Principal AI Security & Offensive Strategy Leader
Resume:
LUKE STEPHENS
Principal Security Architect Offensive Security Leader AI Security Strategist
919-***-**** ***************@*****.***
Raleigh, NC (Remote/Hybrid)
EXECUTIVE PROFILE
Extensively experienced Security Operative and Software Development Professional with over 30 years of expertise in high-stakes information security and systems development. A recognized "Force Multiplier" and mentor who bridges the gap between offensive security, application architecture, and executive leadership. Expert in building robust Secure SDLC programs, leading complex penetration testing operations, architecting security for emerging AI/ML technologies, and advising C-suite executives on critical risk management.
CORE COMPETENCIES
Offensive Security: Red Teaming, Social Engineering, Product & Infrastructure Pen Testing, Bug Bounty Management.
Product/Application Security: Secure SDLC (Stategy, Tactics, Operations), AI enablement, AI Assessment, Vulnerability Management, Security Architecture, Threat Modeling, Risk Optimization.
Architecture & Engineering: Cloud Security (AWS/Azure/GCP), Containerization (Docker/Kubernetes), Secure SDLC, Design Review.
AI & Data Security: AI Compliance/Security SME, Big Data Analytics Security, Applied AI Strategies.
Leadership & Compliance: Global Team Mentorship, M&A Security Analysis, Regulatory Strategy (HIPAA, GDPR, PCI, FedRAMP).
PROFESSIONAL EXPERIENCE
SAS INSTITUTE Principal Security & Compliance Architect
July 2021 – Present
AI Security Leadership: Serve as the Principal SME for all SAS AI compliance and security activities, authoring the internal AI Security Guidance for R&D.
Offensive Strategy: Authored and executed the long-term Corporate Offensive Security Strategy, including external vendor testing, internal red teaming, and the HackerOne bug bounty program.
Security Architecture: Acted as Chief/Final Reviewer for all corporate Secure Design Reviews, developing the entire Security Architecture program (Consulting, Research, and Review).
Risk Management: Performed critical security analysis for Mergers and Acquisitions (M&A) and provided direct advisement to the CTO, CISO, and VP of R&D on high-level risk management.
LOWE’S INC Business Unit Security Architect – DACI & Innovations
Nov 2020 – July 2021
Innovation Security: Provided end-to-end security consulting for the Data, Analytics, Forecasting, and Machine Learning business units.
Data Infrastructure: Developed security architecture for a democratized ML infrastructure utilizing Hadoop, Kafka, and GCP/Azure cloud environments.
I BREAK INTO THINGS, LLC President / Chief Bad Guy
Jan 2020 – July 2021
High-Stakes Testing: Conducted specialized penetration testing in the Chinese AWS enclave for a Genomics Big Data company.
Intellectual Property Defense: Designed secure methods to protect critical IP against major nation-state actors.
THE SELECT GROUP / BB&T-TRUIST Security Solutions Architect
Jan 2020 – Nov 2020
Merger Security: Navigated the BB&T/SunTrust merger, de-risking IAA concerns and developing the security blueprint for ATM systems.
Program Integration: Developed integrated programs for Vulnerability Management and Application Security across the newly merged entities.
ALLSCRIPTS Senior Security Architect / Security Trainer
Jan 2016 – Jan 2020
Scaled Architecture: One of only two architects servicing 109+ diverse healthcare products and 400+ development partners.
Incident Response: Core CSIRT member who led full-lifecycle response for several major breaches.
TECHNICAL LEADERSHIP & PRIOR EXPERIENCE
Director of Application Security/Pen Tester N2Net/Tangible Security: Led product assessment teams for diverse embedded, mobile, and hardware systems.
Security Evangelist Tek Security Group: Advised international clients (China, Israel, Jordan) on offensive security and privacy solutions.
Technical Foundations: Held Senior Security Developer and Engineer roles at IBM and Red Hat, focusing on application security and secure development.
EDUCATION & CERTIFICATIONS
Bachelor of Science, Computer Engineering NC State University
CISSP – Certified System Security Professional (ISC2)
ISSAP – Information System Security Architect (ISC2)
CSSLP – Certified Secure Software Licensed Professional (ISC2)
CEH – Certified Ethical Hacker (Lapsed)
Security+ - CompTia (Lapsed)
PUBLICATIONS & PRESENTATIONS
Breach Happens! What’s Next? – Triangle InfoSecCon & NCPaCE (2025)
Pen Testing Myths – Triangle InfoSecCon (2024)
Secure Design Review: The Swiss Army Knife of Security – Triangle InfoSecCon (2022)
Beyond Phishing and Whaling – CarolinaCon (2017)
Social Engineering for the Introvert/Geek – CarolinaCon (2014)
ORGANIZATION & SERVICE
Board Member: Local OWASP Chapter (2014–2017)
Advisory Board Member: University of Southern Mississippi, Dept. of Computing & Computer Engineering
Member: ISSA Raleigh Chapter (Former)
TECHNICAL STACK SUMMARY
Languages: C, C#, Java, Python, Go, Web Stacks, Dart/Flutter UI, Rust
Environments: Linux, Mac, Windows, Docker, Kubernetes, Azure, GCP, AWS
Tools: Snyk, Checkmarx, Nessus, OpenVas, NexPose, Horizon3 AI, Pentera, Kali, Most all pen testing tools
AI: ChatGPT, Gemini, Grok, NotebookLM, MCP
Contact this candidate