SUMMARY:

• Seasoned and pragmatic information security executive with over 17 years of professional exposure enabling organizations understand their risk profile and appetite through information security consultation and advisory. Adept at marrying security strategy with business drivers to produce solutions. Excellent consultative and client management skills across multiple markets, technologies and sectors.
• Cloud Adoption Strategist. Cloud Security Architect. Proficient at developing bespoke cloud architectures, strategies and solutions for both commercial and public sectors in compliance with pre-established frameworks while establishing acceptable levels of cloud risk.
• Team Developer. Trust Advisor. Leader with a deep understanding of customers, their respective markets and technology roadmaps. Demonstrable effectiveness in developing security strategies and solutions that solve business challenges and extend revenue generating opportunities.

Core competences:

• Leadership, Management Consulting: Visionary leader. Excellent negotiator with influential conflict resolution capabilities. Critical Thinker. Team Developer. Proficient at disambiguating situations and environments to produce impacting results.
• Cloud: Cloud strategy & evangelism, development of adoption & migration architecture and strategies for both public and commercial sectors. Infrastructure as a Service (IaaS), Platform as a Service (PaaS), Cloud Controls Matrix (CCM), Windows Azure, Azure Express Route, Office365, Private/Public/Hybrid/Government Community Cloud deployment models, Modernized Applications & large scale cloud enabled Datacenter build-out, Cloud services orchestration, Hyper-V virtualization, Cloud OS Network (COSN), CAPEX vs. OPEX considerations in deployment models
• Security & Compliance, Government Framework & Regulation: NIST 800-53 and other Special Publications, FedRAMP, DISA, Cloud Security Alliance (CSA), UK Data Privacy Act, GLBA
• Framework Alignment: PCI DSS, ISO 27001, FFIEC, GLBA, HIPAA, SOX
• Threat Vulnerability Profiling and Management: Threats & Controls Catalog, Third-Party Risk Assessments, Data Loss Prevention/Protection, Application Vulnerability Assessments, Security Policies, Program & Awareness Development
• RFP, Security Service Level Agreement (SSLA), Master Security Service Agreement (MSSA): Assessment, Development & Assessment

PROFESSIONAL EXPERIENCE:

Confidential

Cloud Security Strategy Advisor

Responsibilities:

• Principally responsible for designing the cloud security and compliance framework used across the entire consulting practice
• Engage with Chief Technology Officer (CTO) to drive cloud computing strategy with a principal focus on architecture, security, compliance and governance for public sector customers
• Evangelize Confidential ’s vast portfolio of cybersecurity products and services whilst unifying its cybersecurity story across the enterprise to include Sales, Business Development, Operations, etc.
• Principal security SME brought in to address cloud security related concerns & inquiries during the closure phase of new business opportunities
• Drive cloud strategy and security engagement for assigned public sector clients seeking to adopt or migrate to the cloud
• Develop FedRAMP strategies and packages designed to help public sector clients obtain the Authority to Operate (ATO) required to implement cloud technologies

Senior Engagement Manager & Principal Cloud Adoption Strategist

Responsibilities:

• Principally responsible for providing security, compliance and strategic advisory in support of Microsoft’s business & engineering groups’ cloud offerings
• Developed and drove strategic direction and architecture for emergent cloud, mobile and big data trends and technologies and provided advisory to the Cloud & Enterprise senior management in alignment with Microsoft’s Mobile First, Cloud First strategy. Delivered results by aligning strategic direction with operational requirements through the prioritization of initiatives and continual analysis of business needs
• Direct line of reporting on progress readouts to senior leadership teams comprising of Corporate VPs, General Managers and Senior Directors in support of next generation cloud initiatives most notably the Azure Government Community Cloud (GCC)
• Led people within workstreams responsible for cultivating relationships between Microsoft Public Sector, Sales, Business and Engineering groups. Assisted in the generation new revenue streams from government agencies looking to onboard onto the Windows Azure I/PaaS cloud platform
• Partnered with the Azure Security, Compliance & Privacy team to develop strategies that helped build secure services for Azure’s I/PaaS cloud offerings for both commercial and public sector customers within Microsoft’s datacenters
• Provided executive advisories on security risks and the development of risk mitigation or acceptance strategies pertinent to the implementation of I/PaaS environments
• Leveraged industry trends, identified value generating opportunities while executing strategic plans in support of Microsoft’s Cloud First vision
• Budgeted, forecasted and monitored capital (CAPEX) and operational expense (OPEX) in consideration of cloud deployment models
• Collaborated across multiple Microsoft groups/organizations including product groups, business groups and other internal Microsoft stakeholders to drive the adoption and deployment of online security services, policies, frameworks and methodologies. Stakeholders included Legal, compliance teams for the various business groups, HR, security operations & engineering teams, Enterprise Architects, Physical Security, etc.

Principal Security Consultant/Senior Manager

Responsibilities:

• Led engagement team responsible for conducting security risk reviews & assessments, threat and vulnerability management, penetration testing, security application (SDLC) and implementation services, policy and program development
• Led the development of information security strategies and implemented security solutions to assist businesses with the assessment and improvement of their security infrastructure. Developed & set information security strategy and monitoring changes in legislation. Liaised with management teams across the enterprise to ensure alignment of security with key business drives
• Built inter-organizational relationships and managed internal and external customer expectations
• Provided trusted information security advisory to all senior leadership & executive team and strategic partners

Principal Security Consultant

Responsibilities:

• Provided leadership for C&E team of the Office of the Chief Information Security Officer (OCISO) responsible for ensuring all CDC public facing websites were Machine Readable Privacy Policy (MRPP) compliant in accordance with yearly FISMA and OMB requirements and milestones. Led team efforts to ensure Computer Security Plan (CSP) milestones and deliverables were met ahead of yearly FISMA audit schedule
• Provided security thought leadership and guidance to CDC C&E Program Manager
• Developed incident response standard operating procedures (SOP) and provided guidance and fore thought for the implementation of CDC PII Breach Incident Response requirements
• Oversaw delivery of Risk and Privacy Impact Analysis (PIA) reports to external auditors in compliance with OMB directives and timeline

Sr. Global Director, Information Security

Responsibilities:

• Developed an information protection & security program for a global travel management company with operations in 90 countries, a combined workforce of 13,000 employees and generating $14 billion in total sales. Developed and deployed global-wide security awareness & security policies in compliance with overall corporate policy. Led and coordinated activities of team that enabled client to increase efficacy of core security function.
• Led team responsible for the development, management and response to security based Response for Proposals (RFP) that generated up to a $1 billion dollars in new client sales
• Led the identification and delivery of a wide variety of information systems security services that supported the corporate security strategy. Services included security policy development, risk assessments of key business platforms, network penetration testing, intrusion detection and cyber crime response. Led the analysis and development of risk assessment reports while providing guidance concerning compensating controls and mitigating actions and assisted in the leveraging of internal opportunities in accommodation of discovered gaps
• Identified and implemented process changes & efficiencies that aligned security functions with the client’s business strategy and ensured compliance with PCI-DSS. These changes resulted in the client obtaining its first ever PCI-DSS Report on Compliance (ROC) attestation.
• Reviewed and signed off on all client's Security Service Level Agreements (SSLA), security Request For Proposals (RFP) and Master Service Agreements (MSA) for current and prospective clients

Confidential

Senior Information Security Consultant

Responsibilities:

• Led and managed Project Management Office (PMO) for disaster recovery projects and other highly complex moving sub projects to meet client deliverable deadlines
• Coordinated disaster recovery testing efforts for Project Management Office (PMO) for both project and various other client teams
• Built relationships with application, environment and portfolio owners as well as managed their respective DR testing efforts.
• Led security management of client product portfolio which included the development of threat and control catalogs, risk registers, security control mapping to various security frameworks – NIST, ISO 27001/2, PCI DSS, FFIEC, etc.

Security Consultant /Senior Security Architect 

Responsibilities:

• Managed the efforts of project resource in understanding and accomplishing goals and objectives, project plan development and ensuring deliverable timelines are met
• Led project team in the development detailed design on RSA Strong Authentication to be deployed in the client’s DR environment. Client expectation was exceeded and deliverable was accepted without modification.

Security Consultant 

Responsibilities:

• Developed high level security risk assessment and operational questionnaires for executive management and Information Security Operations Team respectively
• Assessed client’s security policies and procedures and interviewed executive management, IT Operations group and Information Security team and made actionable recommendations.
• Identified and addressed client’s needs: built, maintained, and utilized networks of client relationships; communicated value propositions; managed resource requirements, Statement of Work (SOW), budgets and prepared and/or wrote and verbal materials..

Confidential 

Senior Consulting Manager (Veteran Affairs Office of IT VAIO )

Responsibilities:

• Responsible for aligning information security processes with client’s overall business objectives and working closely with the CIO in defining over-arching information security strategy and policies. Served as an internal consultant to the various lines of business
• Built positive team relationships amongst client’s lines of business whilst implementing security technologies necessary to secure client’s IT enterprise
• Served as trusted advisor providing executive and strategic counsel for key clients as well as overall client account management and responsibility for professional services engagements