Professional Summary
Principal Software Engineer ยท AI Accelerated Engineering ยท Architecture ยท Zero Trust ยท Identity ยท Compliance
- IETF Internet-Draft Author โ draft-tonyai-a2a-trust-00 (agent-to-agent trust, AI governance; RFC track)
- Agentic workflows (Cursor) deliver 0.04% defect rate (10+ years consistent)
- Zero critical production bugs, zero breaches, zero support calls for login/access failures (career)
- Deep expertise: Zero Trust security, identity platforms (Auth0, Okta, Entra ID), AWS, microservices, compliance (SOC2, PCI-DSS, HIPAA)
- Leadership: Tier-0 systems architecture, 50+ engineers mentored, cross-functional influence (Security, Legal, Product, InfoSec)
- Portfolio: 12 live security PoCs, running demos, certifications โ phalanxaisec.com/achievements.html
Technical Core
Engineering Leadership & Communication: Team Leader, Scrum Master, Agile Ceremonies (Sprint Planning, Retrospectives, Standups, Reviews), Monthly 1:1s, Team Advocate (carried concerns to management), Feasibility Spikes, Technical Design Docs, Pitch & Proposal, Tech Debt Management, Shift-Left Engineering (local & pipeline code coverage, security scans), Code Reviews, DB Reviews, Mentorship & Team Enablement, Constructive Feedback Culture, Psychological Safety & Collaborative Culture, Cross-functional Communication (Engineering, Legal, Security, PM, InfoSec), Vendor Evaluation & Selection, Stakeholder Management.
AI & GenAI (SME): Agentic Workflows (Cursor, Claude Code, GitHub Copilot, GitLab Duo, Gemini), Large Language Models (LLMs), Prompt & Context Engineering, MCP, RAG, AI Agent Orchestration, AI Agents, MCP Servers, Agent Skills, Claude in Amazon Bedrock, A2A Trust, Agent-to-Agent Identity, AI Cost Engineering, Token Budgeting, Bedrock Knowledge Base, Bedrock Guardrails, OpenAPI/Swagger.
Identity & Security (SME): Zero Trust Architecture, Authentication (AuthN), Authorization (AuthZ), Spring Security, SAML 2.0, OAuth2, OIDC, PKCE, WebAuthn, FIDO2, Auth0, Auth0 Custom Login UI (Vue, React, JS), IdP Claims & Scopes Mapping, Token Claims Customization, Okta, Entra ID, JumpCloud, Keycloak, CheckPoint, SSO Deployment & Rollout, IdP Provisioning (internal & enterprise DSO), M2M Identity, Customer-Facing SSO Verification, MFA, RBAC, ReBAC, SCIM, JIT Provisioning, User Federation, JWT, SOC2, PCI-DSS, Worldpay, Wireshark, Fiddler, Snyk, Pen-Test Remediation.
Cloud & Platform Engineering: AWS EKS, ECS, S3, SES, SQS, SNS, Lambda, API Gateway, KMS, IAM, IAM Policies, Amazon Verified Permissions, Cedar, Cognito, Amplify, Organizations, CloudFormation, EventBridge, CloudTrail, CloudWatch, GuardDuty, Config, Audit Manager, AWS CloudShell, AWS CodeCommit; Azure (Entra ID); Terraform, YAML IaC, Bash.
CI/CD & Platform Engineering: GitLab CI/CD, GitHub Actions, Harness, TeamCity, AWS CodeCommit, Kubernetes, Helm, Docker, Ansible, GitLab Vault, Secrets Management in Pipelines, Ephemeral Environments, YAML IaC.
Backend (Java/C++/C#): Python, TypeScript, Java 17, Spring Boot, Spring MVC, C, C++, C#, .NET, Go (familiar), Groovy/Grails, Node.js, Kafka (DDD/Avro), RabbitMQ, WebSockets, HL7 (Health Level 7), X12 (ASC X12 EDI โ claims 837 / EOB 835), Microservices, Monolith to Microservices Migration, Distributed Computing, Asynchronous Systems, Event-Driven Architecture, Software Architecture and Design, DDD, REST, Apigee, OpenFeign, Twilio, Maven, Gradle, JUnit, Spock, Mockito, JaCoCo, Software Testing, SOLID, DRY, Agile, Scrum.
Frontend: React, Vue.js, JavaScript, jQuery, Backbone, HTML5, CSS3, SASS.
Data: DDL, DML, DB Performance Tuning, Query Optimization, Schema Design, Oracle 19c, PostgreSQL, MySQL, MSSQL, Azure SQL Edge, NoSQL, Liquibase, Flyway, Hibernate, GORM, JPA, Spring Data.
Observability: Dynatrace, Splunk, AppDynamics, CloudWatch, Spring Boot Actuator, Performance Tuning, SLA/SLO Monitoring.
Experience
PhalanxAI Security LLC โ Remote
Founder & Principal Engineer | April 2026 โ Present
- Specification-driven agentic AI development: Architecture and security model defined before code โ 12 working PoCs shipped, all with live demos at phalanxaisec.com.
- MCP security enforcement stack: Built Zero Trust last-mile, ephemeral identity, ReBAC, and MCP security across the full stack โ running code, not slides.
- IETF Internet-Draft first author: draft-tonyai-a2a-trust-00 (agent-to-agent trust; RFC track) โ every clause backed by working PoC.
Henry Schein One โ Herriman, UT
Principal Software Engineer / Team Lead | July 2023 โ April 2026
- Agentic AI adoption: Built Cursor workflows adopted team-wide; set company record with 17 story points (velocity unmatched by any other engineer). Refactored security codebase with shift-left practices โ caught bugs earlier, reduced rework. Scaled test coverage with AI-generated suites while maintaining full rigor.
- Safe AI at scale: Designed and deployed AI Safety & Deployment Framework across HSO โ shift-left architecture review, isolated contexts, backup strategies, atomic changes, human gates, tight feedback loops. Delivered zero production defects. Replicable for any organization scaling AI safely.
- Evaluated 4 AI platforms: Assessed Cursor, GitHub Copilot, GitLab Duo, Claude; recommended Cursor for company-wide rollout. Ranked top 50 company-wide for Cursor adoption and expertise.
- 0.04% defect rate: Sustained across 10+ years and multiple roles. Team recognized by SVP of Engineering and CTO as highest-performing โ highest velocity, output, and lowest defect rate.
- 85k+ Auth0 users at scale: Sole architect + implementer + rollout owner (no vendor pro services). Delivered custom login UI, adaptive MFA, SMS integration. Platform sustained 3ร daily concurrent logins with zero rate-limit errors. Conducted WebAuthn/FIDO2 PoC in React.
- M2M + user-delegated identity: Designed and shipped OAuth2 client credentials + Entra ID OBO flows for 3rd-party integrations (Worldpay payments, partner APIs). PCI-DSS compliant by design; every integration inherits identity model, scoped access, audit trail.
- SAML 2.0 golden path: Designed from scratch; implemented across PMS; trained teams independently. Three other HSO products adopted it โ one investment, cross-product revenue impact.
- 200+ internal users (Entra ID): Rolled out RBAC + JIT provisioning; eliminated all manual DB provisioning. IT could fully onboard new hires day one with zero DB touch.
- Enterprise DSO federation: Designed Auth0 IdP federation for largest DSO customers โ proposal accepted first presentation. Delivered self-service email de-duplication + PIN step-up auth (adopted platform-wide). SOC2 maintained throughout.
- Neutralized 2 simultaneous live attacks: Bot-driven DDoS + data exfiltration. Identified root causes, stopped both, kept platform online. Invented Session Kill Switch โ real-time session hijacking prevention, zero data exposure.
- Security advisor authority: Primary counsel across InfoSec, Engineering, Product for all identity + security decisions. Evaluated + selected Auth0, Okta, Entra ID. Translated compliance requirements into shippable architecture.
- 90% support ticket reduction: Built AWS event-driven Email Bounce Engine (SES/SQS/SNS) โ automated suppression handling, adopted across 4 PMS web apps company-wide, empowered user admins.
- Proprietary inventions: Magic Mint (context-aware token binding), Actions Mapping Engine (DB-driven OBO), Session Kill Switch, Email Bounce Engine, PIN Step-Up Auth.
- Security patterns at scale: Authored and taught HSO-wide patterns (threat modeling, auth boundaries, audit trails, compliance architecture). Trained teams to architect identity solutions independently.
- Mentored 90%+ of team: Onboarded engineers to PMS domain; taught full identity stack for independent ownership.
- Legacy impact: Post-departure, HSO stood up dedicated AppSec team replacing one engineer's security work. All Auth0 code still bug-free. Zero login/access failure support calls.
KeSTA I.T. โ State of Utah โ Salt Lake City, UT
Lead Java Developer | October 2022 โ July 2023
- Minutes โ seconds: Oracle-to-PostgreSQL migration (zero data loss); cut query response time via targeted indexing + refactoring. Two senior architects: "Never seen that volume and quality from one engineer in that timeframe."
- Stack modernization: Java 8 / AngularJS โ Java 17 / Spring Boot / Angular in high-security government environment.
- Automated quality gates: GitHub Actions pipelines + OpenAPI/Swagger specs eliminated cross-team integration friction.
Henry Schein Practice Solutions โ Herriman, UT
Principal Software Engineer / Team Lead | June 2021 โ October 2022
- 92% faster deployments: Grails 3 โ Java 17 / Spring Boot monolith-to-microservices decomposition (1.5 hrs โ 13 mins).
- 100% remediation rate: Closed all critical + medium pen-test findings in 3 sprints; zero findings on SSO/auth flows โ Security-by-Design.
- Automated security gates: GitLab/Harness pipelines (Snyk, SpotBugs, CheckStyle, JaCoCo, Jest) on every commit.
- Infrastructure as code: Terraform IaC for Spring Security gateway โ provisioned, versioned, auditable from day one.
- Team onboarding: Trained engineering + QA on Kafka patterns, identity standards, Event Storming; reduced event-driven service design time.
Henry Schein One / Henry Schein Practice Solutions โ Herriman, UT
Full-Stack Staff Engineer / Founding Integration Architect / Team Lead | August 2012 โ June 2021
- Auth stack evolution: Architected PMS identity layer from scratch; evolved: Basic Auth โ OAuth2 โ SAML 2.0 โ M2M โ JWT/Bearer. Every auth paradigm today traces to this work.
- 10k+ enterprise SSO users: Enterprise SAML 2.0 (IdP + SP) with Okta + Entra ID. By 2018, 3 other HSO products adopted โ one investment, cross-product revenue.
- Entra ID OBO platform: Greenfield flow adopted by multiple teams; support tooling used daily by support/management staff.
- Solo platform architect (2012โ2019): Owned architecture, technical strategy, code, Scrum, infrastructure simultaneously until dedicated teams stood up in 2019. Then entrusted full CI/CD pipeline ownership for entire PMS.
- First external pen-test: Lowest finding count in company history. Zero successful breaches. SOC2 maintained.
- Stopped platform-taking DDoS attacks: Previously took system down; invented foundational access control (DB schema, seed rights, multi-tenancy violation checker).
- Full-stack tech leadership: AWS ECS โ EC2 + Kubernetes, Kafka/DDD, PostgreSQL, Spring Boot, React/Vue.js/Next.js, GitLab CI/CD. Evolved frontend from jQuery/Backbone to modern platform.
- Company-wide standards authority: Served on DB schema + standards team; patterns adopted across products. Go-to architect for security + database design.
- Real-time platform reliability: Engineered real-time update engine, zero-conflict scheduling, multi-tenancy architecture for enterprise integrations.
Earlier Career (See LinkedIn for full detail)
| Role | Company | Dates | Stack / Keywords |
| Principal Software Engineer & Tech Lead | Symantec | Oct 2004 โ Jun 2010, Feb 2011 โ Aug 2012 | Restore Anyware (P2V/V2P DR), Protection Center (CISO console), Active Directory expertise, Patent filed US8103747, Symantec Star Award, 2ร A++ performance |
| Senior Software Engineer | Kaseya | Jun 2010 โ Feb 2011 | Kaseya Directory Services, Kaseya Backup, C++, C#, .NET, Active Directory, LDAP, AWS S3, Windows Volume Shadow Services, COM, Unit Testing (GMOCK, CPPUnit), SQL Server |
| Senior Software Analyst | Comsys / Flying J | Jul 2004 โ Oct 2004 | C#, .NET, Oracle, PL/SQL, SQL Server, T-SQL, Web Services, XML, ADO.NET, Credit Card Authorization, Data Replication |
| Senior Software Analyst | Veracity Solutions / Misys Healthcare | Nov 2002 โ Jun 2004 | C#, C++, .NET, Oracle, ODP.NET, NUnit, ATL, STL, MSMQ, Windows Sockets, COM, Healthcare/Pharmacy Systems, PCI-adjacent |
| Programmer Analyst | Tek Systems / Misys Healthcare | Nov 2001 โ Nov 2002 | C++, COM+, DCOM, Visual Basic, ATL, MFC, XML, ADO, Windows 2000 |
| Programmer Analyst | K-Force / Vanteon | Mar 2001 โ Nov 2001 | Java, C++, MFC, Swing, UNIX, Biometric Encryption, MS Crypto API, Digital Certificates, COM |
| Programmer Analyst / Team Lead | Alltel Information Services | Dec 1998 โ Mar 2001 | C, C++, MFC, Windows CE, Oracle, PL/SQL, UNIX, TCP/IP, Rational Rose, Team Lead โ scheduling, mentoring, source control |
| Programmer Analyst | Satellite Image Systems | Oct 1996 โ Dec 1998 | Visual C++, Borland C++, Data Entry/Archival Systems, EDI, flat-file databases |
| Computer Operator | Eduserv Technologies | Aug 1992 โ Oct 1996 | VAX VMS Mainframe, Borland C++, tape backup, printer systems, IT ops |
| Satellite Systems Operator / Team Lead | US Army | Jun 1987 โ Jan 1991 | SATCOM, LOS, TCP/IP, RS-232, Team Lead โ scheduling, mentoring, Honor Student |
| Computer / Network Operator | US Army | Jan 1991 โ Aug 1992 | IBM DPS 8000 Mainframe, JCL, WAN/patch panels, TCP/IP, Top Secret clearance (1987โ1992) |
Books That Shaped the Craft
A self-taught engineer is only as good as the books he chose to learn from. These are still on the shelf:
- Design Patterns: Elements of Reusable Object-Oriented Software โ Gamma, Helm, Johnson, Vlissides (Gang of Four), 1994
- The C++ Programming Language: Special Edition (3rd Edition) โ Bjarne Stroustrup, 1997
- Object-Oriented Programming in C++ โ Robert LaFore, 1998
- 19 Deadly Sins of Software Security โ Howard, LeBlanc & Viega, McGraw-Hill, 2005
- The Pragmatic Programmer: Your Journey to Mastery (20th Anniversary Ed.) โ Thomas & Hunt, 2019
- Refactoring: Improving the Design of Existing Code (2nd Ed.) โ Martin Fowler, 2018
- Becoming an Indispensable Employee in a Disposable World โ Neal Whitten, Prentice Hall, 1994
Education & Continuous Learning
- Anthropic Academy โ AI Agents, RAG, MCP Servers, Agent Skills, Subagents (certifications at phalanxaisec.com/achievements.html)
- YouTube: @theseriouscto (CTO strategy), @NateBJones (AI), @IBMTechnology (cloud computing)
- TLS/Digital Certificates, SAML 2.0, OAuth2, OIDC, AppSec โ Pluralsight & Udemy
- Atlantic Computrain โ Sun Java 2 Programmer Certificate, 2000
- Certified Careers Institute โ AOS, Computer Science, 3.8 GPA, 1996
- US Army Signal School โ Computer Operator Certificate, 1991 (Honor Student)
- US Army Signal School โ Satellite Systems Operator Certificate, 1987 (Honor Student)