About
Samuel Loch
Software Developer & Cybersecurity Leader
I am a passionate Cybersecurity Engineering Manager with an extensive professional background developing software
and securing the technology environments of Fortune 500 companies, impacting tens of millions of users.
I have a bachelor’s degree in Management Information Systems and an MBA concentrating in Cybersecurity Intelligence Leadership.
I am also currently pursuing a graduate degree in Computer Science, concentrating in Artificial Intelligence, at the University of Pennsylvania, where I have completed graduate coursework
related to software development in the Java, Python, and C programming languages, as well as courses in Artificial Intelligence and Natural Language Processing.
My Experience
Master of Computer and Information Technology, The University of Pennsylvania
2024 – Present
-
I am currently pursuing a graduate degree in Computer Science, concentrating in Artificial Intelligence, at the University of Pennsylvania.
Coursework that I am completing through this program covers software development in Java, Python, and C, as well as artificial intelligence,
natural language processing, data structures and algorithms, software security and analysis, cloud computing, and database systems.
Cybersecurity Manager, Tech Audit Lead, Comcast
2025 - Present
-
I currently lead teams of technical cybersecurity professionals in assessing the
security of critical applications at Comcast. I set the strategic direction of these audits through determining the
relevant risks and applications and provide technical guidance to my team.
-
Overseeing multiple concurrent engagements of up to 8 security analysts and engineers ensuring timely delivery
of work and actionable recommendations. Approving audit scope and producing and delivering final reports.
-
Leading IT audit teams through the assessment of cybersecurity controls for business-critical applications and business units, including code reviews, threat models, IAM, configuration management, and cloud security assessments.
-
Authoring departmental standards and testing playbooks ensuring a thorough and standardized approach across engagements.
Senior Technology & Cybersecurity Auditor, Comcast
2023 - 2025
-
I spent time aiding auditing teams at Comcast as a Lead Auditor with my software development and application security expertise.
-
Lead auditor evaluating the Xfinity.com web application, mobile app, and the Xfinity customer network servicing over 30 million users, partnered with engineering teams to identify and remediate security risks in their applications.
-
Reviewed production source code, API integrations, IAM and cloud configurations for major customer platforms (Xfinity.com, Xfinity Mobile App), identifying vulnerabilities and partnering with engineers to remediate issues.
-
Partnered with security teams to identify opportunities for and implement DevSecOps practices, improving the security automation in their development pipelines.
Master of Business Administration - Cybersecurity Intelligence Leadership, Penn State University
2021 - 2024
-
In 2024 I received my MBA from Pennsylvania State University, graduating with honors from the Smeal College of Business,
concentrating in Cybersecurity Intelligence Leadership. Throughout my studies, I took courses on application security, information security, data analytics,
and business leadership.
-
Built and deployed a web application using docker kubernetes, then performed penetration tests on the application
utilizing the DAST tool ZAP, documenting my findings.
-
Performed threat modeling, tabletop exercises, and
drafted organizational cybersecurity policies.
-
Took extensive coursework on leading teams and organizations, thoroughly preparing me to lead cross-functional organizations.
Senior Information Security Analyst, TD Bank
2022 - 2023
-
As a Senior Information Security Analyst, I helped internal cybersecurity teams evaluate the risks associated with their processes and implement solutions to mitigate those risks.
-
Led engagements as a technical security advisor to evaluate and implement cybersecurity controls following NIST guidelines in the domains of cloud security, application security, and vulnerability management.
-
Consulted internal cyber and engineering teams on how to better secure their tech assets and applications
and how to implement processes and controls to reduce cyber risk.
Business Systems Analyst III - Software and Cybersecurity, TD Bank
2019 - 2022
-
As a Business Systems Analyst I spent time on software development teams as both a software development engineer in test (SDET)
as well as in a Scrum Master capacity, learning the software development lifecycle and Agile methodologies
from the multiple perspectives within a software development pod.
-
Led remote international teams in quality assurance testing of essential production applications,
servicing over 86,000 TD customers per year, distributing approximately $8.2 billion in loans.
-
Developed a frontend tool (JS/HTML/CSS) with backend integration to Jira REST APIs;
automating Agile project onboarding workflows and reduced manual efforts.
-
Conducted multi-day bootcamp sessions teaching Agile software development practices to other TD development teams.
-
Architected a vulnerability reporting dashboard using Tableau and SQL connecting
to and querying from TD’s vulnerability database, vastly improving the monitoring and remediation of vulnerabilities,
and improving the mean time to patch (MTTP) by 25%.
Projects
*Some of my projects must remain private for academic integrity purposes.
Just reach out if you would like to view the code.
Tweet Analysis Program | Java, Maven
Developed an application to parse tweet data for mentions of the flu and separate tweets
related to the flu by location data to provide insights on estimated flu rates
around the country.
View Project
Property Value Analysis Tool | Java, Maven, JSON
Developed an application that ingests property and population data from opendataphilly.org
and analyzes property values against various other data points to provide a comprehensive view
of propertieswithin different areas of Philadelphia.
View Project
Personal Website | HTML, CSS, JavaScript
Developed and maintained this personal websited written in HTML, CSS, and JavaScript. Deployed the site using AWS S3,
Amplify, and Route53.
View Project
Skills
- Java
- Python
- C Programming
- Application Security
- Secure Software Development Lifecycle
- AWS (RDS, ECS, Lambda)
- Artificial Intelligence
- Natural Language Processing
- Machine Learning
- Data Engineering
- CI/CD Tools (Docker, GitHub)
- Agile Methodologies
- SQL
- People Management
- Rest API
- SAST
- DAST
Certifications
-
Certified Information Systems Security Professional (CISSP) - ISC2
-
Security+ - CompTIA
-
Programming with Python and Java Specialization - The University of Pennsylvania (2024)
