CISO
2021 - PRESENTInfinera- Established an enterprise security risk management program within one year across the global multi-national technology and manufacturing organization.
- Rolled out ISO 27001 and ISO 27701 certifications for R&D and Manufacturing organizations within 1.5 years, five years ahead of schedule.
- Launched a third-party risk management program as part of the product procurement and vendor management program.
Technologies: IT Security, IT Management, Policy Development, Security Policies & Procedures, Security, Policies & Procedures Compliance, Cybersecurity, Blockchain, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCICEO | CIO, CISO, CRO, CCO Consultant
2013 - PRESENTAnalytic Risk Intelligence Management- Founded an IT ops, security, and risk management consulting company through which I built consulting teams for HP, GDIT, and KPMG to perform DevSecOps, audits, and risk assessments.
- Expanded the service portfolio offering to include 25 services in global risk and compliance, information assurance, and IT operations and executed eight contract engagements through teaming agreements with KPMG, HP, IBM, and GDIT.
- Transformed John Deere's SDLC process to a Scrum-at-Scale lifecycle, reducing the release cycle from 6 months to 4 weeks. Led its international security RA process adding security standards and best practices that reduced security code faults by 76%.
- Achieved FISMA certification for GDIT-Health organization cloud deployment and HITRUST certification of WorkTerra at CareerBuilder. Awarded a $2 billion contract transforming the IT DevSecOp at Wolter Kluwer.
- Reduced $80 million in IT ERM exposure by implementing data loss protection, IdAM, IoT management, and Blockchain for supply chain management and increased risk awareness with ERM processes documenting $50 million in risk at Smithfield Foods.
- Produced RA reports that identified $100 million in privacy and data exposure risk for funding justification for the California Department of Technology (CDT).
- Reduced the third-party risk management process cost by $1 million and operational risk of $20 million for non-compliance to PCI-DSS at the Navy Federal Credit Union.
- Implemented risk scoring and reporting capability to reduce $20 million in operational risk and improve response time by 60% at Verisk Analytics and DLP tools at Alison Transmission, which also completed SOC-2 certification.
- Owned customer voice in deploying managed security services offerings at GDIT and HP. At HHS, I reduced risk by $20 million and IT operational costs by $10 million by implementing SaaS GRC integration.
- Rolled out VISA's big data platform reducing fraud detection time by 300%, and Capital One's big data analytic platform, improving the operational efficiency of creditworthiness by 400%.
Technologies: Risk Models, Enterprise Risk Management (ERM), DevSecOps, Cloud, Agile, Software Development Lifecycle (SDLC), Manufacturing, Research, AWS IoT, Executive Management, IT Security, IT Management, Policy Development, Security Policies & Procedures, Financial Services, Fintech, Fintech Consultant, Security, Policies & Procedures Compliance, Cybersecurity, Blockchain, Banking & Finance, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCICISO | CRO | Senior Cyber-intel Managing Director
2005 - 2013BAE Systems- Spearheaded 120 people and four programs at the Department of Defense (DoD), Intelligence Community, Department of Homeland Security, and Security and Exchange Commission.
- Grew BAE Systems' cyber operations business to a $300 million business with 40 contracts.
- Built partnerships with vendors and the supply chain for a unified partnering ecosystem that provided the best value proposition for commercial and government contract awards.
- Took responsibility for building and running security programs for five agencies.
- Owned the voice of the customer for cyber reveal and net reveal development.
- Took accountability for the voice of the customer for ESRI flight planning and mapping for the intelligence drone program.
- Transformed Security Operations Center (SOC) processes by integrating threat intelligence from Information Sharing and Analysis Centers (ISAC) into the incident response processes.
- Developed and implemented programs for information warfare, computer network defense, computer network exfiltration, and computer network attacks.
Technologies: Executive Management, Contract Negotiations, Program Management, Portfolio Management, Cross-functional Team Leadership, Acquisitions, Procurement, Strategic Planning & Execution, Technical Program Management, IT Security, IT Management, Policy Development, Security Policies & Procedures, Financial Services, Security, Policies & Procedures Compliance, Cybersecurity, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCICIO | CISO | Program Managing Director
2003 - 2005Raytheon- Managed 65 people and reported directly to the CIO at the DoD.
- Developed and implemented a security strategy for the GiG bandwidth to the Edge (BE) program for the warfighter.
- Reduced the Defense Information Systems Agency (DISA) GiG-BE program operating costs by 6% by implementing stronger encryption and more efficient hardware.
Technologies: Strategic Planning & Execution, Strategic Partnerships, Portfolio Management, Execution, Technical Program Management, IT Security, IT Management, Policy Development, Security Policies & Procedures, Security, Policies & Procedures Compliance, Cybersecurity, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCICIO | CISO | Program Engineering Director
2001 - 2003Lockheed Martin- Led 40 people and reported directly to the CIO of the FAA.
- Developed and implemented a security strategy for securing weather radars and navigation beacons across the US.
- Provided presentation style, hands-on technical training, and knowledge transfer for enterprise security offerings.
Technologies: Program Management, Technical Program Management, Strategic Planning & Execution, Strategic Partnerships, IT Security, IT Management, Policy Development, Security Policies & Procedures, Security, Policies & Procedures Compliance, Cybersecurity, Business Services, Security Architecture, Vulnerability Assessment, Architecture, PCI