## Sean Youngberg
**Solutions Architect · AI & Application Security · Cloud Infrastructure & IaC · Agentic Systems**

Knoxville, TN · sean.youngberg@gmail.com · (865) 771-9950 · linkedin.com/in/seanyoungberg · github.com/seanyoungberg

### Summary

Solutions Architect who turns new AI-security platforms into systems the field can actually deliver: the methodology, scoping software, hands-on labs, automation, and enablement that carry a product from launch into customer environments. I came up through network engineering, DNS/CDN, Linux systems, cloud security delivery, and DevOps automation, most of it customer-facing, so my AI work sits on the infrastructure stack it has to run through. At Palo Alto Networks I spent years delivering Terraform-built cloud security architecture inside customer environments, then launched the professional-services practice for Prisma AIRS from zero while still carrying Cloud and Software Firewall architecture, and built the tooling and lab program that helped turn a global NetSec consulting org into an AI Security workforce. Outside work I build agentic infrastructure: Loom, a multi-agent orchestration harness, and a Cloudflare-secured berglabs edge using Access, Tunnel, Workers, R2, and least-privilege tokens. The throughline is broad systems range applied where application security, infrastructure as code, and AI meet: build the thing, make it operable, then teach the field how to deliver it.

### Experience

**Global Solutions Architect, Cloud and AI** · Palo Alto Networks · *2021 – Present*
*AI Security Practice Design · Global Enablement · Cloud Security Architecture*

- Launched Palo Alto Networks' professional-services practice for Prisma AIRS from scratch as the sole practice lead, while concurrently leading the Cloud and Software Firewall portfolio. Built the domain expertise hands-on across model security, AI runtime protection (API and firewall), the LLM and MCP gateway via Portkey, agent security, and red teaming, with remediation spanning WAF and edge controls, middleware, and the agent layer rather than the model alone.
- Productized a net-new AI Security platform into a field-deliverable services motion: services strategy, session-based packaging, level-of-effort methodology, delivery playbooks, customer requirements, and presales-to-delivery customer journeys for SaaS products with no prior PS template. Carried Group Practice Lead and Service Product Manager responsibilities as the practice grew to a $30.4M professional-services pipeline across 571 active opportunities.
- Built and shipped the internal web app the AI Security services practice uses to scope and deliver engagements, deployed company-wide on GKE behind Okta SSO. It replaced a Salesforce quoting process that routinely over-scoped deals, right-sizing services quantities and carrying a customer from presales scope straight into the consultant's delivery plan.
- Designed and ran the global enablement program that turned the NetSec consulting org into an AI Security workforce: five hands-on cloud labs where consultants learn by attacking and defending live systems (model scanning, LLM gateway guardrails, MCP protocol security, runtime API protection, red teaming), run inside a Claude Code environment so one instructor can mentor a full room. Roughly 60 consultants across EMEA and NAM rated it 4.85/5 with 100% would-recommend; AI-coding-tool adoption rose from 46% to 81%, and another PANW org adopted the lab format.
- Served as the sole professional-services liaison to product management for the Software Firewall and later AIRS portfolios: aggregating field feedback into the roadmap, reviewing PRDs at concept stage, and working bugs and workarounds directly in engineering's GitLab and Jira workflows. Ran the AWS re:Invent security Jam three years running, building a new capture-the-flag challenge each year for roughly 300 attendees, hardening the lab platform against a room encouraged to hack it, and presenting to the full audience.
- Drove the services-delivery strategy for the practice's flagship AI Security engagement, presenting the methodology and customer journey the client signed onto. Hand-picked and mentored the delivery team, and ran the hiring plan and technical interview for the embedded resident engineer.
- Owned the internal multi-cloud lab platform (roughly 300 users across about 20 AWS, Azure, GCP, and OCI environments): access vending, cleanup and shutdown automation, and FinOps controls that cut roughly $62K per month in legacy lab spend.

**Independent Platform Engineering** · *2025 – Present*
*Multi-Agent Harnesses · AI Infrastructure · Cloudflare*

- Built Loom, a model-agnostic multi-agent harness for CLI coding agents including Claude Code, Codex, and Gemini: conductor routing, durable messaging, isolated git worktrees, a schema-validated markdown knowledge graph, and layered memory across vault notes, turn logs, and semantic recall.
- Designed the Cloudflare zero-trust architecture protecting that fleet: Access for SSO, Tunnel for zero-inbound private access, Workers and R2 for edge-hosted artifacts, DNS at the edge, and a three-tier least-privilege token model that scopes each agent's reach to its identity and role.
- Run the platform substrate behind the work: Proxmox, TrueNAS/ZFS, local LLM inference (Llama, Ollama), a multi-account AWS Organization, and GCP, used to test agent, identity, network, and storage patterns before they become customer-facing ideas.

**Principal Professional Services Engineer** · Palo Alto Networks · *2018 – 2021*
*Cloud Security Delivery & Automation*

- Embedded with a top-tier US streaming platform to ship the code that cleared its next-generation launch: a self-healing automation system for VM-Series firewalls (AWS Step Functions and Lambda) that closed the scale and availability gaps blocking go-live, pushing the firewall layer to 50 Gbps where no product precedent existed, and saved a large at-risk deal. Did similar customer-side automation work for a second major streaming service.
- Delivered 40-plus cloud security engagements across AWS, Azure, and GCP with Terraform as the delivery substrate: reference architectures and firewall-policy-as-code shipped through customers' own repos and pipelines, teaching NetSec teams IaC until they owned it. Co-founded the PS program that took ownership of the public Terraform modules for the Software Firewall portfolio, still the primary deployment mechanism for its cloud deployments. Two-time Outstanding Consultant in the global PS org.
- Sole architect for the practice's paid high-level-design engagements across cloud infrastructure, network security, and IaC: led 3-to-5-day customer design workshops producing multi-cloud, hybrid, and global architectures (active/active and DR behind a WAF, load-balancer, and NVA pattern), and steered complex datacenter-to-cloud migrations and cutovers.

*Earlier (2006–2018), Scripps Networks Interactive / Discovery and prior: enterprise network and security engineering. BGP and data-center redesigns, large firewall migrations, and primary BIND9 DNS across 900+ public zones at 25M queries/day, including zero-downtime acquisition and company-split migrations. Linux operations, web hosting, and CDN throughout. The networking and systems foundation under the cloud and AI work above.*

### Selected Public Work

- **prisma-airs-mlops-lab** (public, MIT): AI model-security lab with train/publish/deploy scanning, Vertex AI fine-tuning, and Claude Code as a mentor. github.com/airs-labs/prisma-airs-mlops-lab
- **agent-deck**: contributions to an open-source AI agent orchestration runtime (Go), focused on security containment, race conditions, and IPC/runtime reliability. github.com/asheshgoplani/agent-deck
- **PaloAltoNetworks/lab-aws-gwlb-vmseries**: official PANW lab repository contributions covering Terraform/IaC, Cloud NGFW, Strata Cloud Manager, and VM-Series lab automation.
- **jam-build-2024**: open-source Terraform for Palo Alto Networks' AWS AI Security JAM event platform, forked by other teams.

### Technical Skills

- **AI & Agentic Systems:** multi-agent orchestration, agents and tool-calling, **MCP**, RAG, evals and guardrails; **LLM gateways** (LiteLLM), prompt-injection defense, model scanning; LoRA fine-tuning, vLLM serving, AI red-teaming, runtime/inline AI security; AI-native development with **Claude Code** (familiar: LangChain, PyTorch).
- **Cloudflare & Cloud Platforms: Cloudflare** (Workers, R2, Access, Tunnel, Zero Trust, Wrangler, DNS; Durable Objects and AI Gateway lab work); **AWS** and **GCP** (Lambda, Step Functions, GKE, Vertex AI, Cloud Run); Azure; Docker/Kubernetes; cloud cost optimization and FinOps.
- **Security & AI-Risk Frameworks: MITRE ATLAS**, OWASP LLM and Agentic Top 10, NIST AI RMF, EU AI Act; Zero Trust and identity (least-privilege token design, SSO/IAP, DLP, threat modeling); model-supply-chain security.
- **Languages, IaC & DevOps: TypeScript**, **Python**, Bash, SQL; **Terraform**, CloudFormation, Git, CI/CD; bun, uv, Docker, Wrangler, GitHub Actions.
- **Networking & Systems Foundations:** routing/switching, firewall architecture, DNS, CDN, edge networking; Linux administration, web hosting, identity/SSO; Proxmox, TrueNAS/ZFS, Tailscale mesh.

### Education

- **B.A.S., Network Security & Forensics** · Fountainhead College of Technology, Knoxville, TN. Graduated with Honors; NSA Center of Academic Excellence (CAE) in Information Assurance.
- Computer Engineering coursework · University of Tennessee, Knoxville, TN.

### Certifications

AWS Certified Solutions Architect – Professional · AWS Certified Advanced Networking – Specialty · CKA · PCNSE · PCNSC · CCNP · CCDP
