Helping to safely enable businesses through technology.
Senior-level cybersecurity professional with a proven track record of transforming and overseeing an organization's information security strategy and operations across diverse industries, including Financial Services, Computer/Network Security, Cybersecurity/IT Consulting, Higher Education, Foundation/Nonprofit, Healthcare, and Banking. Specializes in identifying, assessing, and mitigating security risks, ensuring compliance with regulatory requirements and industry best practices, and enabling business growth through technology. Proficient in developing and implementing security controls and risk mitigation strategies, managing incident response and disaster recovery programs, and educating employees on information security best practices.
Translating between the business, leadership and engineering/development groups to drive proactive and effective results.
Jan 2021 - Present
CISO & Executive Board Member
Workforce Research & Development
Spearheads security workforce development and research development methods for large and small organizations and candidates at various stages of their careers. Develops partnerships with hiring companies, government bodies, and other non-profits with a similar aim of closing the talent gap.
October 2020 - October 2023
Senior Manager, Cybersecurity & Technology Risk Oversight
Provides tactical cybersecurity consultation and advisory services, overseeing line of business (LOB) cybersecurity and technology risk. Enhances LOB manager's understanding of cybersecurity risk and delivers recommendations/solutions. Supports technology risk programs, identifying and assessing risks and challenging technology processes/controls/capabilities for AWS Cloud and Application Resiliency, SRE, and change/asset management. Enhances evaluations of cybersecurity and technology capabilities, accelerating their maturity. Drives optimization and maturation of organizational security and risk management program metrics.
December 2019 – October 2020
Senior Security Consultant (SMF)
Collaborated with federal and commercial clients at this boutique security consulting firm to provide cybersecurity and risk advisory solutions for their complex challenges. Enabled executives and security managers to comprehend and evaluate the cybersecurity risk's impact on their businesses through workshops and tabletop exercises. Made recommendations on tracking impactful issues to mitigate operational risks. Adopted adversarial approaches to provide insights on effective detection and response mechanisms to mature organizational defenses and develop a cyber range training platform. Developed a customized GRC management program using NIST CSF, CMMC, and ISO2700.
February 2019 – December 2019
Lead Cyber Risk Management Consultant
Managed a 15-person team of analysts to senior project managers in a federal consulting startup, delivering risk, security, and cloud security consulting with a $5M project budget. Assisted a federal agency with digital transformation/migration to the cloud, improving cybersecurity maturity and promoting cloud adoption. Provided best practices for Microsoft Office365 & Azure Gov migration, implementing security and identity management technologies from Microsoft EMS. Drove cybersecurity maturity in a federal agency by developing governance, policies, and procedures to enhance FISMA levels and adopt risk-based vulnerability management—prepared agency for managed security services and third-party vendor risk profiles.
August 2017 – February 2019
Manager Information Security Consulting
Led Microsoft Azure Fed Cloud Team, directed Managed Services to onboard/train new Gov Cloud Ops support members. Coordinated with legacy vendor support for project growth solutions and optimized Ops SRE team for 24/7 incident/problem management across multiple locations. Drove program/project management for ten-million-dollar programs, managed finances/resources/strategic planning. Assessed Ops/Security/Compliance processes in FEDRAMP, identified vulnerabilities, and provided mitigating/remediation measures.
September 2014 – August 2017
IS Site Supervisor
As the information security specialist, I shaped training and education for corporate users on cybersecurity, PHI, and PII. Integrated security awareness into daily activities to promote a culture of security. Consulted on information security, assurance, and risk management during new project creativity and development with business units. Enforced security hardening policies and procedures for computers and mobile devices. Participated in an ad-hoc Information Security Team to manage and respond to security threats and incidents, including virus and malware remediation.
January 2007 – Present