Alexa​ Kelley

Seeking a DevSecOps Position

As a security professional with nearly 15 years of experience I have gained a diverse set of skill including security operations, vulnerability management, people management, cloud architecture, data analysis, threat modeling, and cyber intelligence. In all of these I take a systems theory approach, looking for risks resulting from emergent phenomena. My professional philosophies include:
 

  • People deserve to be treated with dignity and respect.
  • Whenever possible design systems with people first in mind.
  • Security exists to empower and to protect.(ie. Guardrails not roadblocks)
  • Systems must be sustainable in design and implementation for long term success.
  • Keep a tool-agnostic approach where possible.
    •  

Skills

Security Operations & Incident Response

I started my career doing incident response and security operations and I've continued to hone those skills since. I've analyzed activity of nation state actors, coordinated response to multi-business compromises, developed detections against malicious users, and disrupted cybercriminals. I've built two bespoke incident response capabilities from the ground up and helped mature several others.

Vulnerability & Risk Management

I've had the fortune to learn and engage in vulnerability & risk management in a wide variety of environments, from 100,000+ employee corporations to start-ups in the single digits. Every company has their own areas that need more attention and areas that are sufficiently hardened. I've learned that it takes patience and diligence to identify those areas that need attention and address them appropriately.

Communication & Leadership

I approach communication and leadership as a significant deciding factor in the success or failure of any team, and especially so for security operations. I take many lessons from the concepts of servant leadership and focus on ways that I can empower my team. In communication I have written and presented a broad range of writing from technical white papers for engineers, boardroom presentations for executives, to announcements & alerts for the layperson.

Experience

VRChat

Security Team Lead • Jan 2023 — Jun 2024

Lanagues used: Golang, Nodejs, Python, C#, Rust

A highlight of my career. During my time with VRChat I built a security function from the ground up, supporting and securing the industry leading work in VR/XR & User-Generated Content.

  • Created and led a multidisciplinary security team of 7 members supporting 150+ employees.
  • Developed an incident response capability from scratch and incident response across all time zones.
  • Planned and implemented both short-term(<1 year) and long-term(1-5 years) security strategies, reporting status updates to executives and senior staff.
  • Advised & implemented strategies for securing user-generated content(UGC).
  • Educated employees on security best practices and consulted with 12+ other teams to harden technical designs and reduce security risks.
  • Mentored employees and advocated for technical & professional development.
  • Interviewed prospective employees for the security team.

Backend Security Engineer • Aug 2022 — Jan 2023

Lanagues used: Golang, Nodejs, Python, C#, Rust

  • Conducted threat modeling and assessed the company's security capabilities.
  • Performed vulnerability scans and hardened AWS cloud infrastructure for production environment with millions of assets.
  • Reviewed access management strategies across the company and over a dozen software platforms.
  • Coordinated with API engineers to identify security risks and created mitigation plans, including on cloud architecture & configuration.
  • Assisted in onboarding new engineers and partnered with the legal team on compliance needs.

Vimeo

Principal Infrastructure & Operations Security Engineer • Sep 2019 — Aug 2022

Lanagues used: PHP, Python, Terraform

  • Designed, implemented, and managed a company wide incident response program, including training/documentation/KPI's/executive briefs/etc.
  • Coordinated multiple simultaneous high priority projects across complex environments & requirements.
  • Scanned and remediated cloud architecture across both AWS & GCP.
  • Interviewed dozens of candidates for hiring initiatives and assisted in improving the hiring process.
  • Researched industry security best practices and tested implementations.
  • Mentored colleagues on navigating company environment and professional growth.

Jackson National Life

Security Engineer • Feb 2019 — Aug 2019

Lanagues used: Python, SQL

  • Scoped, designed, and implemented ansible & docker based SOAR platform directly improving incident analysis/response times.
  • Updated and maintained SIEM infrastructure. Including parsing new log sources and writing custom detection rules.
  • Participated in cross team & department initiatives for hardening company security.
  • Established team-wide version control policy and best coding practices for future projects.
  • Advocated project resilience and disaster recovery initiatives.

Dragon Scale Networking

Co-Owner • Sep 2017 — Feb 2019

Lanagues used: Python, HTML

  • Owned and operated business. Including client management, inventory management & acquisitions, technical repository creation, and project management
  • Designed, constructed, and supported secure infrastructure solutions for clients including servers, routers, and desktop machines.
  • Delivered industry standard cyber security services including malware remediation, data forensics & recovery, and system hardening

General Electric

Cyber Intelligence Analyst & Security Assurance Team Analyst • May 2010 — Jan 2015

Lanagues used: Python, Assembly, HTML

  • Utilized Splunk to analyze large data sets and support incident response activities.
  • Conducted R&D to improve techniques and develop new technologies.
  • Developed tools in Python and launched virtualized environments on local and AWS platforms.
  • Designed and deployed several company projects, communicated critical vulnerabilities to support teams, and presented findings to executives.
  • Coordinated on internal technical white papers and participated in Scrum framework for rapid team goal development.
  • Assisted in panel interviews for new security team members.

Spoken Languages

English

Japanese

Swedish

Education

Washtenaw Community College

Associate of Arts (AA), Liberal Arts and Sciences/Liberal Studies

Social Links

  • LinkedIn: https://www.linkedin.com/in/alexa-kelley/