Pha-Ly Nguyen
Austin,TX
Summary
As a seasoned Manager of Application Security, I bring extensive leadership and technical expertise to support my organization in safeguarding customer trust and enhancing operational resilience through robust cybersecurity measures. I am adept at driving strategic initiatives that align with business objectives while maintaining rigorous security standards and cost-savings.
Overview
6
6
years of professional experience
1
1
Certification
Work History
Application Security Manager - FAL Group
Fortive
04.2023 - Current
- Lead an initiative within the team that represents a 73% decrease in application code base vulnerabilities.
- Lead and manage a team of Application Security professionals, fostering a collaborative and high-performing environment.
- Implemented cost-saving measures by optimizing vendor contracts and streamlining security tooling, resulting in a 20% reduction in annual application security expenditures.
- Implement and oversee secure code development practices across engineering teams.
- Manage code signing processes to ensure authenticity and integrity of software releases.
- Drive threat modeling exercises to identify potential security vulnerabilities early in the development lifecycle.
- Define incident response procedures and coordinate responses with cross-functional teams.
- Develop and enforce security policies, standards, and guidelines aligned with industry best practices.
- Develop and deliver security awareness programs and training sessions for engineering teams.
Application Security Engineer - FAL Group
Fortive
02.2022 - 04.2023
- Championed the creation and deployment of application programs tailored for each of the three operating companies, reinforcing security measures and operational consistency.
- Led SAST/DAST/SCA scanning initiatives for applications, methodically identifying and driving remediation efforts for detected vulnerabilities.
- Enhanced the Software Development Lifecycle (SDLC) by introducing a Security Intake Program, bridging the gap between Information Technology, Development, and Cloud Operations teams.
- Instituted a specialized training regimen for the Development Team, emphasizing on education surrounding critical web application threats, including the OWASP Top 10 and CWE Top 25.
- Collaborated with reputable third-party pentesting agencies, gaining insights into potential weaknesses in the operational environment and subsequently devising remediation strategies.
- Engaged with cross-functional teams, fostering a culture of collective responsibility in identifying and mitigating security vulnerabilities and potential risks.
- Conducted periodic security assessments, ensuring unwavering compliance with both regulatory standards and industry best practices.
- Pioneered threat modeling methodologies, establishing a proactive approach to application security.
- Implemented code-signing protocols, certifying software authenticity and safeguarding against unauthorized code alterations.
Senior Operations Specialist
Accruent
11.2018 - 02.2022
- Collected data on Total Addressable Market (TAM) data using various research methods to broaden results and optimize marketing strategies.
- Recorded data in CRM databases, streamlining analysis procedures for efficiency and accuracy.
- Forecasted marketing trends based on previous data to adjust campaigns and maximize sales.
- Implemented updated reporting procedures to rectify issues in data collection and analysis.
- Trained entry-level and Marketing Operations data analysts on company protocols, best practices and CRM data migration procedures.
Education
Certification - Cybersecurity
University of Texas At Austin
Austin, TX08.2021
BBA - International Business
St. Edward's University
Austin, TX05.2018
Skills
- Incident Response Management
- Development Languages (Java, C, JavaScript, NET, TypeScript)
- Penetration Testing
- SIEM: (Splunk, ELK Stack)
- Cloud Platforms: (AWS, Azure, OCI, GCP)
- Rapid7 Nexpose
- EDR Solutions: (CrowdStrike, CarbonBlack)
- Threat Modeling
- SAST/DAST/SCA scanning
- Code Signing Protocols
- Secure Development Lifecycle (SDLC)
- Data Loss Prevention (DLP)
Certification
- Security +, CompTIA - November 2022
- Certified in Cyber Security (CC), ISC2 - September 2022
- AWS Certified Cloud Practitioner, AWS - July 2023
Languages
French
Full Professional
Vietnamese
Professional Working
Spanish
Limited Working
Timeline
Application Security Manager - FAL Group
Fortive
04.2023 - Current
Application Security Engineer - FAL Group
Fortive
02.2022 - 04.2023
Senior Operations Specialist
Accruent
11.2018 - 02.2022
Certification - Cybersecurity
University of Texas At Austin
BBA - International Business
St. Edward's University
- Security +, CompTIA - November 2022
- Certified in Cyber Security (CC), ISC2 - September 2022
- AWS Certified Cloud Practitioner, AWS - July 2023
Similar Profiles
Shatara SullivanShatara Sullivan
Senior Customer Support Specialist (Remote) at FortiveSenior Customer Support Specialist (Remote) at Fortive
Ethel DrakeEthel Drake
Pacer at FortivePacer at Fortive
Ryan CrawfordRyan Crawford
Manager, Security Engineering at FortiveManager, Security Engineering at Fortive