A seasoned Information Security professional, I have been in the security industry since 2001 and have 5 years of prior web and client/server application development experience. I have worked with a wide variety of industry verticals including financial services, manufacturing, e-commerce, healthcare, energy/utilities, education and others.

I started and managed the application security/PCI compliance practices at two organizations previously and was a co-founder of a security services company, based in California. Currently, I manage security services (including the PCI compliance practice) and operations at my present company.

My experience includes developing security policies, procedures and processes, performing penetration tests and vulnerability assessments, developing secure coding guidelines and delivering security training in addition to performing PCI-DSS and PA-DSS assessments. I have developed and delivered training courses on finding web application vulnerabilities and building secure web applications. These courses are also delivered online, using software that I designed and built.

I am a Certified Information Systems Auditor (CISA), a PCI Qualified Security Assessor (PCI-QSA), Payment Application QSA (PA-QSA) and an IBM Certified Specialist (IBM Rational AppScan).