Case Studies
Building Product Security from Scratch (Licious)
Led end-to-end Product Security as the first dedicated hire, establishing application security, AWS cloud controls, DevSecOps automation, and governance frameworks across a high-growth production environment.
DevSecOps Pipeline Security: Semgrep + Trivy
Designed and operationalized DevSecOps controls by embedding SAST and container security into CI/CD pipelines, balancing high-signal detection with developer productivity at scale.
AWS Attack Path Analysis & Risk Prioritization
Conducted AWS attack-path analysis to identify chained misconfigurations, enabling risk-based prioritization of remediation aligned with business impact and cloud security posture.
ISO 27001 Readiness as Security Ownership
Owned ISO 27001:2022 readiness by translating security controls into engineering processes, evidence workflows, and cross-functional accountability across product and platform teams.
Bug Bounty Program Governance at Scale
Established governance for a large-scale bug bounty program, improving triage quality, scope discipline, researcher communication, and remediation outcomes.
CyberShield360 — Security Product Built from Scratch
Built and delivered an Attack Surface Management platform from the ground up, covering asset discovery, enrichment, risk scoring, and enterprise-ready reporting.