Technically adept hands-on Information Security professional with 10 years Information Security experience working in large
cloud SaaS and corporate environments.
Broad Information Security skill set including security architecture, security engineering, security operations, network
security, systems security, web application security, and penetration testing.
Kali / BackTrack Linux, Metasploit, Burp Suite Pro, SourceFire IDS, Imperva WAF, OSSEC, Splunk, SumoLogic,
CentOS 3.x/4.x/5.x/ 6.x, RHEL 3.x/4.x/5.x/6.x, Sun Solaris 2.6/7/8, Windows Server 2000/2003/2008/2013, Windows XP/7/8,
VMware ESX/ESXi 4.x & 5.x
Programming & Protocols
Unix shell scripting, familiar with Perl and Python scripting, TCP/IP, UDP, SNMP, NFS, DNS, SSH, SSL/ TLS, S/FT
Methodologies & Frameworks
PCI-DSS, SSAE-16, ISO 27001, NIST-800, FedRAMP, CSA, HIPAA, OWASP, DISA STiG, CIS Benchmarks
United States Patent # 9,104,879 System and method for detecting security exposures of VOIP devices
Sr. Security Engineer01/2016
to Current Nutanix Inc – San Jose,
First hands-on security engineer hired to help build the Information Security program.
Develop vulnerability management program.
Deploy and manage vulnerability scanning.
Manage Next-Gen firewall policies (URL Filtering,
Built and maintained central logging infrastructure.
Conduct POC on new security solutions (UBA, Nextgen AV, IR, Email gateway,
Work with various departments (Engineering, Data, Web, Network, Help Desk, Systems, HR) serving as the security subject matter expert on projects.
Network and application pen tests.
Perform third party vendor assessments.
Manager of Information Security09/2015
to 01/2016 RingCentral Inc – Belmont,
Accountable for RingCentral's Security infrastructure, engineering, and operations forward strategy.
Introduce new technologies for proactive and recurring automated security testing.
Perform cloud vendor, partner, 3rd party integration, and acquisition risk assessments.
Recommend and drive RingCentral product security improvements.
Work with external auditors and provide evidence and other information for SSAE-16, PCI, HIPAA, and HITRUST.
Escalation contact for security incidents.
Perform day-to-day Security engineering and operations tasks.
Sr. Security Engineer09/2012
to 08/2015 RingCentral Inc – Belmont,
Deploy and manage security infrastructure including IDS, WAF, SIEM, HIDS, DNS Analytics, Two-Factor
Authentication, Vulnerability Scanning, Compliance Configuration Auditing, and Telephony Fraud Detection.
Perform security architecture and design reviews as a member of Architecture counsel.
Perform network and web application penetration testing.
Develop operating system hardening standards.
Conduct proof-of-concepts for new Security products.
Created vulnerability management process.
Provide incident response and lead security investigations in regards to network attacks, virus/malware infection,
phishing / spamming campaigns, and telephony fraud escalations.
Automation of routine and repetitive tasks.
Review and approve ACL requests.
Participate in 24/7 on call rotation.
to 09/2012 Cisco Systems Inc – Santa Clara,
Technical leader on Webex Security Engineering and Operations team.
Develop operating system and application hardening standards.
Develop and maintain OS and application hardening scripts.
Created vulnerability management process documentation, workflow, and risk assessment guidelines.
Manage Qualys vulnerability and compliance scans.
Manage RSA SecureID infrastructure.
Installed OSSEC log analyzer and alerting of security events.
Led security efforts for Webex Federal cluster rollout.
Participate in customer calls to address customer security concerns.
Create comprehensive documentation and provide training to team.
Lead Systems Build Engineer01/2006
to 04/2007 WebEx Communications Inc – Santa Clara,
Installed and configured Linux-based web and application servers for production environment.
Implemented PXE/ Kickstart build process.
Work with China operations team to coordinate application patches during maintenance windows
Troubleshooting of issues prior to production release.
Data Center Tools Engineer03/2005
to 01/2006 WebEx Communications Inc – Santa Clara,
Managed HP OpenView, SiteScope, WebEx Monitoring Console, and other proprietary monitoring tools for monitoring
of servers, databases, and applications, and WebEx services.
Wrote shell scripts for customized monitoring needs.
Developed and assisted with training of Data Center Operations staff.
to 01/2005 Microsoft MSN Hotmail – Mountain View,
Provided systems support and network monitoring for 2500+ servers
Used SiteScope and in-house monitoring tools for issue detection
Diagnosed server, database, and network alarms while working with IT staff.
to 08/2011 Infospace Inc – Mountain View,
Installed and configured Sun Solaris on servers and workstations
Day to day system administration of Sun Enterprise servers
Configured numerous Apache web servers load balanced with Big IP
Provided 24x7 on-call tier II escalation support
Wrote shell scripts for log monitoring and task automation.
to 09/1999 Applied Materials Inc – Santa Clara,
Provided application and systems support to Engineering, Dev and QA groups.
Performed system backups and restores.
Performed patching and updates on HP/UX and Sun Solaris servers.
Coordinated the move of production servers to new data center.