Joe M

Cloud Security Prevention and Detection

Securing cLabs Inc. and the Celo platform - a proof-of-stake based blockchain with smart contracts. Celo aims to provide equal opportunity access of financial services to all individuals. The first application launched on the Celo platform, Valora, is a social payments and money transfer app, aimed at developing markets.

Respond to and mitigate security incidents and develop threat detection mechanisms. Implemented data exfiltration detection of Airbnb's sensitive data using a third-party service based on machine learning and behavioral analysis to detect attacker behaviors and provide contextual alerts Insider threat detection and response - work closely with Legal, HR and Product teams to protect Airbnb user data and code

Identify and reduce security risks of acquisitions made by Airbnb. Security lead for the HotelTonight, Luckey and Urbandoor acquisitions while working closely with Airbnb's Corporate Development, Legal and Product teams

- Architected MZ's data center and cloud network security infrastructure. Worked with server and application teams to define trust boundaries and access control requirements. Implemented network segmentation between multiples offices, data centers and public clouds in AWS and GCP - Responsible for providing network and compliance visibility to other MZ security teams - Developed tools to audit network security controls including all firewall policies and AWS security groups - Provided guidance to operational teams in managing MZ’s security infrastructure

- Designed network security architecture of multiple offices, corporate data center servers and AWS VPCs - Defined service and application network security requirements and worked with IT and production engineering teams to implement them Selected Accomplishments - Implemented zero trust network access architecture using Palo Alto Networks GlobalProtect VPN; a least-privileged network access model for employees and contractors of MZ's infrastructure based on authenticated devices and users. Leveraged endpoint host checking, threat prevention and malware sandbox technologies. Project design, implementation and user rollout lasted a year and a half. Presented at Palo Alto Networks Ignite 2018 conference - Implemented whitelisted Internet egress access control of Game server environment using Squid proxies - Designed network tap and IDS framework within the data center giving visibility to ingress/egress network flows of production applications - Denial-of-service attack alerting and mitigation used to protect all of MZ's business units - Configuration auditing of public cloud and datacenter security configurations providing violation alerting to Incident Response team in under five minutes

Implemented DDoS mitigation systems to protect Twitter's service Management of netflow visibility tools to alert on malicious activity Initial roll out of DNS Response Policy Zones to prevent corporate users from reaching malicious domains Assist in integrating acquired companies into Twitter's infrastructure

Manage team of engineers responsible for the design and implementation of the network security and services infrastructure Development and implementation of major security, performance and reliability enhancements to Bloomberg’s flagship product – the Terminal. Evaluate new technology to detect and mitigate network-based security threats Drive department’s strategic initiatives, assist in budget planning and talent acquisition. Principal in formation of new network security policy team Selected Accomplishments - Location based service directory for the Bloomberg Terminal. Service directory provides the terminal all available application services in Bloomberg's data centers around the world. - SSL-based content delivery infrastructure for the Bloomberg terminal based on the Squid proxy. Proxy infrastructure is the primary distribution method of images, video, documents - Performance enhancing TCP proxies to reduce application latency of the terminal across Bloomberg's Wide Area Network. Application latency reduced by 500 ms for customers in the Asia Pacific region. Received Bloomberg Customer and Culture Award January 2013

Design and implementation of Bloomberg's network security systems which include Internet-facing routers, corporate and customer-facing Web proxies, SSL proxies and ICAP servers for AV/DLP, DoS mitigation system, firewalls, load balancers, and VPN gateways. Project coordinator for all network security infrastructure initiatives - involved in driving delivery timelines, managing vendor relationships and people resources. Selected Accomplishments - Developed Bloomberg over Reliable Internet, a new connection model providing better connectivity paths for the terminal across the Internet. Received Bloomberg Business and Technology Innovators Award November 2011 - Implemented in-house Denial-of-Service mitigation infrastructure for all of Bloomberg’s major Internet presences worldwide using industry leading technology. - Deployment of secure Internet presences in all of Bloomberg’s node sites around the world.

Escalate and prevent outages of Bloomberg service offerings by coordinating between R&D infrastructure, development and management teams

Developed computer telephony integrations in C for enterprise customers including mutual fund, insurance and health benefits companies