Founder of Based Security, a provider of zero trust technology leveraging immovable, attestable, and hardware backed identities

Developed and executed a comprehensive cross-functional security strategy for 24 engineers across Offensive Security, Security Engineering, and Bug Bounty teams

Collaborated with Legal and GRC teams to proactively identify and prioritize critical legal and compliance risks resulting in a new crown jewels list

Orchestrated the enterprise-wide deployment of passkeys and advanced access controls, effectively eliminating credential-based phishing attacks

Spearheaded the implementation of hardware-backed SSH keys, achieving 100% compliance for 2K employees within the first year to prevent unauthorized data exfiltration from GitHub

Provided executive-level briefings on critical vulnerabilities and strategic remediation plans, influencing key decisions including over $500M in M&A deals and a 60% increase in password manager adoption

Managed a cross-functional initiative to adjust EDR configurations and develop detections to prevent and mitigate ransomware attacks

Revitalized the external bug bounty program and renegotiated vendor contracts, resulting in a 40% reduction in expenditures and product level performance dashboards for business leaders

Implemented Red Team Capability Maturity Model and increased team capabilities by 20% in first year

Architected and spearheaded the expansion of the Yahoo Red Team into a comprehensive Offensive Security program, creating specialized Vulnerability Research and Adversary Insight teams

Directed the remediation of thousands of internal vulnerabilities, achieving 90% SLA compliance

Deployed Device Trust solutions, effectively preventing 100% of unauthorized access to the company VPN from non-managed devices

Collaborated with IT to enhance employee authentication workflows resulting in the detection of real work actors targeting employees

Delivered 23 presentations on common Tactics, Techniques, and Procedures (TTPs) and their detection methodologies, enhancing organizational security awareness

Conceived and implemented an offensive security training program for the security organization

Successfully rolled out advanced phishing detection capabilities for 230 million Yahoo Mail users

Conducted regular briefings with business leaders to articulate Red Team findings, driving critical security enhancements including refined processes for deprovisioning user access for terminated employees and the decommissioning of outdated hardware

Collaborated with Detection Engineering to develop 30+ new threat detections based on Red Team findings

Orchestrated the coordinated disclosure of over 20 vulnerabilities to third-party vendors

Provided strategic mentorship to team members resulting in a 100% promotion rate for eligible candidates within one year

Scoped and conducted 3 Red Team operations against Yahoo corporate and production products

Responsible for source code auditing, vulnerability discovery, and exploit development

Developed ASHIRT, an open source industry-recognized tool for documenting Red Team operations