Skip to content
Security Initiatives
SECURITY PORTFOLIO
Security Talent Acquisition Specialist. Security-Cleared (expired). System-Minded. Trust-First.
I’ve led hiring for security roles across diagnostics, mobility, and enterprise software, supporting teams that required not just technical mastery—but trust, discretion, and the ability to navigate risk at scale. From HITRUST-readiness to zero-trust architecture, my work has helped secure regulated platforms and bring stability to complex infrastructure builds. I previously held Top Secret clearance while serving in the U.S. Navy, where attention to detail and mission reliability were foundational—those values continue to inform how I recruit today.
Experience by Company
🧬 Director of Security Engineering / Security Lead – GRAIL (FDA-aligned)
Role Supported: Director of Security Engineering
Certifications Involved: HITRUST CSF, NIST SP 800-53, 21 CFR Part 11, HIPAA, ISO 27001
GRAIL needed a high-trust security leader to scale its data protection and compliance posture in preparation for FDA alignment via HITRUST. This role required a unique blend of GRC maturity, cloud-native technical chops, and cross-functional trust-building with stakeholders in Legal, Bioinformatics, and Clinical Ops.
Challenge:
The hiring team initially lacked clarity on the exact intersection of responsibilities between Legal, Clinical, and Engineering—each department had different priorities for the role. I was being asked to source unicorns before we had defined the habitat.
How I Solved It:
I facilitated a cross-functional intake session to unpack each team’s needs and define shared success criteria. We moved from “must have every certification” to “must be able to drive implementation across multiple frameworks with composure and credibility.” I introduced a prioritization matrix that helped narrow the search to pragmatic security leaders with implementation success in both healthtech and life sciences.
Challenge:
Most of the candidates I surfaced hadn’t directly implemented HITRUST—but had overlapping experience with HIPAA, ISO, or SOC 2.
How I Solved It:
I created a HITRUST-readiness quick-screen that mapped transferable experience (e.g., internal audit prep, vendor risk programs, policy writing) to HITRUST CSF control families. This opened the door to qualified talent without artificially shrinking the pool.
Failure:
My first finalist was a strong technologist who checked every box—except stakeholder communication. Despite early praise from Engineering, they fumbled the Legal panel due to unclear risk articulation. I should have better prepped them on how GRAIL’s decision-making flow worked across departments. I course-corrected by inserting a “business storytelling” prep session for future candidates.
Search Strategy:
("HITRUST" OR "HIPAA" OR "NIST 800-53" OR "21 CFR Part 11" OR "security compliance") AND ("healthtech" OR "biotech" OR "diagnostics") AND ("Director Security" OR "Head of Security" OR "GRC Lead" OR "Security Engineering")
Pipeline Lifecycle:
Inbound was dry, so I built a highly targeted outbound pipeline from GitHub contributors, Slack groups (like OWASP and HealthTechSec), privacy podcast guests, and conference speaker lists (HIMSS, Bio-IT World). My eventual hire came from a security panel discussion I found on YouTube. I messaged them referencing their comment on “framework harmony” between HITRUST and HIPAA and got a reply within hours.
Result:
The candidate was hired three weeks later and successfully led GRAIL’s HITRUST readiness audit. They also built out documentation templates that were adopted by both Clinical Ops and Engineering—a signal of early trust and influence across the org.
📱 Director-Level Security & Threat Defense Hiring – MobileIron
Roles Supported: Security Engineers, MDM Platform Architects, Director of Threat Intelligence
Security Domains: Mobile Device Management (MDM), Enterprise Mobility Management (EMM), Threat Defense, App Containerization
MobileIron was securing enterprise mobility at scale during a time when iOS and Android were rapidly evolving. I was brought in to drive recruiting for their core security product suite—MobileIron Core, Threat Defense, and AppConnect—each requiring deep technical alignment with platform-level security on mobile devices. These weren’t traditional security hires—they sat inside engineering, shipped product, and wrote code alongside PMs and architects.
Challenge:
Security roles were deeply technical and very product-adjacent. But early intake convos often focused on “domain passion” rather than platform execution. This caused a misfire on a few early pipeline leads—candidates who loved security in theory, but weren’t embedded enough in platform architecture to succeed.
How I Solved It:
I conducted reverse-engineered debriefs from two strong internal engineers who had recently joined MobileIron and broke down the delta between generalist security talent and MobileIron-grade hires. Then I rewrote my outbound messaging to speak directly to people contributing to Android Enterprise, iOS SDK security layers, and zero-trust architecture discussions on GitHub and public forums.
Challenge:
Hiring managers wanted “mobile-first” security engineers—but most security talent came from either cloud or network backgrounds. Few had experience building directly for iOS/Android environments.
How I Solved It:
I built a cross-referenced sourcing string that prioritized mobile SDK contributors, zero-day researchers, and GitHub users active in OWASP Mobile or Google Project Zero. I also filtered by engineers contributing to AppConfig Community projects or who had built custom MDM integrations for enterprise deployments.
Failure:
I pushed forward a promising candidate with excellent security credentials and experience in corporate endpoint protection—but too little exposure to mobile OS architecture. The team spent two rounds trying to coach them through MobileIron’s dev-heavy interview loops before alignment broke down. I learned to stop projecting fit based on network security depth and to anchor my scorecards in mobile-specific constraints from day one.
Search Strategy:
("MDM" OR "EMM" OR "mobile device management") AND ("iOS security" OR "Android security" OR "enterprise mobility" OR "AppConfig") AND ("Threat Defense" OR "AppConnect" OR "secure container" OR "zero trust") AND ("security engineer" OR "architect" OR "threat analyst" OR "product security")
Pipeline Lifecycle:
I split the funnel into 3 tracks: platform engineers with security exposure, full-stack engineers who’d built SDKs with secure communication layers, and pure-play security engineers who had built policy enforcement tooling. The winning hire came from a security blog post they wrote on iOS secure enclave handling—I referenced it in my outreach and struck up a thread about device-level attestation. They weren’t actively looking but joined the team four weeks later.
Result:
The team credited that hire with hardening MobileIron’s device attestation logic and later leading a refactor of secure tunnel authentication for the mobile threat defense module. They were eventually promoted into a Director role over Threat Defense.
Want to print your doc?
This is not the way.
This is not the way.
Try clicking the ··· in the right corner or using a keyboard shortcut (
CtrlP
) instead.