Martin Redmond, Developer in Atlanta, GA, United States
Martin is available for hire
Hire Martin

Martin Redmond

Verified Expert  in Engineering

Executive Management Developer

Atlanta, GA, United States

Toptal member since January 16, 2023

Bio

Martin is a cross-functional executive with expertise in risk management and process improvement, data privacy laws, cyber security products, security program leadership, IT Ops, cloud computing and migration, digital transformation, product, service, innovation management, mobility, big data analytics, DevSecOps, ITILv4, SOC, fraud, APT, forensic, malware, IIoT, CoT and contract and vendor negotiations. Martin has also experience in achieving compliance with multiple risk management frameworks.

Portfolio

Hearst - Information Security Office
Security Architecture, Risk Management, IT Management, Vulnerability Assessment...
Analytic Risk Intelligence Management
DevSecOps, Manufacturing, Research, IT Security, IT Management...
Ultimate Knowledge Corporation
DevOps, DevSecOps, AWS, SecOps, Kubernetes, Infrastructure as Code (IaC)...

Experience

Availability

Full-time

Preferred Environment

Financial Services, DevSecOps, Artificial Intelligence (AI), Business Process Automation, Digital Innovation, Risk Management, Strategic Initiatives, IT Operations Management (ITOM), Executive Support, IT Product Management

The most amazing...

...experiences I've held comprise 20+ years of experience building and managing enterprise security risk management across the board rooms of multiple businesses.

Work Experience

Deputy CISO | Senior GRC Director

2023 - PRESENT
Hearst - Information Security Office
  • Supported the CISO at a multi-national conglomerate with 368 companies in eight global industries: entertainment and media, financial rating, transportation, health care, software and product development, real estate, magazines, and newspapers.
  • Established a governance, risk, and compliance (GRC) program, which included onboarding a GRC senior director and senior manager for each area (i.e., governance, risk, and compliance).
  • Led my team in establishing and implementing collaboration across the 368 businesses. The team established a uniform adherence to the information security governance framework and established policies and procedures.
  • Implemented new information security policies and procedures that mandated adherence to corporate security policies. These new policies significantly strengthened the organization and affected all 368 business units supporting the CISO.
  • Established the IT enterprise risk management process, which included onboarding a risk management service provider and using risk management tools.
  • Transformed the third-party risk management process by implementing CyberGRX. The use of the exchange reduced compliance report costs for all 386 businesses by 90% based on the share compliance model of the exchange.
  • Identified risks in the security posture of the publicly facing websites and led the transformation of the DevOps process into a DevSecOps process, which addresses security controls as part of the application lifecycle process.
  • Facilitated the integration and standardization of cloud-based architecture across cloud providers (AWS, Azure, and Google).
  • Assessed the organization's risk posture and developed and implemented a risk management strategy using risk transference techniques that leverage insurance, capital reserves, and outsourcing risk activities.
  • Performed an annual risk assessment to validate the risk posture of the organization and that the residue risk of the mitigation strategy was below the executive manager's acceptable level of risk.
Technologies: Security Architecture, Risk Management, IT Management, Vulnerability Assessment, Architecture, PCI, NIST, HIPAA Compliance, Cloud Security, Architecture Assessment, Checkmarx, Dynamic Analysis, Cloud Engineering, Data Migration, BlackLine, Enterprise Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Mail Servers, VPN, Automation, Azure Cloud Security, Azure DevOps, Azure, Cloud Infrastructure, GitHub Actions, YAML, SecOps, Antivirus Software, Bitbucket, Disaster Recovery Plans (DRP), Learning Management Systems (LMS), Monitoring, Security Analysis, Software Architecture, Source Code Review, Design Reviews, QualysGuard, Crytographer, GraphQL, AWS, Google Kubernetes Engine (GKE), Static Application Security Testing (SAST), OWASP, OWASP Top 10, System Security, FedRAMP, Java, AWS Amplify, AWS Cloud Development Kit (CDK), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, Cybersecurity, IT Projects, Agile Development, ISO Compliance, IT Project Management, Communication Coaching, Organization, Technical Writing, ISO 27001, Compliance, PMP Project Management, Education Technology (Edtech), Design Consulting, Compliance, SOC 2( Service Organization Control), IT Project Management, ISO 27001, Security, Office 365, Managed Security Service Providers (MSSP), System Security, Managed Services, Infrastructure, Advisory, Security Advisory, ISO 31000, COBIT, PCI DSS, SOC 2( Service Organization Control), Executive Management, Certified Information Systems Security Professional, Enterprise Risk Management (ERM), Program Management, Portfolio Management, Strategic Planning & Execution, Technical Program Management, Strategic Partnerships, Execution, GRC, Global Risk, Artificial Intelligence, Neural Network, Telecommunications, Optical Networks, Big Data Architecture, IT Security, System Security, Fintech Development, Fintech Development, Policies & Procedures Compliance, Blockchain, Banking Consulting, Business Services, CISSP, AI-augmented Software Engineering (AIASE), AIOps, Edge AI, Insurance App Design, Insurance Broking, Cloud Migration, Cloud Platforms, Complex Program Management, Stakeholder Management, Multitenancy, Google Cloud Development, Public Sector, Regulations, Azure Design, Splunk Enterprise Security, Splunk, GitHub, Solo.io, Crossplane, Argo CD, Security Information and Event Management (SIEM), Virtual Coaching, Azure Design, Azure, IT Program Management, AWS, Artificial Neural Networks (ANN), Artificial Intelligence of Things (AIoT), SAP Artificial Intelligence, Explainable Artificial Intelligence (XAI), Game Development, Artificial General Intelligence (AGI), Artificial Intelligence, Artificial Intelligence, Generative Artificial Intelligence (GenAI), Artificial Intelligence as a Service (AIaaS), Cyberattacks, CISO, Feasibility Studies, Feature Backlog Prioritization, Technical Product Management, User Stories, Project Timelines, Proof of Concept (POC), Real Estate, Regulatory Affairs, Data Classification, Data Mapping, Privacy Impact Assessments (PIAs), Data Protection, Data Subject Rights Management, Data Transfers, Regulatory Liaison and Reporting, Auditing, Record of Processing Activities (ROPA), Incident Response, Data Breach Response, Vendor Management, Data Processing Agreements (DPA), Education Technology (Edtech), Microsoft Certified IT Professional, AI Ethics, Cisco, Virtualization, Network Architecture, Network Engineering, Network Design, Network Monitoring, SharePoint Design, Microsoft 365, Microsoft Power Apps, Microsoft Power Automate, Microsoft Planner, Applied Cryptography, Chrome Extension Development, Cryptocurrency APIs, Vue.js, LLM, RAG, Edtech Design, Canvas, Canvas LMS, Learning Tools Interoperability (LTI), Moodle, eLearning Design, Data Science, Embedding Models, Deep & Cross Network (DCN), Recommendation Systems, AWS Well-Architected Framework, HITRUST Certification, WP Engine, Elasticsearch, LAMP, WordPress Development, Linux, Risk Analysis, Root Cause Analysis, GPT-4, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, Unreal Engine, System Security, PHP, Product Management, APIs, Database, Data Collection, CA SiteMinder, ERP Development, Finance, Business Intelligence Development, Encryption, HSM, Microsoft Copilot, Alteryx, Machine Learning, Microsoft Copilot Pro, User Workflows, MuleSoft, Application Security, Crypto, Cryptocurrency, DOIT Software, Google Storage Development, Security Architecture Assessment, Google Compute Engine (GCE), VPC, Logging, PyTorch, Distributed Systems Development, Pandas, Scikit-Learn, Spark, OCR, PostgreSQL, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Google Cloud Development, Digital Forensics, Ethical Hacking, Cyber Forensics, Cybersecurity Operations, Active Directory (AD), Microsoft Development, Microsoft Identity Manager, Dashboard, SQL, App Infrastructure, Site Reliability, RDBMS, Rust, BigQuery, Shell Development, Site Reliability, Akamai, Linode

CEO | CIO, CISO, CRO, CCO Consultant

2013 - PRESENT
Analytic Risk Intelligence Management
  • Founded an IT ops, security, and risk management consulting company through which I built consulting teams for HP, GDIT, and KPMG to perform DevSecOps, audits, and risk assessments. Implemented business process automation.
  • Expanded the service portfolio offering to include 25 services in global risk and compliance, information assurance, and IT operations and executed eight contract engagements through teaming agreements with KPMG, HP, IBM, and GDIT.
  • Transformed John Deere's SDLC process to a Scrum-at-Scale lifecycle, reducing the release cycle from 6 months to 4 weeks. Led its international security RA process adding security standards and best practices that reduced security code faults by 76%.
  • Achieved FISMA certification for GDIT-Health organization cloud deployment and HITRUST certification of WorkTerra at CareerBuilder. Awarded a $2 billion contract transforming the IT DevSecOp at Wolter Kluwer.
  • Reduced $80 million in IT ERM exposure by implementing data loss protection, IdAM, IoT management, and Blockchain for supply chain management and increased risk awareness with ERM processes documenting $50 million in risk at Smithfield Foods.
  • Produced RA reports that identified $100 million in privacy and data exposure risk for funding justification for the California Department of Technology (CDT).
  • Reduced the 3rd-party risk management process cost by $1 million and operational risk of $20 million for non-compliance to PCI-DSS at the Navy Federal Credit Union.
  • Implemented risk scoring and reporting capability to reduce $20 million in operational risk and improve response time by 60% at Verisk Analytics and DLP tools at Alison Transmission, which also completed SOC-2 certification.
  • Owned customer voice in deploying managed security services offerings at GDIT and HP. At HHS, I reduced risk by $20 million and IT operational costs by $10 million by implementing SaaS GRC integration.
  • Rolled out VISA's big data platform reducing fraud detection time by 300%, and Capital One's big data analytic platform, improving the operational efficiency of creditworthiness by 400%.
Technologies: DevSecOps, Manufacturing, Research, IT Security, IT Management, Policy Development, System Security, Financial Services, Fintech Development, Fintech Development, Security, Policies & Procedures Compliance, Cybersecurity, Blockchain, Banking Consulting, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCI, Data Protection, CISSP, Leadership, CISM, Certified Information Systems Auditor (CISA), Information Security Management Systems (ISMS), Audits, Business Process Automation, PCI DSS, SOC 2( Service Organization Control), SOX, GDPR, California Consumer Privacy Act (CCPA), System Integration, Big Data Architecture, IT Systems Architecture, Business Process Modeling, Application Security, Data-driven Testing, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), IDS/IPS, SIEM, Vulnerability Management, Penetration Testing, CI/CD Pipelines, Infrastructure as Code (IaC), Release Engineering, AWS, Azure Design, Azure, DevOps, IT Program Management, IT Project Management, Privacy, Data Privacy, Legal Technology (Legaltech), Scrum Master Consulting, Data Product Management, CISO, SaaS Security, Threat Modeling, GCP Security, Rapid7, Executive Support, IT Operations Management (ITOM), IT Product Management, Digital Innovation, Strategic Initiatives, Security Operations Centers (SOC), Cross-functional Team Leadership, Acquisitions, Procurement, Technical Program Management, Portfolio Management, Execution, Strategic Partnerships, Global Project Management, IT, Information Security analysis, Cloudera, Identity & Access Management (IAM), Cloud Access Security Broker (CASB), Privileged Access Management (PAM), GRC, Artificial Intelligence, Compliance, Neural Network, Machine Learning, Signal Encryption, Operational Data Store (ODS), Transactions, Fraud Prevention, Analytics Development, Optical Networks, Risk Models, Contract Negotiation, Risk Management, Global Risk, Vanta, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Virtual Coaching, AWS Lambda, AWS, Terraform, Security Audits, ISO 27001, OpenVPN, Bitdefender, Cloudflare, Risk Assessment, SailPoint, Duo, OKTA, SAP, SAP Analytics Cloud (SAC), SAP Architecture, SAP on Azure, Saviynt, Control4 Smart Home Systems, Azure, CyberArk, Data Science, Chief Security Officer (CSO), Docker, Kubernetes, Confluence, Jira, Data Risk Assessment (DRA), Cloud Security, Architecture Assessment, Checkmarx, Dynamic Analysis, Cloud Engineering, Data Migration, BlackLine, Enterprise Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Mail Servers, VPN, Automation, Azure Cloud Security, Azure DevOps, Cloud Infrastructure, GitHub Actions, YAML, McAfee, SecOps, Antivirus Software, Bitbucket, Disaster Recovery Plans (DRP), Learning Management Systems (LMS), Monitoring, Security Analysis, Software Architecture, Source Code Review, Design Reviews, McAfee Endpoint Security, QualysGuard, Bash, Crytographer, GraphQL, Enterprise Security, Google Kubernetes Engine (GKE), OWASP, OWASP Top 10, System Security, FedRAMP, Java, AWS Amplify, AWS Cloud Development Kit (CDK), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, IT Projects, Agile Development, Technical Design, ISO Compliance, Communication Coaching, Organization, Technical Writing, PMP Project Management, Education Technology (Edtech), Design Consulting, Compliance, SOC 2( Service Organization Control), IT Project Management, ISO 27001, Office 365, Managed Security Service Providers (MSSP), System Security, Managed Services, Infrastructure, Advisory, Security Advisory, ISO 31000, COBIT, NIST, Executive Management, Certified Information Systems Security Professional, Program Management, Strategic Planning & Execution, Telecommunications, AI-augmented Software Engineering (AIASE), AIOps, Edge AI, Insurance App Design, Insurance Broking, Cloud Migration, Cloud Platforms, Complex Program Management, Stakeholder Management, Multitenancy, Google Cloud Development, Public Sector, Regulations, Puppet, Splunk Enterprise Security, Splunk, GitHub, Amazon EKS, Security Information and Event Management (SIEM), Virtual Coaching, Azure Design, Azure, IT Program Management, AWS, JavaScript, React.js, Node.js, Artificial Neural Networks (ANN), Artificial Intelligence of Things (AIoT), SAP Artificial Intelligence, Explainable Artificial Intelligence (XAI), Game Development, Artificial General Intelligence (AGI), Artificial Intelligence, Artificial Intelligence, Generative Artificial Intelligence (GenAI), Artificial Intelligence as a Service (AIaaS), Cyberattacks, Feasibility Studies, Feature Backlog Prioritization, GIS, Technical Product Management, User Stories, Project Timelines, Proof of Concept (POC), Real Estate, Regulatory Affairs, Data Classification, Data Mapping, Privacy Impact Assessments (PIAs), Data Subject Rights Management, Data Transfers, Regulatory Liaison and Reporting, Auditing, Record of Processing Activities (ROPA), Incident Response, Data Breach Response, Vendor Management, Data Processing Agreements (DPA), Education Technology (Edtech), Microsoft Certified IT Professional, AI Ethics, Cisco, Virtualization, Network Architecture, Network Engineering, Network Design, Network Monitoring, SharePoint Design, Microsoft 365, Microsoft Power Apps, Microsoft Power Automate, Microsoft Planner, Applied Cryptography, Chrome Extension Development, Cryptocurrency APIs, Vue.js, LLM, RAG, Edtech Design, Canvas, Canvas LMS, Learning Tools Interoperability (LTI), Moodle, eLearning Design, Data Science, Embedding Models, Deep & Cross Network (DCN), Recommendation Systems, System Security, AWS Well-Architected Framework, HITRUST Certification, WP Engine, Elasticsearch, LAMP, WordPress Development, Linux, Risk Analysis, Root Cause Analysis, GPT-4, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, Unreal Engine, System Security, PHP, Product Management, APIs, Database, Data Collection, CA SiteMinder, ERP Development, Finance, Business Intelligence Development, Encryption, HSM, Microsoft Copilot, Alteryx, Machine Learning, Microsoft Copilot Pro, User Workflows, MuleSoft, Crypto, Cryptocurrency, System Security, Google Storage Development, Security Architecture Assessment, Google Compute Engine (GCE), VPC, Logging, PyTorch, Distributed Systems Development, Pandas, Scikit-Learn, Spark, OCR, PostgreSQL, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Google Cloud Development, Digital Forensics, Ethical Hacking, Cyber Forensics, Cybersecurity Operations, Active Directory (AD), Microsoft Development, Microsoft Identity Manager, Dashboard, SQL, App Infrastructure, Site Reliability, RDBMS, Rust, BigQuery, Shell Development, Site Reliability, Akamai, Linode

Senior DevSecOps Engineer (Managed Delivery)

2024 - 2024
Ultimate Knowledge Corporation
  • Worked with the technical team that led the discovery of customer requirements and product development. Understood, scoped, and implemented the security and product architecture.
  • Demonstrated technical leadership in scoping, designing, implementing, and supporting the DevSecOps CI/CD pipeline for product development.
  • Demonstrated executive leadership by establishing rapport with customers, understanding their needs, and building and implementing a strategic roadmap.
Technologies: DevOps, DevSecOps, AWS, SecOps, Kubernetes, Infrastructure as Code (IaC), Security, Release Engineering, Software Architecture, Security Analysis, Antivirus Software, Monitoring, Data Protection, CI/CD Pipelines, Data Loss Prevention (DLP), Disaster Recovery Plans (DRP), Bitbucket, Learning Management Systems (LMS), AIOps, Game Development, GPT-4, GPT Index, GPT Neo, OpenAI GPT-3 API, Google Publisher Tag (GPT), Generative Pre-trained Transformers (GPT), GPT-3, LLM, RAG, Edtech Design, Canvas, Canvas LMS, Learning Tools Interoperability (LTI), Moodle, eLearning Design, Data Science, Embedding Models, Deep & Cross Network (DCN), Recommendation Systems, AWS Well-Architected Framework, HITRUST Certification, WP Engine, Elasticsearch, LAMP, WordPress Development, Linux, Risk Analysis, Root Cause Analysis, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, Unreal Engine, System Security, PHP, Product Management, APIs, Database, Data Collection, CA SiteMinder, ERP Development, Finance, Business Intelligence Development, Encryption, HSM, Microsoft Copilot, Alteryx, Machine Learning, Microsoft Copilot Pro, User Workflows, MuleSoft, Application Security, Crypto, Cryptocurrency, Google Storage Development, Security Architecture Assessment, Google Compute Engine (GCE), VPC, Logging, PyTorch, Distributed Systems Development, Pandas, Scikit-Learn, Spark, OCR, PostgreSQL, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Google Cloud Development, Digital Forensics, Ethical Hacking, Cyber Forensics, Cybersecurity Operations, Active Directory (AD), Microsoft Development, Microsoft Identity Manager, Dashboard, SQL, App Infrastructure, Site Reliability, RDBMS, Rust, BigQuery, Shell Development, Site Reliability, Akamai, Linode

CISO

2021 - 2023
Infinera
  • Established an enterprise security risk management program within one year across the global multi-national technology and manufacturing organization.
  • Rolled out ISO 27001 and ISO 27701 certifications for R&D and manufacturing organizations within 1.5 years (5 years ahead of schedule).
  • Launched a 3rd-party risk management program as part of the product procurement and vendor management program.
  • Reviewed the monthly risk management activities with the executive team. The annual review assessed pure operational risks (property, data breach, theft, liability, compliance, regulatory, and injury) to establish an acceptable level of risk.
  • Analyzed the risk mitigation plans to optimize the combination of risk reduction through avoidance, acceptance, and transference techniques. The analysis calculated the amount of risk transference using insurance (coverage amount).
Technologies: IT Security, IT Management, Policy Development, System Security, Security, Policies & Procedures Compliance, Cybersecurity, Blockchain, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCI, CISSP, Leadership, CISM, Certified Information Systems Auditor (CISA), Information Security Management Systems (ISMS), Audits, ISO 27001, PCI DSS, SOC 2( Service Organization Control), SOX, GDPR, California Consumer Privacy Act (CCPA), System Integration, Big Data Architecture, Business Process Modeling, Application Security, Data-driven Testing, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), DevSecOps, IDS/IPS, SIEM, Vulnerability Management, Penetration Testing, CI/CD Pipelines, Infrastructure as Code (IaC), Release Engineering, AWS, Azure Design, Azure, DevOps, IT Program Management, IT Project Management, Privacy, Data Privacy, Legal Technology (Legaltech), Scrum Master Consulting, Data Product Management, CISO, SaaS Security, Threat Modeling, GCP Security, Rapid7, Executive Support, IT Operations Management (ITOM), IT Product Management, Digital Innovation, Strategic Initiatives, Security Operations Centers (SOC), Cross-functional Team Leadership, Acquisitions, Procurement, Technical Program Management, Portfolio Management, Execution, Strategic Partnerships, Global Project Management, IT, Information Security analysis, Cloudera, Identity & Access Management (IAM), Data Protection, Cloud Access Security Broker (CASB), Privileged Access Management (PAM), IT Systems Architecture, GRC, Artificial Intelligence, Compliance, Neural Network, Machine Learning, Signal Encryption, Operational Data Store (ODS), Transactions, Fraud Prevention, Analytics Development, Optical Networks, Risk Models, Enterprise Risk Management (ERM), Cloud Engineering, Agile Development, Software Development Lifecycle (SDLC), Manufacturing, Research, AWS IoT, Contract Negotiation, Risk Management, Global Risk, Vanta, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Virtual Coaching, AWS Lambda, AWS, Terraform, Security Audits, OpenVPN, Bitdefender, Cloudflare, Risk Assessment, AWS Cloud Security, SailPoint, Duo, OKTA, SAP, SAP Analytics Cloud (SAC), SAP Architecture, SAP on Azure, Saviynt, Control4 Smart Home Systems, Azure, CyberArk, Data Science, Chief Security Officer (CSO), Docker, Kubernetes, Confluence, Jira, Data Risk Assessment (DRA), Cloud Security, Architecture Assessment, Checkmarx, Dynamic Analysis, Cloud Engineering, Data Migration, BlackLine, Enterprise Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Mail Servers, VPN, Automation, Azure Cloud Security, Azure DevOps, Cloud Infrastructure, GitHub Actions, SecOps, Antivirus Software, Bitbucket, Disaster Recovery Plans (DRP), Learning Management Systems (LMS), Monitoring, Security Analysis, Software Architecture, Source Code Review, Design Reviews, QualysGuard, Crytographer, GraphQL, Enterprise Security, Google Kubernetes Engine (GKE), OWASP, OWASP Top 10, System Security, FedRAMP, Java, AWS Amplify, AWS Cloud Development Kit (CDK), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, IT Projects, Agile Development, Technical Design, ISO Compliance, Communication Coaching, Organization, PMP Project Management, Education Technology (Edtech), Design Consulting, Compliance, SOC 2( Service Organization Control), IT Project Management, ISO 27001, Office 365, Managed Security Service Providers (MSSP), System Security, Managed Services, Infrastructure, Advisory, Security Advisory, ISO 31000, COBIT, NIST, Executive Management, Certified Information Systems Security Professional, Program Management, Strategic Planning & Execution, Fintech Development, Fintech Development, Banking Consulting, Azure AI Studio, AI-augmented Software Engineering (AIASE), AIOps, Edge AI, Insurance App Design, Insurance Broking, Cloud Migration, Cloud Platforms, Complex Program Management, Stakeholder Management, Multitenancy, PRINCE2, Google Cloud Development, Public Sector, Regulations, Splunk Enterprise Security, Splunk, Shell Script, GitHub, Amazon EKS, MongoDB, Security Information and Event Management (SIEM), Virtual Coaching, Azure Design, Azure, IT Program Management, AWS, JavaScript, React.js, Node.js, Artificial Neural Networks (ANN), Artificial Intelligence of Things (AIoT), SAP Artificial Intelligence, Explainable Artificial Intelligence (XAI), Artificial General Intelligence (AGI), Artificial Intelligence, Artificial Intelligence, Generative Artificial Intelligence (GenAI), Artificial Intelligence as a Service (AIaaS), Cyberattacks, Feasibility Studies, Feature Backlog Prioritization, GIS, Technical Product Management, User Stories, Project Timelines, Proof of Concept (POC), Real Estate, Regulatory Affairs, Data Classification, Data Mapping, Privacy Impact Assessments (PIAs), Data Subject Rights Management, Data Transfers, Regulatory Liaison and Reporting, Auditing, Record of Processing Activities (ROPA), Incident Response, Data Breach Response, Vendor Management, Data Processing Agreements (DPA), Education Technology (Edtech), Microsoft Certified IT Professional, AI Ethics, Cisco, Virtualization, Network Architecture, Network Engineering, Network Design, Network Monitoring, SharePoint Design, Microsoft Power Apps, Microsoft Power Automate, Microsoft Planner, Applied Cryptography, Chrome Extension Development, Cryptocurrency APIs, Vue.js, LLM, RAG, Edtech Design, Canvas, Canvas LMS, Learning Tools Interoperability (LTI), Moodle, eLearning Design, Data Science, Embedding Models, Deep & Cross Network (DCN), Recommendation Systems, AWS Well-Architected Framework, HITRUST Certification, WP Engine, Elasticsearch, LAMP, WordPress Development, Linux, Risk Analysis, Root Cause Analysis, GPT-4, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, Unreal Engine, System Security, PHP, Product Management, APIs, Database, Data Collection, CA SiteMinder, ERP Development, Finance, Business Intelligence Development, Encryption, HSM, Microsoft Copilot, Alteryx, Machine Learning, Microsoft Copilot Pro, User Workflows, MuleSoft, Crypto, Cryptocurrency, Google Storage Development, Security Architecture Assessment, Google Compute Engine (GCE), VPC, Logging, PyTorch, Distributed Systems Development, Pandas, Scikit-Learn, Spark, OCR, PostgreSQL, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Google Cloud Development, Digital Forensics, Ethical Hacking, Cyber Forensics, Cybersecurity Operations, Active Directory (AD), Microsoft Development, Microsoft Identity Manager, Dashboard, SignalFX, SQL, App Infrastructure, Site Reliability, RDBMS, BigQuery, Shell Development, Site Reliability, Akamai, Linode

CISO | CRO | Senior Cyber-intel Managing Director

2005 - 2013
BAE Systems
  • Spearheaded 120 people and four programs at the Department of Defense (DoD), Intelligence Community, Department of Homeland Security, and Security and Exchange Commission.
  • Grew BAE Systems' cyber operations business to a $300 million business with 40 contracts.
  • Built partnerships with vendors and the supply chain for a unified partnering ecosystem that provided the best value proposition for commercial and government contract awards.
  • Took responsibility for building and running security programs for five agencies.
  • Owned the voice of the customer for cyber reveal and net reveal development.
  • Took accountability for the voice of the customer for ESRI flight planning and mapping for the intelligence drone program.
  • Transformed security operations center (SOC) processes by integrating threat intelligence from Information Sharing and Analysis Centers (ISAC) into the incident response processes.
  • Developed and implemented programs for information warfare, computer network defense, computer network exfiltration, and computer network attacks.
Technologies: Executive Management, Portfolio Management, Acquisitions, Procurement, Strategic Planning & Execution, Technical Program Management, IT Security, IT Management, Policy Development, System Security, Financial Services, Security, Policies & Procedures Compliance, Cybersecurity, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCI, CISSP, Leadership, CISM, Certified Information Systems Auditor (CISA), Information Security Management Systems (ISMS), Audits, NIST, PCI DSS, SOC 2( Service Organization Control), SOX, GDPR, California Consumer Privacy Act (CCPA), System Integration, Big Data Architecture, IT Systems Architecture, Business Process Modeling, Application Security, Data-driven Testing, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), DevSecOps, IDS/IPS, SIEM, Vulnerability Management, Penetration Testing, CI/CD Pipelines, Release Engineering, AWS, Azure Design, Azure, DevOps, IT Program Management, IT Project Management, Privacy, Data Privacy, Legal Technology (Legaltech), Scrum Master Consulting, Data Product Management, CISO, SaaS Security, Threat Modeling, GCP Security, Rapid7, Executive Support, IT Operations Management (ITOM), IT Product Management, Digital Innovation, Strategic Initiatives, Execution, Strategic Partnerships, Global Project Management, IT, Information Security analysis, Cloudera, Identity & Access Management (IAM), Data Protection, Cloud Access Security Broker (CASB), Privileged Access Management (PAM), GRC, Artificial Intelligence, Compliance, Neural Network, Machine Learning, Signal Encryption, Operational Data Store (ODS), Transactions, Fraud Prevention, Analytics Development, Risk Models, Enterprise Risk Management (ERM), Cloud Engineering, Agile Development, Software Development Lifecycle (SDLC), Manufacturing, Research, AWS IoT, Risk Management, Global Risk, Vanta, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Virtual Coaching, AWS Lambda, AWS, Terraform, Security Audits, ISO 27001, OpenVPN, Bitdefender, Cloudflare, Risk Assessment, AWS Cloud Security, SailPoint, Duo, OKTA, SAP, SAP Analytics Cloud (SAC), SAP Architecture, SAP on Azure, Saviynt, Control4 Smart Home Systems, Azure, CyberArk, Data Science, Chief Security Officer (CSO), Docker, Kubernetes, Confluence, Jira, Data Risk Assessment (DRA), Cloud Security, Architecture Assessment, Checkmarx, Dynamic Analysis, Python, Cloud Engineering, Go, Data Migration, BlackLine, Enterprise Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Mail Servers, VPN, Automation, Azure Cloud Security, Azure DevOps, Cloud Infrastructure, GitHub Actions, SecOps, Antivirus Software, Bitbucket, Disaster Recovery Plans (DRP), Learning Management Systems (LMS), Monitoring, Security Analysis, Software Architecture, Source Code Review, Design Reviews, QualysGuard, Bash, Crytographer, GraphQL, Enterprise Security, Google Kubernetes Engine (GKE), OWASP, OWASP Top 10, FedRAMP, Java, AWS Amplify, AWS Cloud Development Kit (CDK), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, IT Projects, Agile Development, Technical Design, ISO Compliance, Communication Coaching, Organization, Technical Writing, PMP Project Management, Education Technology (Edtech), Design Consulting, Compliance, SOC 2( Service Organization Control), IT Project Management, ISO 27001, Office 365, Managed Security Service Providers (MSSP), System Security, Managed Services, Infrastructure, Advisory, Security Advisory, ISO 31000, COBIT, Certified Information Systems Security Professional, Java, Offshore Ruby on Rails Development, Telecommunications, Optical Networks, Fintech Development, Fintech Development, Blockchain, Banking Consulting, Azure AI Studio, AI-augmented Software Engineering (AIASE), AIOps, Edge AI, Insurance App Design, Insurance Broking, Cloud Migration, Cloud Platforms, Complex Program Management, Stakeholder Management, Multitenancy, PRINCE2, Google Cloud Development, Public Sector, Regulations, Puppet, Splunk Enterprise Security, Splunk, Shell Script, GitHub, Amazon EKS, MongoDB, Security Information and Event Management (SIEM), Virtual Coaching, Azure Design, Azure, IT Program Management, AWS, JavaScript, React.js, Node.js, Artificial Neural Networks (ANN), Artificial Intelligence of Things (AIoT), SAP Artificial Intelligence, Explainable Artificial Intelligence (XAI), Game Development, Artificial General Intelligence (AGI), Artificial Intelligence, Artificial Intelligence, Generative Artificial Intelligence (GenAI), Artificial Intelligence as a Service (AIaaS), Cyberattacks, Feasibility Studies, Feature Backlog Prioritization, GIS, Technical Product Management, User Stories, Project Timelines, Proof of Concept (POC), Real Estate, Regulatory Affairs, Data Classification, Data Mapping, Privacy Impact Assessments (PIAs), Data Subject Rights Management, Data Transfers, Regulatory Liaison and Reporting, Auditing, Record of Processing Activities (ROPA), Data Breach Response, Incident Response, Vendor Management, Data Processing Agreements (DPA), Education Technology (Edtech), Microsoft Certified IT Professional, AI Ethics, Cisco, Virtualization, Network Architecture, Network Engineering, Network Design, Network Monitoring, SharePoint Design, Microsoft 365, Microsoft Power Apps, Microsoft Power Automate, Microsoft Planner, Applied Cryptography, Chrome Extension Development, Cryptocurrency APIs, Vue.js, LLM, Edtech Design, Canvas, Learning Tools Interoperability (LTI), Moodle, eLearning Design, Data Science, Embedding Models, Deep & Cross Network (DCN), Recommendation Systems, AWS Well-Architected Framework, HITRUST Certification, WP Engine, Elasticsearch, LAMP, WordPress Development, Linux, Risk Analysis, Root Cause Analysis, GPT-4, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, Unreal Engine, System Security, PHP, Product Management, APIs, Database, Data Collection, CA SiteMinder, ERP Development, Finance, Business Intelligence Development, Encryption, HSM, Microsoft Copilot, Alteryx, Machine Learning, User Workflows, MuleSoft, Crypto, Cryptocurrency, Google Storage Development, Security Architecture Assessment, Google Compute Engine (GCE), VPC, Logging, PyTorch, Distributed Systems Development, Spark, OCR, PostgreSQL, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Google Cloud Development, Digital Forensics, Ethical Hacking, Cyber Forensics, Cybersecurity Operations, Active Directory (AD), Microsoft Development, Microsoft Identity Manager, Dashboard, SignalFX, SQL, App Infrastructure, Site Reliability, RDBMS, BigQuery, Shell Development, Site Reliability, Akamai, Linode

CIO | CISO | Program Managing Director

2003 - 2005
Raytheon
  • Managed 65 people and reported directly to the CIO at the DoD.
  • Developed and implemented a security strategy for the GiG bandwidth to the Edge (BE) program for the warfighter.
  • Reduced the Defense Information Systems Agency (DISA) GiG-BE program operating costs by 6% by implementing stronger encryption and more efficient hardware.
Technologies: Strategic Planning & Execution, Strategic Partnerships, Portfolio Management, Execution, Technical Program Management, IT Security, IT Management, Policy Development, System Security, Security, Policies & Procedures Compliance, Cybersecurity, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCI, CISSP, Leadership, CISM, Certified Information Systems Auditor (CISA), Information Security Management Systems (ISMS), Audits, NIST, PCI DSS, SOC 2( Service Organization Control), SOX, GDPR, California Consumer Privacy Act (CCPA), System Integration, Big Data Architecture, IT Systems Architecture, Business Process Modeling, Application Security, Data-driven Testing, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), DevSecOps, IDS/IPS, SIEM, Vulnerability Management, Penetration Testing, Release Engineering, AWS, Azure Design, Azure, DevOps, IT Program Management, IT Project Management, Privacy, Data Privacy, Legal Technology (Legaltech), Scrum Master Consulting, Data Product Management, CISO, SaaS Security, Threat Modeling, GCP Security, Rapid7, Executive Support, IT Operations Management (ITOM), IT Product Management, Digital Innovation, Strategic Initiatives, Security Operations Centers (SOC), Cross-functional Team Leadership, Global Project Management, IT, Information Security analysis, Cloudera, Identity & Access Management (IAM), Data Protection, Cloud Access Security Broker (CASB), Privileged Access Management (PAM), GRC, Artificial Intelligence, Compliance, Neural Network, Machine Learning, Signal Encryption, Operational Data Store (ODS), Transactions, Fraud Prevention, Analytics Development, Risk Models, Enterprise Risk Management (ERM), Cloud Engineering, Agile Development, Software Development Lifecycle (SDLC), Manufacturing, Research, AWS IoT, Contract Negotiation, Risk Management, Global Risk, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Virtual Coaching, AWS Lambda, AWS, Terraform, Security Audits, Code Review, ISO 27001, OpenVPN, Bitdefender, Cloudflare, Risk Assessment, AWS Cloud Security, SailPoint, Duo, OKTA, SAP, SAP Analytics Cloud (SAC), SAP Architecture, SAP on Azure, Saviynt, Control4 Smart Home Systems, Azure, CyberArk, Data Science, Chief Security Officer (CSO), Docker, Kubernetes, Confluence, Jira, Data Risk Assessment (DRA), Cloud Security, Architecture Assessment, Checkmarx, Dynamic Analysis, Python, Cloud Engineering, Go, Data Migration, Enterprise Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Mail Servers, VPN, Automation, Azure Cloud Security, Azure DevOps, Cloud Infrastructure, SecOps, Antivirus Software, Bitbucket, Disaster Recovery Plans (DRP), Learning Management Systems (LMS), Monitoring, Security Analysis, Software Architecture, Source Code Review, Design Reviews, QualysGuard, Crytographer, GraphQL, Enterprise Security, Google Kubernetes Engine (GKE), OWASP, OWASP Top 10, Java, AWS Amplify, AWS Cloud Development Kit (CDK), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, IT Projects, Agile Development, Technical Design, ISO Compliance, Communication Coaching, Organization, Technical Writing, PMP Project Management, Education Technology (Edtech), Compliance, SOC 2( Service Organization Control), IT Project Management, ISO 27001, Office 365, Managed Security Service Providers (MSSP), System Security, Managed Services, Infrastructure, Advisory, Security Advisory, ISO 31000, COBIT, Executive Management, Certified Information Systems Security Professional, Program Management, C++, Java, Offshore Ruby on Rails Development, Telecommunications, Optical Networks, Fintech Development, Fintech Development, Banking Consulting, Azure AI Studio, Insurance Broking, Cloud Migration, Cloud Platforms, Complex Program Management, Stakeholder Management, Multitenancy, PRINCE2, Google Cloud Development, Public Sector, Regulations, Puppet, Splunk Enterprise Security, Splunk, Shell Script, GitHub, Amazon EKS, Security Information and Event Management (SIEM), Azure Design, Azure, IT Program Management, AWS, JavaScript, React.js, Node.js, Control4, Artificial Neural Networks (ANN), Game Development, Artificial General Intelligence (AGI), Artificial Intelligence, Artificial Intelligence, Generative Artificial Intelligence (GenAI), Cyberattacks, Feasibility Studies, Feature Backlog Prioritization, GIS, Technical Product Management, User Stories, Project Timelines, Proof of Concept (POC), Real Estate, Regulatory Affairs, Data Mapping, Data Classification, Privacy Impact Assessments (PIAs), Data Subject Rights Management, Data Transfers, Regulatory Liaison and Reporting, Auditing, Record of Processing Activities (ROPA), Data Breach Response, Incident Response, Vendor Management, Data Processing Agreements (DPA), Education Technology (Edtech), Microsoft Certified IT Professional, Cisco, Virtualization, Network Architecture, Network Engineering, Network Design, Network Monitoring, SharePoint Design, Microsoft 365, Microsoft Power Apps, Microsoft Power Automate, Microsoft Planner, Applied Cryptography, Chrome Extension Development, Cryptocurrency APIs, Vue.js, LLM, Edtech Design, Canvas, eLearning Design, Data Science, Embedding Models, Recommendation Systems, AWS Well-Architected Framework, HITRUST Certification, WP Engine, Elasticsearch, LAMP, WordPress Development, Linux, Risk Analysis, Root Cause Analysis, GPT-4, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, Unreal Engine, System Security, PHP, Product Management, APIs, Database, Data Collection, CA SiteMinder, ERP Development, Finance, Business Intelligence Development, Encryption, HSM, Microsoft Copilot, Machine Learning, User Workflows, Cryptocurrency, Google Storage Development, Security Architecture Assessment, Google Compute Engine (GCE), VPC, PyTorch, Spark, OCR, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Google Cloud Development, Digital Forensics, Ethical Hacking, Cyber Forensics, Cybersecurity Operations, Active Directory (AD), Microsoft Development, Microsoft Identity Manager, Dashboard, SignalFX, SQL, App Infrastructure, Site Reliability, RDBMS, BigQuery, Shell Development, Site Reliability, Akamai, Linode

CIO | CISO | Program Engineering Director

2001 - 2003
Lockheed Martin
  • Led 40 people and reported directly to the CIO of the FAA.
  • Developed and implemented a security strategy for securing weather radars and navigation beacons across the US.
  • Provided presentation style, hands-on technical training, and knowledge transfer for enterprise security offerings.
Technologies: Technical Program Management, Strategic Planning & Execution, Strategic Partnerships, IT Security, IT Management, Policy Development, System Security, Security, Policies & Procedures Compliance, Cybersecurity, Business Services, Security Architecture, Vulnerability Assessment, Architecture, PCI, CISSP, Leadership, CISM, Certified Information Systems Auditor (CISA), Information Security Management Systems (ISMS), Audits, NIST, PCI DSS, SOC 2( Service Organization Control), SOX, GDPR, California Consumer Privacy Act (CCPA), System Integration, Big Data Architecture, IT Systems Architecture, Business Process Modeling, Application Security, Data-driven Testing, Dynamic Application Security Testing (DAST), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), DevSecOps, IDS/IPS, Penetration Testing, Release Engineering, Azure Design, Azure, DevOps, IT Program Management, IT Project Management, Privacy, Data Privacy, Legal Technology (Legaltech), Scrum Master Consulting, Data Product Management, CISO, SaaS Security, Threat Modeling, GCP Security, Rapid7, Executive Support, IT Operations Management (ITOM), IT Product Management, Digital Innovation, Strategic Initiatives, Security Operations Centers (SOC), Cross-functional Team Leadership, Portfolio Management, Execution, IT, Information Security analysis, Cloudera, Identity & Access Management (IAM), Data Protection, Privileged Access Management (PAM), GRC, Artificial Intelligence, Compliance, Neural Network, Machine Learning, Signal Encryption, Operational Data Store (ODS), Transactions, Fraud Prevention, Analytics Development, Risk Models, Enterprise Risk Management (ERM), Cloud Engineering, Agile Development, Software Development Lifecycle (SDLC), Manufacturing, Research, AWS IoT, Contract Negotiation, Risk Management, Global Risk, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Virtual Coaching, AWS Lambda, AWS, Terraform, Security Audits, Code Review, ISO 27001, Cloudflare, Risk Assessment, AWS Cloud Security, SailPoint, Duo, OKTA, SAP, SAP Analytics Cloud (SAC), SAP Architecture, SAP on Azure, Saviynt, Control4 Smart Home Systems, Azure, CyberArk, Data Science, Chief Security Officer (CSO), Docker, Kubernetes, Confluence, Jira, Data Risk Assessment (DRA), Cloud Security, Architecture Assessment, Checkmarx, Python, Cloud Engineering, Go, Data Migration, Enterprise Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Mail Servers, VPN, Automation, Azure Cloud Security, Cloud Infrastructure, GitHub Actions, SecOps, Antivirus Software, Bitbucket, Disaster Recovery Plans (DRP), Learning Management Systems (LMS), Monitoring, Security Analysis, Design Reviews, QualysGuard, Crytographer, GraphQL, AWS, Enterprise Security, Google Kubernetes Engine (GKE), Static Application Security Testing (SAST), OWASP, OWASP Top 10, Java, AWS Amplify, AWS Cloud Development Kit (CDK), Business Continuity, Business Continuity & Disaster Recovery (BCDR), IT Projects, Agile Development, Technical Design, ISO Compliance, Communication Coaching, Organization, Technical Writing, PMP Project Management, Education Technology (Edtech), Design Consulting, Compliance, SOC 2( Service Organization Control), IT Project Management, ISO 27001, Office 365, Managed Security Service Providers (MSSP), System Security, Managed Services, Infrastructure, Advisory, Security Advisory, ISO 31000, COBIT, Executive Management, Certified Information Systems Security Professional, C++, Java, Offshore Ruby on Rails Development, Telecommunications, Optical Networks, Fintech Development, Fintech Development, Banking Consulting, HIPAA Compliance, Azure AI Studio, Insurance Broking, Cloud Migration, Cloud Platforms, Complex Program Management, Stakeholder Management, Multitenancy, PRINCE2, Google Cloud Development, Public Sector, Regulations, Puppet, Splunk Enterprise Security, Splunk, Shell Script, GitHub, Amazon EKS, Security Information and Event Management (SIEM), Virtual Coaching, Azure Design, Azure, IT Program Management, AWS, JavaScript, React.js, Node.js, Control4, Artificial Neural Networks (ANN), Game Development, Artificial General Intelligence (AGI), Artificial Intelligence, Artificial Intelligence, Generative Artificial Intelligence (GenAI), Cyberattacks, Feasibility Studies, Feature Backlog Prioritization, GIS, Technical Product Management, User Stories, Project Timelines, Proof of Concept (POC), Real Estate, Regulatory Affairs, Data Mapping, Data Classification, Privacy Impact Assessments (PIAs), Data Subject Rights Management, Data Transfers, Regulatory Liaison and Reporting, Auditing, Record of Processing Activities (ROPA), Data Breach Response, Incident Response, Vendor Management, Data Processing Agreements (DPA), Education Technology (Edtech), Microsoft Certified IT Professional, Cisco, Network Architecture, Network Engineering, Network Design, Network Monitoring, Microsoft 365, Microsoft Power Apps, Microsoft Power Automate, Microsoft Planner, Applied Cryptography, Cryptocurrency APIs, Vue.js, LLM, Edtech Design, Canvas, Data Science, Embedding Models, Recommendation Systems, AWS Well-Architected Framework, HITRUST Certification, WP Engine, Elasticsearch, LAMP, WordPress Development, Linux, Risk Analysis, Root Cause Analysis, GPT-4, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, Unreal Engine, System Security, PHP, Product Management, APIs, Database, Data Collection, CA SiteMinder, ERP Development, Finance, Business Intelligence Development, Encryption, HSM, Microsoft Copilot, Machine Learning, User Workflows, Cryptocurrency, Google Storage Development, Security Architecture Assessment, Google Compute Engine (GCE), VPC, PyTorch, Spark, OCR, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Google Cloud Development, Digital Forensics, Ethical Hacking, Cyber Forensics, Cybersecurity Operations, Active Directory (AD), Microsoft Development, Microsoft Identity Manager, Dashboard, SignalFX, SQL, App Infrastructure, Site Reliability, RDBMS, BigQuery, Shell Development, Site Reliability, Akamai, Linode

S&P Global

S&P Global provides a subscription service that offers financial and industry data, research, news, and analytics to investment professionals, government agencies, corporations, and universities worldwide to an estimated one million subscriptions. I consulted with S&P Global to help with software-as-a-service source selection and identity access management (IdAM), data loss protection (DLP), and cloud access security broker (CASB) technology.

I reviewed the identity access management products and facilitated a team consensus. We selected SailPoint's cloud-based identity-as-a-service (IDaaS) as their service can scale to meet the company's one million international users. It also provided identity governance to meet international compliance requirements and reduced pricing by recapturing the investment in on-premise SailPoint servers. Additionally, SailPoint-as-a-service integrates with the current privilege access management system (CyberArk).

Further, I reviewed the IT investment in data loss protection (DLP) and cloud access security broker (CASB) technology. I also built data loss protection use-case and business requirements that required forwarding proxy, reverse proxy, and API proxy capabilities.

Smithfield Foods

A key step in building a repeatable risk management process is to leverage a GRC tool. Limited CapEx funding and IT staff to support the implementation of new tools mandated the selection of an eGRC software-as-a-service tool that could be funded as part of an OpEx budget. We selected the ProcessGene SaaS solution because the software provided GRC processes for risk management, compliance, IT governance, and audit. Besides, it offered a business process modeling capability to document and capture the Smithfield missing business processes needed for the enterprise architecture, change management, process improvement, ERP rollout, mergers, and acquisitions.

The second key gap was the lack of an information security architecture and the use of standards in the service design phase of the service delivery lifecycle (SDLC). To help mature the SDLC, I facilitated the introduction of DevSecOps tools as outlined in the Verisk Analytics tools stack. Jira was implemented along with a formal requirement tracking module from Deviniti.

As an implementation example, I introduce the mobile device security reference architecture, additionally with BYOD and IoT functional architecture review and mapping to compliance standards.

Verisk Analytics

The following is the developed DevSecOps tool framework in which risk scoring is used to provide governance of the continuous integration/continuous development (CI/CD) environment. The risk scoring and policy governance will allow CI/CD to deploy without needing configuration control board approval.

The governance allows deployment if the risk score is below an agreed-upon level. The risk score is calculated from input from multiple sources, such as DevSecOps tools, requirements, system architecture, development team skill level, and more.

VISA Card Processing

Because of the NDA with VISA, I cannot disclose the components of their back-end processing systems. It was implemented on a big data analytics platform which acted as a highly transactional, operational data store. One of the use cases implemented was Visa's mobile location confirmation and Finsphere, which works through mobile banking apps offered by participating financial institutions and focuses solely on international transactions. Once a cardholder opts in, their location can be determined using their mobile phone network, Wi-Fi, or GPS. Those options are especially important for international travelers who prefer Wi-Fi over GPS, which relies on expensive data roaming services. I was responsible for implementing security controls, such as privacy, identity, authorization, encryption, data isolation, and more.

General Dynamic Health Solutions

The security operations center (SOC) for General Dynamics Health System was based on a cloud-distributed clustered deployment of SPLUNK, with forwarders placed at multi-customer sites. I helped achieve SOC-2 services certification.

Hewlett Packard

“Best value” security architecture for each customer engagement where implemented using the customer's IT investment in software products. The challenge was making sure the various security services would work together. As a security service integrator, working with vendors and achieving product integration was imperative. The following is a list of each of the products used per service area:
• Asset management: ServiceNow, BMC, ManageEngine, MMSoft, Opsgenie, Asset Panda, SysAid
• Vulnerability management: Rapid7, Qualys, Beyond Trust, Tenable, Symantec, Tripwire, Retina
• Endpoint Protection: Symantec, CrowdStride, Sophos, Trend Micro, Carbon Black, Trend Micro
• Patch management – SCCM, Intune, BigFix, Ivanti, SysAid, ITarian, Cld Mgn St, MngEgn, SolarWinds
• Risk management – MetricStream, RSA, IBM, ServiceNow, LogicManager, RiskConnect, RSAM

HP's Hadoop, Anatomy, Vertica, Enterprise ArcSight, and N-applications platform (HAVeN) was deployed for complex strategic big data applications. The reference architectures below were used for HP's anti-money laundering (AML), SOC, and insider threat detection products which were applications built to run on the HAVeN platform.

Deputy CISO - Executive Management Consultant

I directly supported the CISO at the multi-conglomerate Hearst, which comprises 368 companies in eight global industries: entertainment/media, financial rating, transportation, health care, software/product development, real estate, magazines, and newspapers.

I was first tasked with establishing a governance, risk, and compliance (GRC) program, which included onboarding a GRC senior director and senior manager for each area (i.e., governance, risk, and compliance). Collaborating across the 368 businesses, My team and I established a uniform that adheres to the information security governance framework and established policies and procedures. Next, we developed and implemented shared information security services (SaaS security) that address security control for all 368 business units, which included NIST, ISO28001, HiTrust, PCI, and SOX. The CLO, GC, COO, CIO, and CISO were crucial stakeholders. The SaaS security services included threat intel and incident management, risk management, vulnerability and patch management, 3rd-party risk and contract management, external posture assessment, compliance automation, continuous posture assessment, and AI automation.

The outcome was a CMMI level 3.5 rating for all SaaS security.
1998 - 1999

Master's Degree in Electrical Engineering

University of Virginia - Charlottesville, VA, USA

1994 - 1998

Bachelor's Degree in Electrical Engineering

North Carolina State University - Raleigh, NC, USA

1994 - 1998

Bachelor's Degree in Computer Engineering

North Carolina State University - Raleigh, NC, USA

APRIL 2024 - PRESENT

AWS Solutions Architect Associate

AWS

APRIL 2024 - PRESENT

AWS Certified Security Specialist

AWS

APRIL 2015 - PRESENT

Microsoft Certified Solutions Developer

Microsoft

SEPTEMBER 2012 - PRESENT

Cloudera Certified Hadoop Developer (CCHD)

Cloudera

JUNE 2011 - PRESENT

Certified Chief Information Security Officer (CISO)

EC-Council

OCTOBER 2010 - PRESENT

Certified in Risk and Information Systems Control (CRISC)

ISACA

MARCH 2009 - PRESENT

Certified Information Systems Auditor (CISA)

ISACA

MAY 2008 - PRESENT

Program Management Professional (PgMP)

Project Management Institute (PMI)

OCTOBER 2007 - PRESENT

Project Management Professional (PMP)

Project Management Institute (PMI)

MARCH 2006 - PRESENT

Certified Information Security Manager (CISM)

(ISC)²

APRIL 2005 - PRESENT

Certified Information Systems Security Professional (CISSP)

(ISC)²

Libraries/APIs

SOAP APIs, Microsoft Development, Visual Studio Development, Azure, Azure Cognitive Services, Azure Computer Vision API, AWS Amplify, React.js, Node.js, Vue.js, PyTorch, Pandas, Scikit-Learn, Offshore Ruby on Rails Development

Tools

Cloudera, Confluence, Jira, VPN, System Center Configuration Manager (SCCM), Microsoft Intune, Microsoft Exchange Development, SQL Server, Microsoft Transaction Server (MTS), C#, Business Intelligence Development, Power BI, Microsoft AI, SAP Business One SDK, Azure MFA, Azure IoT Hub, Azure Key Vault, Azure Virtual Network Gateway, Visual Studio Development, Visual Studio .NET, Azure Web Application Firewall, Azure, GitHub, Azure Kubernetes Service (AKS), Microsoft Power Apps, Azure, Microsoft Dynamics, Microsoft Dynamics CRM Development, Microsoft Development, Microsoft Teams Development, Microsoft Copilot, McAfee, Bitbucket, McAfee Endpoint Security, Google Kubernetes Engine (GKE), System Security, AWS Cloud Development Kit (CDK), SAP Artificial Intelligence, Puppet, Splunk, Amazon EKS, Canvas, Canvas LMS, Moodle, Google Compute Engine (GCE), Logging, Microsoft Identity Manager, BigQuery, Shell Development, GCP Security, Terraform, OpenVPN, SailPoint, Checkmarx, Aspen HYSYS

Languages

C++, Java, Python, VB.NET, VBScript, SQL, SAML, Regex, .NET, C#, DYNAMO, Bash, Artificial Intelligence, JavaScript, PHP, Rust, Go, YAML, GraphQL

Frameworks

.NET, ASP.NET, .NET, Java, AWS Well-Architected Framework, Unreal Engine, Spark, COBIT, Crossplane, GPT Index

Paradigms

DevSecOps, Agile Development, HIPAA Compliance, Data-driven Testing, Penetration Testing, DevOps, Automation, .NET, Business Intelligence Development, Azure DevOps, Agile Development, Deep & Cross Network (DCN)

Platforms

AWS IoT, Blockchain, AWS, Azure Design, Cloud Engineering, Mobile App Design, Keychain, SharePoint Design, Azure PaaS, Azure, Microsoft Dynamics 365, Microsoft Power Platform, QualysGuard, Microsoft Power Automate, LAMP, WordPress Development, Linux, CA SiteMinder, Alteryx, MuleSoft, Microsoft Development, SignalFX, Linode, Vanta, AWS Lambda, Duo, Docker, Kubernetes, Azure AI Studio, Rapid7, OneLogin, OpenNMS

Storage

Operational Data Store (ODS), Azure, Azure, SQL Server, SQL Server 2017, Microsoft Entra ID, Microsoft Development, SQL Server, SQL, SQL, Azure Cache, MongoDB, WP Engine, Elasticsearch, Google Storage Development, PostgreSQL, Google Cloud Development, RDBMS, AWS

Industry Expertise

Cybersecurity, Enterprise Security, System Security, Security Advisory, Virtual Coaching, eLearning Design, Telecommunications, Banking Consulting

Other

NIST, PCI DSS, SOC 2( Service Organization Control), SOX, GDPR, California Consumer Privacy Act (CCPA), Executive Management, Certified Information Systems Security Professional, Risk Models, Enterprise Risk Management (ERM), Cloud Engineering, Software Development Lifecycle (SDLC), Manufacturing, Research, Contract Negotiation, Program Management, Portfolio Management, Cross-functional Team Leadership, Procurement, Strategic Planning & Execution, Technical Program Management, Strategic Partnerships, Execution, Global Project Management, Information Security analysis, Identity & Access Management (IAM), Data Protection, Cloud Access Security Broker (CASB), Privileged Access Management (PAM), IT Systems Architecture, Business Process Automation, Business Process Modeling, GRC, Artificial Intelligence, Signal Encryption, Analytics Development, Big Data Architecture, Security Operations Centers (SOC), System Integration, IT Security, IT Management, Policy Development, System Security, Financial Services, Fintech Development, Fintech Development, Security, Policies & Procedures Compliance, Risk Management, IT, Security Architecture, Vulnerability Assessment, Architecture, PCI, Global Risk, Compliance, Fraud Prevention, ISO 27001, Acquisitions, CISSP, Leadership, CISM, Certified Information Systems Auditor (CISA), Information Security Management Systems (ISMS), Audits, Digital Innovation, Strategic Initiatives, IT Operations Management (ITOM), Executive Support, IT Product Management, Application Security, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Data Loss Prevention (DLP), Vulnerability Management, CI/CD Pipelines, Infrastructure as Code (IaC), Release Engineering, IT Project Management, IT Program Management, Privacy, Scrum Master Consulting, CISO, SaaS Security, Threat Modeling, Virtual Coaching, Security Audits, Risk Assessment, AWS Cloud Security, CyberArk, AWS Certified Solution Architect, Data Science, Chief Security Officer (CSO), Data Risk Assessment (DRA), System Security, Internet Protocols, Cloud Security, Architecture Assessment, Dynamic Analysis, Data Migration, BlackLine, Enterprise Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Mail Servers, Azure Cloud Security, MCSE, MCSD, MCSA, LDAP, Secure Storage, Power Shell Commands, Patches & Updates, DeviceNET, System Security, MDM, Sentinel 2, Microsoft Defender Antivirus, XD to HTML, Remote Desktop, Remote Desktop Protocol (RDP), Identity, Federated Sign-in, SOAP, IIS 10, SAML-auth, SSO Engineering, C# Operators, Teams, Business Intelligence Development, CAN Bus, Business to Business (B2B), Microsoft 365, Business Intelligence Development, Azure VDI, Azure AI Custom Vision, Azure Virtual Desktop, Azure, Azure, Microsoft Development, Azure Compute Services, Microsoft Azure Cloud Server, Microsoft Dynamics Great Plains (GP) ERP, Microsoft Dynamics 365 Customer Engagement, Windows 11, Cloud Infrastructure, GitHub Actions, SecOps, Antivirus Software, Disaster Recovery Plans (DRP), Learning Management Systems (LMS), Monitoring, Security Analysis, Software Architecture, Source Code Review, Design Reviews, Crytographer, OWASP, OWASP Top 10, FedRAMP, Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, Technical Design, IT Projects, ISO Compliance, Communication Coaching, Organization, PMP Project Management, Education Technology (Edtech), Design Consulting, Compliance, SOC 2( Service Organization Control), IT Project Management, ISO 27001, Office 365, Managed Security Service Providers (MSSP), Managed Services, Infrastructure, Advisory, AI-augmented Software Engineering (AIASE), AIOps, Edge AI, Artificial Neural Networks (ANN), Artificial Intelligence of Things (AIoT), Artificial General Intelligence (AGI), Artificial Intelligence, Artificial Intelligence as a Service (AIaaS), Generative Artificial Intelligence (GenAI), Explainable Artificial Intelligence (XAI), Game Development, Cloud Migration, Cloud Platforms, Complex Program Management, Stakeholder Management, Multitenancy, Public Sector, Regulations, Splunk Enterprise Security, Shell Script, Security Information and Event Management (SIEM), Cyberattacks, Azure Design, Azure, IT Program Management, AWS, AI Ethics, Feasibility Studies, Feature Backlog Prioritization, GIS, Technical Product Management, User Stories, Project Timelines, Proof of Concept (POC), Real Estate, Regulatory Affairs, Data Classification, Privacy Impact Assessments (PIAs), Data Subject Rights Management, Data Transfers, Regulatory Liaison and Reporting, Record of Processing Activities (ROPA), Data Breach Response, Vendor Management, Data Processing Agreements (DPA), Education Technology (Edtech), Microsoft Certified IT Professional, Auditing, Cisco, Virtualization, Network Architecture, Network Engineering, Network Design, Network Monitoring, Microsoft Planner, Applied Cryptography, Chrome Extension Development, Cryptocurrency APIs, Data Mapping, GPT-4, LLM, RAG, Edtech Design, Learning Tools Interoperability (LTI), Data Science, Embedding Models, Recommendation Systems, HITRUST Certification, Risk Analysis, Root Cause Analysis, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, System Security, Product Management, APIs, Database, Data Collection, ERP Development, Finance, Cybersecurity Operations, Encryption, HSM, Machine Learning, Microsoft Copilot Pro, User Workflows, Crypto, Cryptocurrency, Incident Response, Security Architecture Assessment, VPC, Distributed Systems Development, OCR, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Digital Forensics, Ethical Hacking, Ethical Hacking, Cyber Forensics, Active Directory (AD), Dashboard, App Infrastructure, Site Reliability, Site Reliability, Akamai, Neural Network, Machine Learning, Optical Networks, IPsec, Transactions, Business Services, ISO 31000, Endpoint Detection and Response (EDR), IDS/IPS, SIEM, Data Privacy, Legal Technology (Legaltech), Data Product Management, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Code Review, Bitdefender, Cloudflare, OKTA, SAP, SAP Analytics Cloud (SAC), SAP Architecture, SAP on Azure, Saviynt, Control4 Smart Home Systems, Technical Writing, Insurance App Design, Insurance Broking, PRINCE2, Google Cloud Development, Solo.io, Control4, Argo CD, DevOps Research and Assessment (DORA), GPT Neo, OpenAI GPT-3 API, Google Publisher Tag (GPT), Generative Pre-trained Transformers (GPT), GPT-3, MCITP, NYDFS, AI Security, System Security, Information Warfare (IW), DOIT Software, System Security, Cisco Certified Design Expert (CCDE)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring