Work Experience
2022 - Present
Citadel LLC
Senior Security Engineer
- Drove continued adoption of Hashicorp Vault for static and dynamic secrets management across the firm's broad compute footprint.
- Designed and implemented Configuration and Policy as Code for Hashicorp Vault.
- Contributed to Github Enterprise Configuration as Code Terraform project.
- Designed and implemented short-lived privileged access management to Linux hosts
- Designed and implemented an on-prem to Google Cloud Identity bridge backed by Vault OIDC.
- Vendor Security Reviews & Line of business application/cloud security oversight.
- Contributed to an identity provider migration
2017 - 2022
Riot Games
2020 - 2022
Security Engineer β Information Security
- Tech lead the org-wide identity provider migration. Resulted in 700+ services migrated within a year.
- Wrote large-scale terraform projects (providers & modules) to support various IAM operations
- Contributed to refactoring AWS tooling used across the engineering org
- Implemented serverless event-based logging pipelines for all systems in the IAM stack
- Vendor/internal security reviews
- Continued discovery in BeyondCorp Access Proxies for employee use
2018 - 2020
Systems Administrator - Information Security
- Published internal RFC for identity federation criteria, lead the vendor evaluation and presented findings to security leadership
- Designed and implemented a RESTful API for LDAP user and group management in Go
- Integrated corporate AuthZ into player-facing AuthZ to grant access to R&D assets for internal Rioters and contractors
- Implemented a BeyondCorp Access Proxy proof of concept for intranet sites via Duo Network Gateway
- Wrote ETLs for various IAM functions/authorization automations
- Designed and implemented geo/org based authorization pipeline as a compensating GDPR control for all production facing servers to consume.
- Organized team's codebase and documentation structure
- Contributed in disaster recovery, incident response, and internal threat scenarios
2017 - 2018
Systems Administrator - Information Technology
- Defined standards, administrate and document the corporate Identity Provider - Onelogin
- Assisted internal teams in defining their AuthN/Z tech stack and authorization models against given business requirements
- Managed vendor relationships for SSO, user lifecycle management, and overall security auditing
- Core contributor to the Rioter/Vendor onboarding pipeline
2015 - 2017
Broadcom
Desktop Support Services Engineer - Information Technology
- Managed/Resolved high volumes of emergent operational tickets while maintaining stringent team SLA
- Supported company-wide AD Domain migration and Email migration from Exchange to Google Apps
- Wrote knowledge base articles for DSS L1-L3 teams (Pertaining to SAP, PGP, and Cisco/telecom)
- Wrote macOS software deployment packages and scripts for JAMF
- Managed enterprise apps
2014 - 2015
AIT Management
Systems Administrator & Trainer
- Rebuilt and maintained corporate LDAP Directory Services and Identity Provider
- Administrated enterprise apps and MDM Program
- Built employee onboarding and IT utility automations
- Wrote and maintained technical/operational documentation
- Maintained network infrastructure across 45+ office sites
- Taught new hire training and onboarding
Education
2016-2017, 2020
Irvine Valley College
My academic history reflects the seasons in life where I have wanted to learn more, even if occupationally it was less relevant. My end goal is to earn a BS in Computer Science.
Hobbies, interests, etc
Collecting typewriters and various mechanical relics.
Vinyl enthusiast (it's not better than digital. It's just different) Exploring natural user interfaces and playing around with grids & lines .