I'm a Product Governance Lead at a Big 4 Consulting Firm with 10+ years of experience leading engineering teams and designing cloud-native architectures. I specialize in accelerating enterprise compliance and SDLC checks while maintaining a deep passion for supply chain security and open source software (OSS) license compliance.
As a Product Governance Lead, I focus on:
- Leading engineering teams to deliver secure, compliant solutions
- Designing cloud-native architectures that scale with enterprise needs
- Accelerating enterprise compliance processes and automation
- Optimizing SDLC checks to balance security with development velocity
- Building governance frameworks for product development at scale
I'm deeply passionate about securing the software supply chain - from source code to production deployment. My focus areas include:
- Software Bill of Materials (SBOM) generation and management
- Vulnerability scanning and remediation in CI/CD pipelines
- Dependency analysis and risk assessment
- Container security and image scanning
- Code signing and artifact verification
- Zero-trust security models for development workflows
Open source software powers the modern world, and I'm committed to ensuring organizations use OSS responsibly and compliantly:
- License scanning and compatibility analysis
- Policy enforcement for OSS usage
- Legal risk assessment for license obligations
- Compliance automation in development workflows
- Open source governance and best practices
- SPDX and license documentation standards
Languages & Frameworks:
- Python - Automation, security tooling, and data analysis
- TypeScript - Full-stack development and API design
- Go - High-performance services and CLI tools
Cloud & Infrastructure:
- Kubernetes - Container orchestration and cloud-native deployments
- Docker - Containerization and microservices architecture
- Cloud Platforms - AWS, Azure, GCP for enterprise solutions
Security & Compliance Tools:
- SBOM Tools: Syft, SPDX-Tools, CycloneDX
- Security Scanners: Snyk, OWASP Dependency-Check, Grype, Trivy
- CI/CD: GitHub Actions, Jenkins, GitLab CI
- Governance Platforms: Custom compliance automation solutions
- Scaling governance frameworks for enterprise product development
- Automating compliance checks in CI/CD pipelines
- Building cloud-native security solutions with Kubernetes
- Developing best practices for OSS license compliance at scale
- Mentoring engineering teams on secure development practices
With 10+ years of experience in enterprise consulting and product governance, I'm always interested in discussing:
- Enterprise compliance strategies and automation
- Cloud-native architecture design and implementation
- Supply chain security challenges in large organizations
- OSS license compliance at enterprise scale
- Team leadership and engineering best practices
Feel free to reach out on LinkedIn - I'd love to connect and share ideas!