Author Image

Hi, I am Mark

Experience

1
Manifest Cyber

July 2025 - Present

Remote

Senior Director/Head of Engineering

July 2025 - Present

Responsibilities:
  • Primary Scope
  • Function as Head of Engineering for small (~20 person) engineering team in a fast moving Series A startup targeting supply chain security leverage Software Bills of Materials (SBOMS).
  • Help an early Series A startup begin to mature their engineering practice and processes while maintaining the scrappy startup culture that got them to where they are.
  • Key Contributions
  • Worked with leadership and product to help manage feature requests into a more strategic roadmap.
  • Adjusted assignments to have the on-call rotation be a dedicated assignment to absorb most interrupt work and minimize distractions on engineers.
  • Lead design and architecture on a significant rework to address shortcomings in the original architecture to unlock future scaling, reduce feature devellopment cost, and address growing scaling issues.
  • Adjust priorities annd resources to bring forward long deferred investment in observability to address gaps in supportability and early trouble detection.
  • Drive an effort to resolve gaps and deficiences in the non-SaaS deployument to unlock deployments for larger customers. This was a key enabler for multiple large new logo deal that represented a significant increase versus historical ACV.
Google LLC

Nov 2022 - May 2025

Remote

Engineering Manager III, Platform Engineering and DevOps

Nov 2022 - May 2025

Responsibilities:
  • Primary Scope
  • Continue to lead a cross functional team supporting DevOps, Engineering Security & Compliance, and production on-call functions.
  • Returned to Google via the Mandiant acquisition and continued to lead a 30-45 person organization.
  • Key Contributions
  • Continued to lead a cross-functional team delivering an opinionated Kubernetes based IDP (Internal Development Platform), Engineering Security & Compliance Functions, DevOps Consulting & Support, and Google integration.
  • Led development & deployment of the 2nd and 3rd generation iterations of our Kubernetes based IDP using GKE on GCP (replacing EKS and AWS). This was accomplished in ~10 months despite numerous technical and process obstacles at Google. This IDP is the current production platform for the original Mandiant products at Google. The team and platform support approximately 20 development teams with over 100 Kubernetes clusters under common, white glove management.
  • Led my team and the larger Mandiant Engeineering organization through the technical transition from the Mandiant tech stacks and tooling focused on AWS to the Google tools including both google3 (aka Borg) and GCP.
  • Took over as vendor manager for AWS and drove reduction in AWS spend from > $20M in 2022 & 2023 by more than 2/3 in two years, finishing even below the target forecast (and on track for 2025) to unlock OpEx for other business needs.
  • Enabled multiple compliance wins including continuing SOC2 while adding ISO 27001.
  • Led the engineering organization through new Google tooling around GCP Cloud Governance and partnered with existing Google teams to address multiple functional gaps.
  • Led the uptake of service mesh with DIY Istio followed by ASM (Anthos Service Mesh) to meet requirements for audit, mutual authentication and encryption in motion.
  • Defined CI/CD tooling replacements and roadmaps across approximately a half dozen tool stacks to Google Supported tooling to address multiple governance and security aspects.
  • Absorbed two key legacy IT teams into my org and led their transformation into product focused deliveries.
  • Led and supported the team through multiple, difficult staffing adjustments as well as multiple leadership changes both in my immediate organization and the larger team was restructured post-acquisition.
  • Personal individual contributions included multiple design efforts and other activities.
  • Core design and networking detailed design for the GKE version of the Kubernetes IDP on the 2nd and 3rd generation iterations.
  • Designed Federated Istio (via Anthos Service Mesh) deployment including leveraging service mesh plus peering to facilitate secure, cross-cloud connectivity to/from GCP for legacy services in AWS.
  • Designed a MPEP (Mandatory Policy Enforcement Point) with multi-party approval flows with PAC (policy as code) pattern, CI/CD tooling roadmap. This was address the issue where Kubernetes cluster owners could normally override Kubernetes manifest based policies. The solution was IAC for the critical manifests using a special purpose service account and Kubernetes RBAC to protect those manifests from the normal cluster roles. This closed a control gap around cluster owner global permissions and leveraged Googles existing multi-party source code controls to facilitate changes and multi-party controls.
  • Design for a new logging system addressing tech debt and Googles unique requirements for privacy audit.
  • Cloud cost optimization efforts including multi-cloud forecasting models leveraging Googles data tools to replace a terminated vendor (CloudHealth).
2
3
Mandiant

Jun 2021 - Oct 2022

Remote

Vice President, DevOps and Delivery

Jun 2021 - Oct 2022

Responsibilities:
  • Primary Scope
  • Assemble and lead a multi-faceted team doing Dev/DevSecOps, Engineering Security & Compliance functions.
  • This team started with approximately a dozen engineers and grew to over 40.
  • Key Contributions
  • Led the transition of the PoC Kubernetes based Application Infrastructure to a production platform used across the Mandiant Advantage product portfolio.
  • Supported security and compliance functions including multiple SOC2/Type 2 certifications and Mandiants first FedRamp listing (High).
  • Landed a long in progress FedRamp High offering of one of Mandiants products with a successful FedRamp Marketplace listing via the RAR (Readiness Assessment Review) process.
  • Unified project planning, backlog management and related processes around an Atlassian stack solution with Jira + Confluence at its core.
  • Identified, resourced and led delivery of a Grafana observability stack to replace an ELK stack that was unexpectedly deprecated with very short (six week) notice during the divestiture process.
  • Led the engineering related transition around the Trellix (fka FireEye) divestiture including migration, cloning and decommissioning of multiple engineering tools.
  • GitHub Enterprise to Github.com EMU (Enterprise Managed Users).
  • Mandiant was an early, pre-public customer for GitHub EMU and the updated Organization migration API.
  • Transitioned almost 500 orgs and ~4500 repositories into two distinct GitHub Enterprises for Trellix and Mandiant respectively.
  • Forking and content cleanup of large, complex Jira and Confluence installations.
  • Transition of the Mandiant Jira & Confluence solutions from on-prem to Cloud.
  • Led the separation of numerous other engineering assets and aspects including cloud accounts, servers, and process & compliance functions.
  • Partnered with HR to develop and deliver a career matrix for Software Engineers to help define the SWE career ladder.
  • Coordinated multiple training efforts including introduction of Udemy for Business to improve technical training and provide a valuable resource to team members.
Google Inc.

Oct 2013 - Sep 2015

Mountain View, CA

Engineering Manager - gTech Consumer

Oct 2013 - Sep 2015

Responsibilities:
  • Primary Scope
  • Lead an Engineering Team delivering custom code and tooling in support of Googles end-user customer support organization.
  • Key Contributions
  • Led a team of engineers and program managers to deliver analytic insights for Google customer support that provided data and metrics for a several hundred million users a month to help a team of hundreds support Google end users.
  • Worked with sources of data and tools (including BigQuery and BigTable), graph databases and other tools to provide analytics across support web sites, in-app help, community forums and call centers. We did experimentation in the small and large.
  • Led technical transition from several in-house tools facing deprecation or stagnation to leveraging off the shelf solutions like Tableau, JIRA and SAS.
  • Drove unique effort to use a graph database to gain insights across multiple disconnected platforms to provide a picture of a users total support journey including both online and traditional call center resources.
  • Drove multiple initiatives around experimentation in the large including aggregate cohorts approaching 1B unique users.
  • Coordinated with business stakeholders to drive metric driven improvements in quality, cost and scale of support to Google consumer end users. This included traditional analytics, machine learning, experimentation and other approaches.
4
5
Websense

Apr 2009 - Sep 2013

San Diego, CA

Principal Architect

Apr 2009 - Sep 2013

Responsibilities:
  • Original Scope
  • Provided technical leadership to the Web Security team including delivering a complete reimplementation of the authentication subsystem addressing key functional and competitive shortcomings (C++, Networking, HTTP).
  • Primary Scope
  • Owned technical roadmap for hardware & software security appliance flagship products while coordinating across geographically diverse teams. I reported directly to the CTO as their primary technical go-to resource for the security appliance products.
  • Acted as the primary technical contact with OEM partners in hardware selection, optimization and management for approximately $15M/year in OEM hardware spend and $50M/year in direct as well as key enablement of $300M/year related revenue.
  • Held the appliance architect role and managed coordination between the US and European application development teams and the China based appliance platform engineering teams. Key accomplishments included and complete replacement and rationalization of the hardware selection leaving to lower price while doubling median performance. I led early entry into chassis based solutions.
  • Led the design, hardware selection and deployment of multiple infrastructure initiatives include the 1st 10G/40G Ethernet infrastructure in the company and a transition from standalone servers to vSphere+iSCSI SAN for improved functionality and lower TCO.
  • Provided ongoing assistance, coordination and technical assistance to sales and support organization. This included both pre and post-sales support with a focus on deployment, integration and hard to solve technical issues.
  • Developed, provide and present training material for the field sales engineers including leading multiple 100+ attendee l sessions at various sales conferences and partner training events.
Autonomic Networks

Sep 2007 - Apr 2009

Mountain View, CA

Services Team Manager/Member Technical Staff

Sep 2007 - Apr 2009

Responsibilities:
  • Primary Scope
  • Co-Architect and Engineering Manager for a UBA (User Behavioral Analytics) security product.
  • Key Contributions
  • Returned to Vernier (renamed to Autonomic) to act as a lead architect and manage the front end/control plane team in designing the next generation product for automatic analysis and response to network activity and security threats.
  • Provided leadership and primary execution to resolve several long standing customer service issues for overseas customers of a key OEM partner, overcoming time, language and other challenges to arrive at a successful resolution.
  • Took over as Services team manager leading a mixed team of employees and contractors (both local and India based) to build the next generation management software. I led the design and was actively involved development to move from the legacy LAMP web UI/C++ backend to a Web 2.0 rich web UI and J2EE based backend utilizing technologies like Adobe Flex, Tomcat and CORBA.
  • Through company downsizing adapted to changing roles, providing primary and backup and systems admin and IT coverage for Unix and Windows servers including Microsoft Exchange, provided sales engineering support for Fortune 500 financial customers, and provided key technical leadership on overcoming performance deficits in vendor outsourced Java code base.
  • Performed yeoman duty in Sales Engineering role helping install and configure product and engage customer with sales team at several fortune 500 customers.
6
7
Swarmcast/Onion Networks

Oct 2006 - Aug 2007

Minneapolis, MN

Embedded Development Director

Oct 2006 - Aug 2007

Responsibilities:
  • Primary Scope
  • Tasked to build an embedded product, team and development environment in a historically Java shop to bring streaming HD video to small, embedded devices like set-top boxes and phones.
  • Key Contributions
  • Implemented all new tools, code and processes to rapidly (in 4 months) migrate Java based HD video streaming technology to a native C++ environment for deployment to a Motorola WinCE set top box used by leading Japanese media companies.
Self-Employed

Mar 2004 - Oct 2006

Twin Cities, MN

Consultant/Contract Engineer

Mar 2004 - Oct 2006

Responsibilities:
  • Performed a variety of self-employed and contract roles.
  • RAID driver and firmware work in at Ciprico (C++, Driver & Embedded)
  • Air Traffic Control software (Common ARTS) at Lockheed-Martin (C++)
  • gated enhancements for improved OSPF ECMP (Equal Cost Multi-Path) support in a high end router product.
8
9
Vernier Networks

Jun 2001 - Mar 2004

Mountain View, CA

Systems Team Lead/Manager

Jun 2001 - Mar 2004

Responsibilities:
  • Lead and technical architect of the team providing the core software for a network security appliance
  • Created roject plans, coordinated deliveries, milestones and professional development of the team later expanding into the people manager duties.
  • Led and implemented multiple areas including key performance improvements, drivers and kernel level network security technologies.
Zhone Technologies

Jul 1999 - Jun 2001

Minneapolis, MN & Oakland, CA

IP Architect/Product Manager

Jul 1999 - Jun 2001

Responsibilities:
  • Initial Scope
  • Design, architecture, and technical supervision of a distributed TCP/IP network protocol stack for a line of carrier grade access products. Addressed the unique reliability and security requirements for carrier equipment in a public network. This stack is used today in over $100M a year in shipping product.
  • Primary Scope
  • Once initial development team was functional, promoted to Product Manager for data services including IP and ATM technologies. Focus was product and feature definition, functional specifications, sales engineering staff support, trade shows and client presentations and contacts.
  • Key Contributions
  • Provided cohesive product direction and leadership across varying target geographical and vertical markets to maximize the engineering effort available from a small, efficient engineering team.
  • Conceived, designed and drove a product enhancement that removed critical technical barriers to deployment that resulted in immediate sales of $3M and became a key technology in the majority of carrier deployments.
  • Provided key leadership in revitalizing domestic sales and market/mind-share and was involved in several key “saves” on-site with various carrier customers.
  • Functioning in an early stage startup performed in a variety of other roles, both technical and non-technical.
10
11
Jump.web

Aug 1996 - Jul 1999

Minneapolis, MN

Co-Founder/CTO

Aug 1996 - Jul 1999

Responsibilities:
  • Primary Scope
  • Co-founded a web and internet consulting firm that grew from a single person to a 3-10 person team focused on developing key web-based line of business and “.COM” focused business sites with active content.
  • Key Contributions
  • Led the development of a recruiting site for a leading New York staffing house to provide a direct B2B contracting bid/ask model. This site was the original version of RecruitDynamics.net (later eClaro.com).
  • Built with .NET stack and IIS leveraging both compiled and dynamic coding including ASP.
  • Led the technical development and was a principle in shopping a business plan for a family-friendly, advertising supported ISP to several angel and venture capital sources including detailed design, project planning and cost analysis 1998 – 1999 and budgeting of a multi-million dollar data center.
Secure Computing

Jul 1994 - Aug 1996

Roseville, MN

Senior Computer Scientist - Kernel Team Lead

Jul 1994 - Aug 1996

Responsibilities:
  • Primary Scope
  • Founding team member on the Sidewinder Internet firewall (a product just retired in 2018).
  • Key Contributions
  • Designed and implemented a multi virtual instance IP Stack based on the BSDi/BSD 4.4 IP protocol stack.
  • Developed OS level MAC (Mandatory Access Controls) including filesystem (UFS and VFS layer) enhancements.
  • Assisted in other network and kernel technologies around implementing mandatory security policy internal to the kernel.
  • These facilities were developed with the review and assistance of the NSA.
  • These facilities were one of the inspirations and precursors to SE Linux.
  • Key Technologies
  • C, C++, BSD Kernel, TCP/IP Networking.
12
13
Aggregate Computing

Jun 1991 - Jun 1994

Minneapolis, MN

Software Engineer, First Hired Engineer

Jun 1991 - Jun 1994

Responsibilities:
  • Primary Scope
  • First employee hired by the founders providing key developments on a dynamic, distributed, parallel cluster computing environment.
  • Key Contributions
  • Designed and implemented the core process control for the creation and management of remote processes.
  • Designed and implemented an in-process asynchronous reliable messaging protocol and related support to allow high performance, low latency inter-process communication.
  • Developed a signal re-entrant malloc compatible heap in support of the previous efforts (the design resembled the Linux arena allocator that came along later).
  • Technologies
  • C, Sun RPC, Unix Process APIs, Signals, Async-IO, Networking, TCP/IP.