIST 800-53, FedRAMP, regulatory gap analysis with full traceability from regulation to engineering control to artifact.
CISO-to-engineering alignment, customer-facing architecture leadership, reusable security frameworks that outlast the engagement.
Open to Principal, Director, and Head of AI Security roles. Available for advisory engagements, workshops, and architecture reviews.