- Cybersecurity executive with extensive experience managing enterprise portfolios with a focus on security operations, cloud technologies, business continuity, and audit
- Experience managing Federal and commercial contracts with responsibility for staff, sub - contractors, and contract performance in a matrixed environment of direct reports, clients, and client’s customers
- Proven design and leadership skills with the ground-up construction and management of an Confidential Security Operations Center (SOC) as well as data centers for Confidential Group and Confidential
- Regulated environment experience within Federal financial programs, Confidential, HIPPAA, PCI, Confidential, Confidential
- Demonstrated financial experience creating budgets and forecasts with a deep technical viewpoint
- Solid experience managing operational and capital budgets
- SANS/GIAC Advisory Board Member and SANS Mentor
PROFESSIONAL E XPERIENCE:
Confidential, Anchorage, AK
Information Security Director
- Refresh of Company wide Information Security controls and policies.
- Directed the implementation of Confidential Cybersecurity Framework.
- Led improvements to network architecture and access control based on review of the enterprise.
- Aligned policy and architecture with Federal/DoD contracting rules ( Confidential, Confidential, Confidential, DFARs)
- Achieved compliance with Confidential SP800-171 for Federal contractors.
- Established incident response capability and process around updated SIEM and IDS/IPS architecture.
- Created cybersecurity privacy and awareness training courses.
- Directed the Company’s first external penetration testing engagement.
Confidential, Columbus, Indiana
Global Information Security Operations Manager
- Mentored and grew a team of on-shore and off-shore security analysts supporting a Confidential 200 corporation with locations in 190 countries.
- Worked on the vendor assessment team for the Confidential LiveWell Medical Center.
- Provided information security consultancy for corporate initiatives, audit, and compliance (HIPAA, PCI, SOX, and the Confidential Cybersecurity framework)
- Realigned and enhanced Information Security Operations.
- Created an enterprise vulnerability management program.
- Directed the move to a managed SIEM while enhancing security posture through next generation detection and correlation technologies.
Confidential, Fairfax, Virginia
- Lead for a team supporting ten Federal agencies’ financial applications hosted in Confidential ’s Confidential cloud.
- Managed security for a joint Confidential Bank AWS cloud Proof of Concept (POC) program.
- Lead for team performing security audits for Federal clients ( Confidential, Confidential ).
- Created cost models for security audits and accreditation efforts.
- Advisor for federating identities across client agencies, Confidential cloud, and contractor environments.
- Developed security as a structured business practice offering for Confidential ’s cloud based clients as well as within other public and private cloud environments which resulted in new business.
- Created a repeatable framework for security as a service (SECaaS) with a detailed cost model for bids and proposals.
Confidential, Herndon, Virginia
IT Program Manager
- Led projects for the standup of a secondary data center, network security evaluations and subsequent changes to policy, infrastructure, and network links.
- Global network consolidation and cloud computing work with US government Confidential compliance.
- Led financial forecasting toolset implementation (IBM Cognos TM1 tied into Deltek financials)
- Led project review and creation of an emerging technology lab used to evaluate BYOD solutions.
- Developed IT operating and capital expense budget projections for DOD and commercial contract proposals including a 21 year IT lifecycle budget for the successful AAS-72X US Army helicopter bid.
Project Manager, Leesburg, Virginia
- Managed the Confidential contract for the deployment and SIEM integration of Confidential NTR malware protection.
- Reconciled contract budget, deliverables, and personnel management including subcontractors.
- Created additional value for the client by designing two-way integrations with other tools such as web based threat analysis engines and FireEye appliances to enhance Confidential capabilities.
- Developed training for Engineering staff and Security Analyst.
- Certification and Accreditation of Confidential NTR appliance (Red Hat Linux/Ruby based).
- Created the first integration of Confidential NTR to ArcSight SEIM (no existing connector prior to this).
- Secured the follow-on contract option year with additional sensor purchases based on performance.
Site Manager - Infrastructure Team Lead, Martinsburg Pennsylvania
- Hired by Confidential to build, staff, and manage a Disaster Recovery Security Operations Center (SOC) from the ground up for the Confidential ’s Confidential contract.
- Developed federated identity management between agencies and contractors with PIV card multifactor authentication under Confidential and Confidential 800-53 controls.
- Oversaw the contract budget, deliverables, and personnel management across functional teams.
- Participated in the recruiting, hiring, and managing of facility staff.
- Manager for 10 Information Security Analysts and one Infrastructure Engineer.
Selected Accomplishment: Received the Confidential 's Service Award of Excellence for the support and expansion of operations at the Cyber Security Management Center.
Confidential, Somerset, Pennsylvania
- Led the design through build of the new company datacenter, including power, environmental controls, and access security.
- Integrated data collection and SCADA machinery controls to MRP and CAD/CAM software.
- Developed security enhancement and remediation plans in support of business risk management and SOX/HIPAA compliance.