Deputy CISO | Senior GRC Director
2023 - PRESENT
Hearst - Information Security Office
- Supported the CISO at a multi-national conglomerate with 368 companies in eight global industries: entertainment and media, financial rating, transportation, health care, software and product development, real estate, magazines, and newspapers.
- Established a governance, risk, and compliance (GRC) program, which included onboarding a GRC senior director and senior manager for each area (i.e., governance, risk, and compliance).
- Led my team in establishing and implementing collaboration across the 368 businesses. The team established a uniform adherence to the information security governance framework and established policies and procedures.
- Implemented new information security policies and procedures that mandated adherence to corporate security policies. These new policies significantly strengthened the organization and affected all 368 business units supporting the CISO.
- Established the IT enterprise risk management process, which included onboarding a risk management service provider and using risk management tools.
- Transformed the third-party risk management process by implementing CyberGRX. The use of the exchange reduced compliance report costs for all 386 businesses by 90% based on the share compliance model of the exchange.
- Identified risks in the security posture of the publicly facing websites and led the transformation of the DevOps process into a DevSecOps process, which addresses security controls as part of the application lifecycle process.
- Facilitated the integration and standardization of cloud-based architecture across cloud providers (AWS, Azure, and Google).
- Assessed the organization's risk posture and developed and implemented a risk management strategy using risk transference techniques that leverage insurance, capital reserves, and outsourcing risk activities.
- Performed an annual risk assessment to validate the risk posture of the organization and that the residue risk of the mitigation strategy was below the executive manager's acceptable level of risk.
Technologies: Security Architecture, Risk Management, IT Management, Vulnerability Assessment, Architecture, PCI, NIST, HIPAA Compliance, Cloud Security, Architecture Assessment, Checkmarx, Dynamic Analysis, Cloud Engineering, Data Migration, BlackLine, Enterprise Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Mail Servers, VPN, Automation, Azure Cloud Security, Azure DevOps, Azure, Cloud Infrastructure, GitHub Actions, YAML, SecOps, Antivirus Software, Bitbucket, Disaster Recovery Plans (DRP), Learning Management Systems (LMS), Monitoring, Security Analysis, Software Architecture, Source Code Review, Design Reviews, QualysGuard, Crytographer, GraphQL, AWS, Google Kubernetes Engine (GKE), Static Application Security Testing (SAST), OWASP, OWASP Top 10, System Security, FedRAMP, Java, AWS Amplify, AWS Cloud Development Kit (CDK), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, Cybersecurity, IT Projects, Agile Development, ISO Compliance, IT Project Management, Communication Coaching, Organization, Technical Writing, ISO 27001, Compliance, PMP Project Management, Education Technology (Edtech), Design Consulting, Compliance, SOC 2( Service Organization Control), IT Project Management, ISO 27001, Security, Office 365, Managed Security Service Providers (MSSP), System Security, Managed Services, Infrastructure, Advisory, Security Advisory, ISO 31000, COBIT, PCI DSS, SOC 2( Service Organization Control), Executive Management, Certified Information Systems Security Professional, Enterprise Risk Management (ERM), Program Management, Portfolio Management, Strategic Planning & Execution, Technical Program Management, Strategic Partnerships, Execution, GRC, Global Risk, Artificial Intelligence, Neural Network, Telecommunications, Optical Networks, Big Data Architecture, IT Security, System Security, Fintech Development, Fintech Development, Policies & Procedures Compliance, Blockchain, Banking Consulting, Business Services, CISSP, AI-augmented Software Engineering (AIASE), AIOps, Edge AI, Insurance App Design, Insurance Broking, Cloud Migration, Cloud Platforms, Complex Program Management, Stakeholder Management, Multitenancy, Google Cloud Development, Public Sector, Regulations, Azure Design, Splunk Enterprise Security, Splunk, GitHub, Solo.io, Crossplane, Argo CD, Security Information and Event Management (SIEM), Virtual Coaching, Azure Design, Azure, IT Program Management, AWS, Artificial Neural Networks (ANN), Artificial Intelligence of Things (AIoT), SAP Artificial Intelligence, Explainable Artificial Intelligence (XAI), Game Development, Artificial General Intelligence (AGI), Artificial Intelligence, Artificial Intelligence, Generative Artificial Intelligence (GenAI), Artificial Intelligence as a Service (AIaaS), Cyberattacks, CISO, Feasibility Studies, Feature Backlog Prioritization, Technical Product Management, User Stories, Project Timelines, Proof of Concept (POC), Real Estate, Regulatory Affairs, Data Classification, Data Mapping, Privacy Impact Assessments (PIAs), Data Protection, Data Subject Rights Management, Data Transfers, Regulatory Liaison and Reporting, Auditing, Record of Processing Activities (ROPA), Incident Response, Data Breach Response, Vendor Management, Data Processing Agreements (DPA), Education Technology (Edtech), Microsoft Certified IT Professional, AI Ethics, Cisco, Virtualization, Network Architecture, Network Engineering, Network Design, Network Monitoring, SharePoint Design, Microsoft 365, Microsoft Power Apps, Microsoft Power Automate, Microsoft Planner, Applied Cryptography, Chrome Extension Development, Cryptocurrency APIs, Vue.js, LLM, RAG, Edtech Design, Canvas, Canvas LMS, Learning Tools Interoperability (LTI), Moodle, eLearning Design, Data Science, Embedding Models, Deep & Cross Network (DCN), Recommendation Systems, AWS Well-Architected Framework, HITRUST Certification, WP Engine, Elasticsearch, LAMP, WordPress Development, Linux, Risk Analysis, Root Cause Analysis, GPT-4, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, Unreal Engine, System Security, PHP, Product Management, APIs, Database, Data Collection, CA SiteMinder, ERP Development, Finance, Business Intelligence Development, Encryption, HSM, Microsoft Copilot, Alteryx, Machine Learning, Microsoft Copilot Pro, User Workflows, MuleSoft, Application Security, Crypto, Cryptocurrency, DOIT Software, Google Storage Development, Security Architecture Assessment, Google Compute Engine (GCE), VPC, Logging, PyTorch, Distributed Systems Development, Pandas, Scikit-Learn, Spark, OCR, PostgreSQL, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Google Cloud Development, Digital Forensics, Ethical Hacking, Cyber Forensics, Cybersecurity Operations, Active Directory (AD), Microsoft Development, Microsoft Identity Manager, Dashboard, SQL, App Infrastructure, Site Reliability, RDBMS, Rust, BigQuery, Shell Development, Site Reliability, Akamai, Linode
CEO | CIO, CISO, CRO, CCO Consultant
2013 - PRESENT
Analytic Risk Intelligence Management
- Founded an IT ops, security, and risk management consulting company through which I built consulting teams for HP, GDIT, and KPMG to perform DevSecOps, audits, and risk assessments. Implemented business process automation.
- Expanded the service portfolio offering to include 25 services in global risk and compliance, information assurance, and IT operations and executed eight contract engagements through teaming agreements with KPMG, HP, IBM, and GDIT.
- Transformed John Deere's SDLC process to a Scrum-at-Scale lifecycle, reducing the release cycle from 6 months to 4 weeks. Led its international security RA process adding security standards and best practices that reduced security code faults by 76%.
- Achieved FISMA certification for GDIT-Health organization cloud deployment and HITRUST certification of WorkTerra at CareerBuilder. Awarded a $2 billion contract transforming the IT DevSecOp at Wolter Kluwer.
- Reduced $80 million in IT ERM exposure by implementing data loss protection, IdAM, IoT management, and Blockchain for supply chain management and increased risk awareness with ERM processes documenting $50 million in risk at Smithfield Foods.
- Produced RA reports that identified $100 million in privacy and data exposure risk for funding justification for the California Department of Technology (CDT).
- Reduced the 3rd-party risk management process cost by $1 million and operational risk of $20 million for non-compliance to PCI-DSS at the Navy Federal Credit Union.
- Implemented risk scoring and reporting capability to reduce $20 million in operational risk and improve response time by 60% at Verisk Analytics and DLP tools at Alison Transmission, which also completed SOC-2 certification.
- Owned customer voice in deploying managed security services offerings at GDIT and HP. At HHS, I reduced risk by $20 million and IT operational costs by $10 million by implementing SaaS GRC integration.
- Rolled out VISA's big data platform reducing fraud detection time by 300%, and Capital One's big data analytic platform, improving the operational efficiency of creditworthiness by 400%.
Technologies: DevSecOps, Manufacturing, Research, IT Security, IT Management, Policy Development, System Security, Financial Services, Fintech Development, Fintech Development, Security, Policies & Procedures Compliance, Cybersecurity, Blockchain, Banking Consulting, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCI, Data Protection, CISSP, Leadership, CISM, Certified Information Systems Auditor (CISA), Information Security Management Systems (ISMS), Audits, Business Process Automation, PCI DSS, SOC 2( Service Organization Control), SOX, GDPR, California Consumer Privacy Act (CCPA), System Integration, Big Data Architecture, IT Systems Architecture, Business Process Modeling, Application Security, Data-driven Testing, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), IDS/IPS, SIEM, Vulnerability Management, Penetration Testing, CI/CD Pipelines, Infrastructure as Code (IaC), Release Engineering, AWS, Azure Design, Azure, DevOps, IT Program Management, IT Project Management, Privacy, Data Privacy, Legal Technology (Legaltech), Scrum Master Consulting, Data Product Management, CISO, SaaS Security, Threat Modeling, GCP Security, Rapid7, Executive Support, IT Operations Management (ITOM), IT Product Management, Digital Innovation, Strategic Initiatives, Security Operations Centers (SOC), Cross-functional Team Leadership, Acquisitions, Procurement, Technical Program Management, Portfolio Management, Execution, Strategic Partnerships, Global Project Management, IT, Information Security analysis, Cloudera, Identity & Access Management (IAM), Cloud Access Security Broker (CASB), Privileged Access Management (PAM), GRC, Artificial Intelligence, Compliance, Neural Network, Machine Learning, Signal Encryption, Operational Data Store (ODS), Transactions, Fraud Prevention, Analytics Development, Optical Networks, Risk Models, Contract Negotiation, Risk Management, Global Risk, Vanta, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Virtual Coaching, AWS Lambda, AWS, Terraform, Security Audits, ISO 27001, OpenVPN, Bitdefender, Cloudflare, Risk Assessment, SailPoint, Duo, OKTA, SAP, SAP Analytics Cloud (SAC), SAP Architecture, SAP on Azure, Saviynt, Control4 Smart Home Systems, Azure, CyberArk, Data Science, Chief Security Officer (CSO), Docker, Kubernetes, Confluence, Jira, Data Risk Assessment (DRA), Cloud Security, Architecture Assessment, Checkmarx, Dynamic Analysis, Cloud Engineering, Data Migration, BlackLine, Enterprise Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Mail Servers, VPN, Automation, Azure Cloud Security, Azure DevOps, Cloud Infrastructure, GitHub Actions, YAML, McAfee, SecOps, Antivirus Software, Bitbucket, Disaster Recovery Plans (DRP), Learning Management Systems (LMS), Monitoring, Security Analysis, Software Architecture, Source Code Review, Design Reviews, McAfee Endpoint Security, QualysGuard, Bash, Crytographer, GraphQL, Enterprise Security, Google Kubernetes Engine (GKE), OWASP, OWASP Top 10, System Security, FedRAMP, Java, AWS Amplify, AWS Cloud Development Kit (CDK), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, IT Projects, Agile Development, Technical Design, ISO Compliance, Communication Coaching, Organization, Technical Writing, PMP Project Management, Education Technology (Edtech), Design Consulting, Compliance, SOC 2( Service Organization Control), IT Project Management, ISO 27001, Office 365, Managed Security Service Providers (MSSP), System Security, Managed Services, Infrastructure, Advisory, Security Advisory, ISO 31000, COBIT, NIST, Executive Management, Certified Information Systems Security Professional, Program Management, Strategic Planning & Execution, Telecommunications, AI-augmented Software Engineering (AIASE), AIOps, Edge AI, Insurance App Design, Insurance Broking, Cloud Migration, Cloud Platforms, Complex Program Management, Stakeholder Management, Multitenancy, Google Cloud Development, Public Sector, Regulations, Puppet, Splunk Enterprise Security, Splunk, GitHub, Amazon EKS, Security Information and Event Management (SIEM), Virtual Coaching, Azure Design, Azure, IT Program Management, AWS, JavaScript, React.js, Node.js, Artificial Neural Networks (ANN), Artificial Intelligence of Things (AIoT), SAP Artificial Intelligence, Explainable Artificial Intelligence (XAI), Game Development, Artificial General Intelligence (AGI), Artificial Intelligence, Artificial Intelligence, Generative Artificial Intelligence (GenAI), Artificial Intelligence as a Service (AIaaS), Cyberattacks, Feasibility Studies, Feature Backlog Prioritization, GIS, Technical Product Management, User Stories, Project Timelines, Proof of Concept (POC), Real Estate, Regulatory Affairs, Data Classification, Data Mapping, Privacy Impact Assessments (PIAs), Data Subject Rights Management, Data Transfers, Regulatory Liaison and Reporting, Auditing, Record of Processing Activities (ROPA), Incident Response, Data Breach Response, Vendor Management, Data Processing Agreements (DPA), Education Technology (Edtech), Microsoft Certified IT Professional, AI Ethics, Cisco, Virtualization, Network Architecture, Network Engineering, Network Design, Network Monitoring, SharePoint Design, Microsoft 365, Microsoft Power Apps, Microsoft Power Automate, Microsoft Planner, Applied Cryptography, Chrome Extension Development, Cryptocurrency APIs, Vue.js, LLM, RAG, Edtech Design, Canvas, Canvas LMS, Learning Tools Interoperability (LTI), Moodle, eLearning Design, Data Science, Embedding Models, Deep & Cross Network (DCN), Recommendation Systems, System Security, AWS Well-Architected Framework, HITRUST Certification, WP Engine, Elasticsearch, LAMP, WordPress Development, Linux, Risk Analysis, Root Cause Analysis, GPT-4, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, Unreal Engine, System Security, PHP, Product Management, APIs, Database, Data Collection, CA SiteMinder, ERP Development, Finance, Business Intelligence Development, Encryption, HSM, Microsoft Copilot, Alteryx, Machine Learning, Microsoft Copilot Pro, User Workflows, MuleSoft, Crypto, Cryptocurrency, System Security, Google Storage Development, Security Architecture Assessment, Google Compute Engine (GCE), VPC, Logging, PyTorch, Distributed Systems Development, Pandas, Scikit-Learn, Spark, OCR, PostgreSQL, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Google Cloud Development, Digital Forensics, Ethical Hacking, Cyber Forensics, Cybersecurity Operations, Active Directory (AD), Microsoft Development, Microsoft Identity Manager, Dashboard, SQL, App Infrastructure, Site Reliability, RDBMS, Rust, BigQuery, Shell Development, Site Reliability, Akamai, Linode
Senior DevSecOps Engineer (Managed Delivery)
2024 - 2024
Ultimate Knowledge Corporation
- Worked with the technical team that led the discovery of customer requirements and product development. Understood, scoped, and implemented the security and product architecture.
- Demonstrated technical leadership in scoping, designing, implementing, and supporting the DevSecOps CI/CD pipeline for product development.
- Demonstrated executive leadership by establishing rapport with customers, understanding their needs, and building and implementing a strategic roadmap.
Technologies: DevOps, DevSecOps, AWS, SecOps, Kubernetes, Infrastructure as Code (IaC), Security, Release Engineering, Software Architecture, Security Analysis, Antivirus Software, Monitoring, Data Protection, CI/CD Pipelines, Data Loss Prevention (DLP), Disaster Recovery Plans (DRP), Bitbucket, Learning Management Systems (LMS), AIOps, Game Development, GPT-4, GPT Index, GPT Neo, OpenAI GPT-3 API, Google Publisher Tag (GPT), Generative Pre-trained Transformers (GPT), GPT-3, LLM, RAG, Edtech Design, Canvas, Canvas LMS, Learning Tools Interoperability (LTI), Moodle, eLearning Design, Data Science, Embedding Models, Deep & Cross Network (DCN), Recommendation Systems, AWS Well-Architected Framework, HITRUST Certification, WP Engine, Elasticsearch, LAMP, WordPress Development, Linux, Risk Analysis, Root Cause Analysis, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, Unreal Engine, System Security, PHP, Product Management, APIs, Database, Data Collection, CA SiteMinder, ERP Development, Finance, Business Intelligence Development, Encryption, HSM, Microsoft Copilot, Alteryx, Machine Learning, Microsoft Copilot Pro, User Workflows, MuleSoft, Application Security, Crypto, Cryptocurrency, Google Storage Development, Security Architecture Assessment, Google Compute Engine (GCE), VPC, Logging, PyTorch, Distributed Systems Development, Pandas, Scikit-Learn, Spark, OCR, PostgreSQL, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Google Cloud Development, Digital Forensics, Ethical Hacking, Cyber Forensics, Cybersecurity Operations, Active Directory (AD), Microsoft Development, Microsoft Identity Manager, Dashboard, SQL, App Infrastructure, Site Reliability, RDBMS, Rust, BigQuery, Shell Development, Site Reliability, Akamai, Linode
Infinera
- Established an enterprise security risk management program within one year across the global multi-national technology and manufacturing organization.
- Rolled out ISO 27001 and ISO 27701 certifications for R&D and manufacturing organizations within 1.5 years (5 years ahead of schedule).
- Launched a 3rd-party risk management program as part of the product procurement and vendor management program.
- Reviewed the monthly risk management activities with the executive team. The annual review assessed pure operational risks (property, data breach, theft, liability, compliance, regulatory, and injury) to establish an acceptable level of risk.
- Analyzed the risk mitigation plans to optimize the combination of risk reduction through avoidance, acceptance, and transference techniques. The analysis calculated the amount of risk transference using insurance (coverage amount).
Technologies: IT Security, IT Management, Policy Development, System Security, Security, Policies & Procedures Compliance, Cybersecurity, Blockchain, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCI, CISSP, Leadership, CISM, Certified Information Systems Auditor (CISA), Information Security Management Systems (ISMS), Audits, ISO 27001, PCI DSS, SOC 2( Service Organization Control), SOX, GDPR, California Consumer Privacy Act (CCPA), System Integration, Big Data Architecture, Business Process Modeling, Application Security, Data-driven Testing, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), DevSecOps, IDS/IPS, SIEM, Vulnerability Management, Penetration Testing, CI/CD Pipelines, Infrastructure as Code (IaC), Release Engineering, AWS, Azure Design, Azure, DevOps, IT Program Management, IT Project Management, Privacy, Data Privacy, Legal Technology (Legaltech), Scrum Master Consulting, Data Product Management, CISO, SaaS Security, Threat Modeling, GCP Security, Rapid7, Executive Support, IT Operations Management (ITOM), IT Product Management, Digital Innovation, Strategic Initiatives, Security Operations Centers (SOC), Cross-functional Team Leadership, Acquisitions, Procurement, Technical Program Management, Portfolio Management, Execution, Strategic Partnerships, Global Project Management, IT, Information Security analysis, Cloudera, Identity & Access Management (IAM), Data Protection, Cloud Access Security Broker (CASB), Privileged Access Management (PAM), IT Systems Architecture, GRC, Artificial Intelligence, Compliance, Neural Network, Machine Learning, Signal Encryption, Operational Data Store (ODS), Transactions, Fraud Prevention, Analytics Development, Optical Networks, Risk Models, Enterprise Risk Management (ERM), Cloud Engineering, Agile Development, Software Development Lifecycle (SDLC), Manufacturing, Research, AWS IoT, Contract Negotiation, Risk Management, Global Risk, Vanta, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Virtual Coaching, AWS Lambda, AWS, Terraform, Security Audits, OpenVPN, Bitdefender, Cloudflare, Risk Assessment, AWS Cloud Security, SailPoint, Duo, OKTA, SAP, SAP Analytics Cloud (SAC), SAP Architecture, SAP on Azure, Saviynt, Control4 Smart Home Systems, Azure, CyberArk, Data Science, Chief Security Officer (CSO), Docker, Kubernetes, Confluence, Jira, Data Risk Assessment (DRA), Cloud Security, Architecture Assessment, Checkmarx, Dynamic Analysis, Cloud Engineering, Data Migration, BlackLine, Enterprise Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Mail Servers, VPN, Automation, Azure Cloud Security, Azure DevOps, Cloud Infrastructure, GitHub Actions, SecOps, Antivirus Software, Bitbucket, Disaster Recovery Plans (DRP), Learning Management Systems (LMS), Monitoring, Security Analysis, Software Architecture, Source Code Review, Design Reviews, QualysGuard, Crytographer, GraphQL, Enterprise Security, Google Kubernetes Engine (GKE), OWASP, OWASP Top 10, System Security, FedRAMP, Java, AWS Amplify, AWS Cloud Development Kit (CDK), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, IT Projects, Agile Development, Technical Design, ISO Compliance, Communication Coaching, Organization, PMP Project Management, Education Technology (Edtech), Design Consulting, Compliance, SOC 2( Service Organization Control), IT Project Management, ISO 27001, Office 365, Managed Security Service Providers (MSSP), System Security, Managed Services, Infrastructure, Advisory, Security Advisory, ISO 31000, COBIT, NIST, Executive Management, Certified Information Systems Security Professional, Program Management, Strategic Planning & Execution, Fintech Development, Fintech Development, Banking Consulting, Azure AI Studio, AI-augmented Software Engineering (AIASE), AIOps, Edge AI, Insurance App Design, Insurance Broking, Cloud Migration, Cloud Platforms, Complex Program Management, Stakeholder Management, Multitenancy, PRINCE2, Google Cloud Development, Public Sector, Regulations, Splunk Enterprise Security, Splunk, Shell Script, GitHub, Amazon EKS, MongoDB, Security Information and Event Management (SIEM), Virtual Coaching, Azure Design, Azure, IT Program Management, AWS, JavaScript, React.js, Node.js, Artificial Neural Networks (ANN), Artificial Intelligence of Things (AIoT), SAP Artificial Intelligence, Explainable Artificial Intelligence (XAI), Artificial General Intelligence (AGI), Artificial Intelligence, Artificial Intelligence, Generative Artificial Intelligence (GenAI), Artificial Intelligence as a Service (AIaaS), Cyberattacks, Feasibility Studies, Feature Backlog Prioritization, GIS, Technical Product Management, User Stories, Project Timelines, Proof of Concept (POC), Real Estate, Regulatory Affairs, Data Classification, Data Mapping, Privacy Impact Assessments (PIAs), Data Subject Rights Management, Data Transfers, Regulatory Liaison and Reporting, Auditing, Record of Processing Activities (ROPA), Incident Response, Data Breach Response, Vendor Management, Data Processing Agreements (DPA), Education Technology (Edtech), Microsoft Certified IT Professional, AI Ethics, Cisco, Virtualization, Network Architecture, Network Engineering, Network Design, Network Monitoring, SharePoint Design, Microsoft Power Apps, Microsoft Power Automate, Microsoft Planner, Applied Cryptography, Chrome Extension Development, Cryptocurrency APIs, Vue.js, LLM, RAG, Edtech Design, Canvas, Canvas LMS, Learning Tools Interoperability (LTI), Moodle, eLearning Design, Data Science, Embedding Models, Deep & Cross Network (DCN), Recommendation Systems, AWS Well-Architected Framework, HITRUST Certification, WP Engine, Elasticsearch, LAMP, WordPress Development, Linux, Risk Analysis, Root Cause Analysis, GPT-4, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, Unreal Engine, System Security, PHP, Product Management, APIs, Database, Data Collection, CA SiteMinder, ERP Development, Finance, Business Intelligence Development, Encryption, HSM, Microsoft Copilot, Alteryx, Machine Learning, Microsoft Copilot Pro, User Workflows, MuleSoft, Crypto, Cryptocurrency, Google Storage Development, Security Architecture Assessment, Google Compute Engine (GCE), VPC, Logging, PyTorch, Distributed Systems Development, Pandas, Scikit-Learn, Spark, OCR, PostgreSQL, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Google Cloud Development, Digital Forensics, Ethical Hacking, Cyber Forensics, Cybersecurity Operations, Active Directory (AD), Microsoft Development, Microsoft Identity Manager, Dashboard, SignalFX, SQL, App Infrastructure, Site Reliability, RDBMS, BigQuery, Shell Development, Site Reliability, Akamai, Linode
CISO | CRO | Senior Cyber-intel Managing Director
2005 - 2013
BAE Systems
- Spearheaded 120 people and four programs at the Department of Defense (DoD), Intelligence Community, Department of Homeland Security, and Security and Exchange Commission.
- Grew BAE Systems' cyber operations business to a $300 million business with 40 contracts.
- Built partnerships with vendors and the supply chain for a unified partnering ecosystem that provided the best value proposition for commercial and government contract awards.
- Took responsibility for building and running security programs for five agencies.
- Owned the voice of the customer for cyber reveal and net reveal development.
- Took accountability for the voice of the customer for ESRI flight planning and mapping for the intelligence drone program.
- Transformed security operations center (SOC) processes by integrating threat intelligence from Information Sharing and Analysis Centers (ISAC) into the incident response processes.
- Developed and implemented programs for information warfare, computer network defense, computer network exfiltration, and computer network attacks.
Technologies: Executive Management, Portfolio Management, Acquisitions, Procurement, Strategic Planning & Execution, Technical Program Management, IT Security, IT Management, Policy Development, System Security, Financial Services, Security, Policies & Procedures Compliance, Cybersecurity, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCI, CISSP, Leadership, CISM, Certified Information Systems Auditor (CISA), Information Security Management Systems (ISMS), Audits, NIST, PCI DSS, SOC 2( Service Organization Control), SOX, GDPR, California Consumer Privacy Act (CCPA), System Integration, Big Data Architecture, IT Systems Architecture, Business Process Modeling, Application Security, Data-driven Testing, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), DevSecOps, IDS/IPS, SIEM, Vulnerability Management, Penetration Testing, CI/CD Pipelines, Release Engineering, AWS, Azure Design, Azure, DevOps, IT Program Management, IT Project Management, Privacy, Data Privacy, Legal Technology (Legaltech), Scrum Master Consulting, Data Product Management, CISO, SaaS Security, Threat Modeling, GCP Security, Rapid7, Executive Support, IT Operations Management (ITOM), IT Product Management, Digital Innovation, Strategic Initiatives, Execution, Strategic Partnerships, Global Project Management, IT, Information Security analysis, Cloudera, Identity & Access Management (IAM), Data Protection, Cloud Access Security Broker (CASB), Privileged Access Management (PAM), GRC, Artificial Intelligence, Compliance, Neural Network, Machine Learning, Signal Encryption, Operational Data Store (ODS), Transactions, Fraud Prevention, Analytics Development, Risk Models, Enterprise Risk Management (ERM), Cloud Engineering, Agile Development, Software Development Lifecycle (SDLC), Manufacturing, Research, AWS IoT, Risk Management, Global Risk, Vanta, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Virtual Coaching, AWS Lambda, AWS, Terraform, Security Audits, ISO 27001, OpenVPN, Bitdefender, Cloudflare, Risk Assessment, AWS Cloud Security, SailPoint, Duo, OKTA, SAP, SAP Analytics Cloud (SAC), SAP Architecture, SAP on Azure, Saviynt, Control4 Smart Home Systems, Azure, CyberArk, Data Science, Chief Security Officer (CSO), Docker, Kubernetes, Confluence, Jira, Data Risk Assessment (DRA), Cloud Security, Architecture Assessment, Checkmarx, Dynamic Analysis, Python, Cloud Engineering, Go, Data Migration, BlackLine, Enterprise Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Mail Servers, VPN, Automation, Azure Cloud Security, Azure DevOps, Cloud Infrastructure, GitHub Actions, SecOps, Antivirus Software, Bitbucket, Disaster Recovery Plans (DRP), Learning Management Systems (LMS), Monitoring, Security Analysis, Software Architecture, Source Code Review, Design Reviews, QualysGuard, Bash, Crytographer, GraphQL, Enterprise Security, Google Kubernetes Engine (GKE), OWASP, OWASP Top 10, FedRAMP, Java, AWS Amplify, AWS Cloud Development Kit (CDK), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, IT Projects, Agile Development, Technical Design, ISO Compliance, Communication Coaching, Organization, Technical Writing, PMP Project Management, Education Technology (Edtech), Design Consulting, Compliance, SOC 2( Service Organization Control), IT Project Management, ISO 27001, Office 365, Managed Security Service Providers (MSSP), System Security, Managed Services, Infrastructure, Advisory, Security Advisory, ISO 31000, COBIT, Certified Information Systems Security Professional, Java, Offshore Ruby on Rails Development, Telecommunications, Optical Networks, Fintech Development, Fintech Development, Blockchain, Banking Consulting, Azure AI Studio, AI-augmented Software Engineering (AIASE), AIOps, Edge AI, Insurance App Design, Insurance Broking, Cloud Migration, Cloud Platforms, Complex Program Management, Stakeholder Management, Multitenancy, PRINCE2, Google Cloud Development, Public Sector, Regulations, Puppet, Splunk Enterprise Security, Splunk, Shell Script, GitHub, Amazon EKS, MongoDB, Security Information and Event Management (SIEM), Virtual Coaching, Azure Design, Azure, IT Program Management, AWS, JavaScript, React.js, Node.js, Artificial Neural Networks (ANN), Artificial Intelligence of Things (AIoT), SAP Artificial Intelligence, Explainable Artificial Intelligence (XAI), Game Development, Artificial General Intelligence (AGI), Artificial Intelligence, Artificial Intelligence, Generative Artificial Intelligence (GenAI), Artificial Intelligence as a Service (AIaaS), Cyberattacks, Feasibility Studies, Feature Backlog Prioritization, GIS, Technical Product Management, User Stories, Project Timelines, Proof of Concept (POC), Real Estate, Regulatory Affairs, Data Classification, Data Mapping, Privacy Impact Assessments (PIAs), Data Subject Rights Management, Data Transfers, Regulatory Liaison and Reporting, Auditing, Record of Processing Activities (ROPA), Data Breach Response, Incident Response, Vendor Management, Data Processing Agreements (DPA), Education Technology (Edtech), Microsoft Certified IT Professional, AI Ethics, Cisco, Virtualization, Network Architecture, Network Engineering, Network Design, Network Monitoring, SharePoint Design, Microsoft 365, Microsoft Power Apps, Microsoft Power Automate, Microsoft Planner, Applied Cryptography, Chrome Extension Development, Cryptocurrency APIs, Vue.js, LLM, Edtech Design, Canvas, Learning Tools Interoperability (LTI), Moodle, eLearning Design, Data Science, Embedding Models, Deep & Cross Network (DCN), Recommendation Systems, AWS Well-Architected Framework, HITRUST Certification, WP Engine, Elasticsearch, LAMP, WordPress Development, Linux, Risk Analysis, Root Cause Analysis, GPT-4, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, Unreal Engine, System Security, PHP, Product Management, APIs, Database, Data Collection, CA SiteMinder, ERP Development, Finance, Business Intelligence Development, Encryption, HSM, Microsoft Copilot, Alteryx, Machine Learning, User Workflows, MuleSoft, Crypto, Cryptocurrency, Google Storage Development, Security Architecture Assessment, Google Compute Engine (GCE), VPC, Logging, PyTorch, Distributed Systems Development, Spark, OCR, PostgreSQL, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Google Cloud Development, Digital Forensics, Ethical Hacking, Cyber Forensics, Cybersecurity Operations, Active Directory (AD), Microsoft Development, Microsoft Identity Manager, Dashboard, SignalFX, SQL, App Infrastructure, Site Reliability, RDBMS, BigQuery, Shell Development, Site Reliability, Akamai, Linode
CIO | CISO | Program Managing Director
2003 - 2005
Raytheon
- Managed 65 people and reported directly to the CIO at the DoD.
- Developed and implemented a security strategy for the GiG bandwidth to the Edge (BE) program for the warfighter.
- Reduced the Defense Information Systems Agency (DISA) GiG-BE program operating costs by 6% by implementing stronger encryption and more efficient hardware.
Technologies: Strategic Planning & Execution, Strategic Partnerships, Portfolio Management, Execution, Technical Program Management, IT Security, IT Management, Policy Development, System Security, Security, Policies & Procedures Compliance, Cybersecurity, Business Services, Security Architecture, Vulnerability Assessment, Architecture, HIPAA Compliance, PCI, CISSP, Leadership, CISM, Certified Information Systems Auditor (CISA), Information Security Management Systems (ISMS), Audits, NIST, PCI DSS, SOC 2( Service Organization Control), SOX, GDPR, California Consumer Privacy Act (CCPA), System Integration, Big Data Architecture, IT Systems Architecture, Business Process Modeling, Application Security, Data-driven Testing, Dynamic Application Security Testing (DAST), Static Application Security Testing (SAST), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), DevSecOps, IDS/IPS, SIEM, Vulnerability Management, Penetration Testing, Release Engineering, AWS, Azure Design, Azure, DevOps, IT Program Management, IT Project Management, Privacy, Data Privacy, Legal Technology (Legaltech), Scrum Master Consulting, Data Product Management, CISO, SaaS Security, Threat Modeling, GCP Security, Rapid7, Executive Support, IT Operations Management (ITOM), IT Product Management, Digital Innovation, Strategic Initiatives, Security Operations Centers (SOC), Cross-functional Team Leadership, Global Project Management, IT, Information Security analysis, Cloudera, Identity & Access Management (IAM), Data Protection, Cloud Access Security Broker (CASB), Privileged Access Management (PAM), GRC, Artificial Intelligence, Compliance, Neural Network, Machine Learning, Signal Encryption, Operational Data Store (ODS), Transactions, Fraud Prevention, Analytics Development, Risk Models, Enterprise Risk Management (ERM), Cloud Engineering, Agile Development, Software Development Lifecycle (SDLC), Manufacturing, Research, AWS IoT, Contract Negotiation, Risk Management, Global Risk, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Virtual Coaching, AWS Lambda, AWS, Terraform, Security Audits, Code Review, ISO 27001, OpenVPN, Bitdefender, Cloudflare, Risk Assessment, AWS Cloud Security, SailPoint, Duo, OKTA, SAP, SAP Analytics Cloud (SAC), SAP Architecture, SAP on Azure, Saviynt, Control4 Smart Home Systems, Azure, CyberArk, Data Science, Chief Security Officer (CSO), Docker, Kubernetes, Confluence, Jira, Data Risk Assessment (DRA), Cloud Security, Architecture Assessment, Checkmarx, Dynamic Analysis, Python, Cloud Engineering, Go, Data Migration, Enterprise Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Mail Servers, VPN, Automation, Azure Cloud Security, Azure DevOps, Cloud Infrastructure, SecOps, Antivirus Software, Bitbucket, Disaster Recovery Plans (DRP), Learning Management Systems (LMS), Monitoring, Security Analysis, Software Architecture, Source Code Review, Design Reviews, QualysGuard, Crytographer, GraphQL, Enterprise Security, Google Kubernetes Engine (GKE), OWASP, OWASP Top 10, Java, AWS Amplify, AWS Cloud Development Kit (CDK), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Disaster Recovery Consulting, IT Projects, Agile Development, Technical Design, ISO Compliance, Communication Coaching, Organization, Technical Writing, PMP Project Management, Education Technology (Edtech), Compliance, SOC 2( Service Organization Control), IT Project Management, ISO 27001, Office 365, Managed Security Service Providers (MSSP), System Security, Managed Services, Infrastructure, Advisory, Security Advisory, ISO 31000, COBIT, Executive Management, Certified Information Systems Security Professional, Program Management, C++, Java, Offshore Ruby on Rails Development, Telecommunications, Optical Networks, Fintech Development, Fintech Development, Banking Consulting, Azure AI Studio, Insurance Broking, Cloud Migration, Cloud Platforms, Complex Program Management, Stakeholder Management, Multitenancy, PRINCE2, Google Cloud Development, Public Sector, Regulations, Puppet, Splunk Enterprise Security, Splunk, Shell Script, GitHub, Amazon EKS, Security Information and Event Management (SIEM), Azure Design, Azure, IT Program Management, AWS, JavaScript, React.js, Node.js, Control4, Artificial Neural Networks (ANN), Game Development, Artificial General Intelligence (AGI), Artificial Intelligence, Artificial Intelligence, Generative Artificial Intelligence (GenAI), Cyberattacks, Feasibility Studies, Feature Backlog Prioritization, GIS, Technical Product Management, User Stories, Project Timelines, Proof of Concept (POC), Real Estate, Regulatory Affairs, Data Mapping, Data Classification, Privacy Impact Assessments (PIAs), Data Subject Rights Management, Data Transfers, Regulatory Liaison and Reporting, Auditing, Record of Processing Activities (ROPA), Data Breach Response, Incident Response, Vendor Management, Data Processing Agreements (DPA), Education Technology (Edtech), Microsoft Certified IT Professional, Cisco, Virtualization, Network Architecture, Network Engineering, Network Design, Network Monitoring, SharePoint Design, Microsoft 365, Microsoft Power Apps, Microsoft Power Automate, Microsoft Planner, Applied Cryptography, Chrome Extension Development, Cryptocurrency APIs, Vue.js, LLM, Edtech Design, Canvas, eLearning Design, Data Science, Embedding Models, Recommendation Systems, AWS Well-Architected Framework, HITRUST Certification, WP Engine, Elasticsearch, LAMP, WordPress Development, Linux, Risk Analysis, Root Cause Analysis, GPT-4, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, Unreal Engine, System Security, PHP, Product Management, APIs, Database, Data Collection, CA SiteMinder, ERP Development, Finance, Business Intelligence Development, Encryption, HSM, Microsoft Copilot, Machine Learning, User Workflows, Cryptocurrency, Google Storage Development, Security Architecture Assessment, Google Compute Engine (GCE), VPC, PyTorch, Spark, OCR, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Google Cloud Development, Digital Forensics, Ethical Hacking, Cyber Forensics, Cybersecurity Operations, Active Directory (AD), Microsoft Development, Microsoft Identity Manager, Dashboard, SignalFX, SQL, App Infrastructure, Site Reliability, RDBMS, BigQuery, Shell Development, Site Reliability, Akamai, Linode
CIO | CISO | Program Engineering Director
2001 - 2003
Lockheed Martin
- Led 40 people and reported directly to the CIO of the FAA.
- Developed and implemented a security strategy for securing weather radars and navigation beacons across the US.
- Provided presentation style, hands-on technical training, and knowledge transfer for enterprise security offerings.
Technologies: Technical Program Management, Strategic Planning & Execution, Strategic Partnerships, IT Security, IT Management, Policy Development, System Security, Security, Policies & Procedures Compliance, Cybersecurity, Business Services, Security Architecture, Vulnerability Assessment, Architecture, PCI, CISSP, Leadership, CISM, Certified Information Systems Auditor (CISA), Information Security Management Systems (ISMS), Audits, NIST, PCI DSS, SOC 2( Service Organization Control), SOX, GDPR, California Consumer Privacy Act (CCPA), System Integration, Big Data Architecture, IT Systems Architecture, Business Process Modeling, Application Security, Data-driven Testing, Dynamic Application Security Testing (DAST), Data Loss Prevention (DLP), Endpoint Detection and Response (EDR), DevSecOps, IDS/IPS, Penetration Testing, Release Engineering, Azure Design, Azure, DevOps, IT Program Management, IT Project Management, Privacy, Data Privacy, Legal Technology (Legaltech), Scrum Master Consulting, Data Product Management, CISO, SaaS Security, Threat Modeling, GCP Security, Rapid7, Executive Support, IT Operations Management (ITOM), IT Product Management, Digital Innovation, Strategic Initiatives, Security Operations Centers (SOC), Cross-functional Team Leadership, Portfolio Management, Execution, IT, Information Security analysis, Cloudera, Identity & Access Management (IAM), Data Protection, Privileged Access Management (PAM), GRC, Artificial Intelligence, Compliance, Neural Network, Machine Learning, Signal Encryption, Operational Data Store (ODS), Transactions, Fraud Prevention, Analytics Development, Risk Models, Enterprise Risk Management (ERM), Cloud Engineering, Agile Development, Software Development Lifecycle (SDLC), Manufacturing, Research, AWS IoT, Contract Negotiation, Risk Management, Global Risk, Intrusion Detection Systems (IDS), Intrusion Prevention Systems (IPS), Virtual Coaching, AWS Lambda, AWS, Terraform, Security Audits, Code Review, ISO 27001, Cloudflare, Risk Assessment, AWS Cloud Security, SailPoint, Duo, OKTA, SAP, SAP Analytics Cloud (SAC), SAP Architecture, SAP on Azure, Saviynt, Control4 Smart Home Systems, Azure, CyberArk, Data Science, Chief Security Officer (CSO), Docker, Kubernetes, Confluence, Jira, Data Risk Assessment (DRA), Cloud Security, Architecture Assessment, Checkmarx, Python, Cloud Engineering, Go, Data Migration, Enterprise Cybersecurity, Cybersecurity Maturity Model Certification (CMMC), Mail Servers, VPN, Automation, Azure Cloud Security, Cloud Infrastructure, GitHub Actions, SecOps, Antivirus Software, Bitbucket, Disaster Recovery Plans (DRP), Learning Management Systems (LMS), Monitoring, Security Analysis, Design Reviews, QualysGuard, Crytographer, GraphQL, AWS, Enterprise Security, Google Kubernetes Engine (GKE), Static Application Security Testing (SAST), OWASP, OWASP Top 10, Java, AWS Amplify, AWS Cloud Development Kit (CDK), Business Continuity, Business Continuity & Disaster Recovery (BCDR), IT Projects, Agile Development, Technical Design, ISO Compliance, Communication Coaching, Organization, Technical Writing, PMP Project Management, Education Technology (Edtech), Design Consulting, Compliance, SOC 2( Service Organization Control), IT Project Management, ISO 27001, Office 365, Managed Security Service Providers (MSSP), System Security, Managed Services, Infrastructure, Advisory, Security Advisory, ISO 31000, COBIT, Executive Management, Certified Information Systems Security Professional, C++, Java, Offshore Ruby on Rails Development, Telecommunications, Optical Networks, Fintech Development, Fintech Development, Banking Consulting, HIPAA Compliance, Azure AI Studio, Insurance Broking, Cloud Migration, Cloud Platforms, Complex Program Management, Stakeholder Management, Multitenancy, PRINCE2, Google Cloud Development, Public Sector, Regulations, Puppet, Splunk Enterprise Security, Splunk, Shell Script, GitHub, Amazon EKS, Security Information and Event Management (SIEM), Virtual Coaching, Azure Design, Azure, IT Program Management, AWS, JavaScript, React.js, Node.js, Control4, Artificial Neural Networks (ANN), Game Development, Artificial General Intelligence (AGI), Artificial Intelligence, Artificial Intelligence, Generative Artificial Intelligence (GenAI), Cyberattacks, Feasibility Studies, Feature Backlog Prioritization, GIS, Technical Product Management, User Stories, Project Timelines, Proof of Concept (POC), Real Estate, Regulatory Affairs, Data Mapping, Data Classification, Privacy Impact Assessments (PIAs), Data Subject Rights Management, Data Transfers, Regulatory Liaison and Reporting, Auditing, Record of Processing Activities (ROPA), Data Breach Response, Incident Response, Vendor Management, Data Processing Agreements (DPA), Education Technology (Edtech), Microsoft Certified IT Professional, Cisco, Network Architecture, Network Engineering, Network Design, Network Monitoring, Microsoft 365, Microsoft Power Apps, Microsoft Power Automate, Microsoft Planner, Applied Cryptography, Cryptocurrency APIs, Vue.js, LLM, Edtech Design, Canvas, Data Science, Embedding Models, Recommendation Systems, AWS Well-Architected Framework, HITRUST Certification, WP Engine, Elasticsearch, LAMP, WordPress Development, Linux, Risk Analysis, Root Cause Analysis, GPT-4, API Integration, LangChain, Text to Image, NLP, Stable Diffusion, Unreal Engine, System Security, PHP, Product Management, APIs, Database, Data Collection, CA SiteMinder, ERP Development, Finance, Business Intelligence Development, Encryption, HSM, Microsoft Copilot, Machine Learning, User Workflows, Cryptocurrency, Google Storage Development, Security Architecture Assessment, Google Compute Engine (GCE), VPC, PyTorch, Spark, OCR, Agile Development, Roadmaps, Technical Documentation, Pitch Presentations, Project Consultancy, Security, SecOps, System Security, CMC, Google Cloud Development, Digital Forensics, Ethical Hacking, Cyber Forensics, Cybersecurity Operations, Active Directory (AD), Microsoft Development, Microsoft Identity Manager, Dashboard, SignalFX, SQL, App Infrastructure, Site Reliability, RDBMS, BigQuery, Shell Development, Site Reliability, Akamai, Linode