10+ years bridging the gap between security and software delivery — designing systems that are resilient by design, not as an afterthought.
I'm a Senior Application Security Architect with over a decade of experience in Product Security, Application Security, and DevSecOps. My career started in software development — and that foundation shapes everything I do. I think in code, model threats from first principles, and design security controls that developers actually adopt.
On the product security side, I operate at the intersection of engineering and the customer. That means translating complex compliance requirements into clear, prioritized roadmaps; working directly with enterprise customers on their security due diligence; and representing security credibly in conversations that span executive risk briefings and deep technical reviews.
I hold an M.Sc. and the CSSLP certification. I stay current because this field demands it — and because I genuinely enjoy going deep on hard problems.
Supporting enterprise customers through security reviews, RFPs, and compliance questionnaires. Translating technical posture into executive-ready language — without losing accuracy.
Threat modeling, secure code review, SAST/DAST integration, and vulnerability management across the SDLC. I find the real risks, not just what the scanner flags.
Embedding security gates into CI/CD without slowing teams down. Designing guardrails that developers respect because they make sense — and are fast enough not to matter.
Navigating frameworks like ISO 27001, SOC 2, GDPR, and NIST. Turning compliance obligations into structured, achievable security programs rather than checkbox exercises.
Working at the architecture level — security patterns, zero-trust principles, API security, and identity-first design for cloud-native and hybrid environments.
Making security land with non-security audiences. Whether it's a board, a product team, or a customer, I help organizations understand risk in terms that drive action.
Designed and implemented end-to-end Secure SDLC programmes for software organizations — from threat modeling standards and security requirements to developer training and automated pipeline controls. Reduced mean time to remediate critical vulnerabilities by building security into delivery, not on top of it.
Led product security engagements with enterprise customers — handling security due diligence, large-scale compliance questionnaires, and penetration test findings. Served as the technical point of contact translating internal security posture into credible, customer-facing answers.
Designed and rolled out DevSecOps toolchains integrating SAST, DAST, SCA, and secrets detection into CI/CD pipelines at scale. Balanced security coverage with developer experience — tuning signal-to-noise ratios to reduce friction without increasing risk.
Driven compliance initiatives across ISO 27001, SOC 2 Type II, GDPR, and industry-specific frameworks. Worked across engineering, legal, and leadership to turn regulatory requirements into practical security controls — with audit trails that hold up.
Whether you're evaluating a security architecture, need a second opinion on your product security posture, or want to explore how we can work together — I'm happy to have that conversation.
Reach out directly or use the form.