Summary
Experienced Penetration Tester and Security Consultant with a strong foundation in network, web application, and cloud security. Deep understanding of regulatory compliance frameworks such as NIST SP 800-53, 800-171, FedRAMP, and CMMC. Skilled in identifying and exploiting security vulnerabilities to uncover gaps, support remediation efforts, and ensure alignment with industry standards.
Experience
Principal Security Consultant
2022 — PRESENTVaultes
- Plan and execute full-scope penetration tests (external, internal, cloud) and full-phase red/purple team engagements aligned with FedRAMP, OWASP, and MITRE ATT&CK, including phishing campaigns and iOS/Android mobile assessments on government and commercial clients.
- Lead security risk and compliance assessments, audits, readiness assessments, and gap analyses across CMMC, FedRAMP, FISMA, and NIST SP 800-53/800-171.
Senior Cloud Security Engineer
2021 — 2022Freddie Mac
- Served as SME for Prisma Cloud and AWS security (backup SME for GCP), applying MITRE ATT&CK, STRIDE, and OWASP Top 10 frameworks to threat model critical platform services and improve detection coverage.
- Evaluated AWS logging capabilities to drive CSOC integration and identified cloud-based TTPs to enhance audit and detection capabilities.
Senior Red Team Penetration Tester
2018 — 2021Freddie Mac
- Performed internal and external penetration testing of network infrastructure and web applications using OWASP and MITRE ATT&CK frameworks and led cross-functional purple team assessments to enhance threat detection and response.
- Communicated technical findings, risk impact, and remediation strategies to stakeholders from engineers to executive leadership.
Education and Certifications
M.S., Information Security & Assurance — Western Governors University
B.S., Professional Studies in Information Technology & Networking Security — University of Mary Washington
CISSP
OSCP
GPEN
GWAPT
GCPN
GCIH
eCPPT
CISA
OSWP
LCCA
CCP
GSEC
CEH
CHFI
Security+
AWS Certified Security
AWS SSA
Trainings
- TCM Security Practical AI Pentest Associate (PAPA), in progress
- Zero Point Security Red Team Operations (CRTO), in progress
- Pentester Academy – Certified Red Team Professional
- Black Hills Information Security – Breaching the Cloud
- SANS SEC564 Red Team Emulation
- Black Hills Information Security – Modern Web App Pentesting
- FortyNorth Security – Intrusion Operations