Directed all Information Security and all regulatory compliance required by the company. Led department in audit preparation, audit control, policy and procedure creation, execution of procedures and controls, and internal audit. Directed privacy and governance for company data. Managed all security domains across the organization to meet regulatory requirements and internal governance.• Aligned all Information Security projects and guidance in alignment with business direction and budget planning.• Implemented Cyber Source decision manager to lower risk of fraud in response to large amounts of fraud.• Led how the company manages authentication and multifactor choices for all systems with policies and solutions selections.• Directed the company through SOX, PCI, HIPAA, NIST, TxRAMP, state data privacy laws, and internal governance for creation of policies, procedures, tool selection, and other activities that lead to company compliance.• Managed Information Security processes for two acquisitions for companies that extended the company’s ability to lower cost in areas that were outsourced and lead to areas of growth beyond just the company spectrum.• Created Risk Management process based on NIST standards for the company to manage internal and third-party risk.• Directed the changes needed and evidence collection for the SEC’s four day disclosure for cyber incidents based on Sarbanes Oxley requirements.• Selected and implemented full 24/7 Security Operations center using a partner named Expel and created all incident management processes to be timely in investigations and stopping threats.• Built and deployed Microsoft Sentinel Security Incident and Event Management (SIEM) systems.• Wrote and published over 20 policies and procedures for the company to align with regulatory compliance and internal governance standards.• Created and was responsible for Disaster Recovery and Business Continuity Plans for the company.

Collectable management and sales through auction and direct sales of collectables of all types. Onsite stock of collectables nearing $250k and available to assist in your sale of your own stock of collectables.

Providing advice, guidance, and strategic direction for organizations on Information Security through all domains of Cyber. No limitations on assistance in choosing tools, people or processes with design, implementation and management for security, compliance and governance for companies of all sizes.

Directed all PCI, CCPA, SOX, and all regulatory compliance required by the company. Led department in audit preparation, audit control, policy and procedure creation, execution of procedures and controls, and internal audit. Directed privacy and governance for company data. •Effectively evaluated the Sarbanes-Oxley controls for finance-affected processes and created a plan to reduce number of and complexity for 2023.•Rewrote and implemented an information security policy for the company that required separation of access control, incident management, and many other policies.•Wrote Privacy and Governance policies for data impacting PII, HIPAA, CCPA, PCI and SOX regulatory requirements for the company.•Managed and involved in building of the teams for 24/7 Security Operations Center and CI/CD process.

Ensured all Information Security objectives and projects aligned with business model and budget planning.Maintained full passing of all SOX, PCI, NIST, and ISO controls for all companies using SAP GRC and full business policies and procedures.Created risk-management team and processes, utilizing COBIT framework to assess and manage all risk to company.Performed and managed risk assessments and remediations to business processes and infrastructure based on the business desired cadence and risk appetite.Designed and tested disaster recovery and business continuity plans to meet NIST CSF requirements for subsidiaries of Boeing, each requiring alignment to their business model.•Automated vulnerability management with scanning, reporting, and tracking.•Enhanced the management of assets in the company by using source data from security tools to make asset management accurate.Became NIST 800-171-compliant in seven months by requiring full build of the following tools: RSA NetWitness, RSA ECAT, RSA SecureID, Thales HSMs, Cylance End-Point Protection, McAfee Whole Disk Encryption, McAfee Data Loss Prevention and File/Removable Media Protection, BeyondTrust Power Broker, TripWire, Gigamon, RES1 IDM, Metasploit, Netsparker, Nexpose, RSA Archer SecOps, ProofPoint Suite, RiskRecon, Veracode, Akamai Bot Manager, Qualys, AirWatch, SAASPASS for Macs, Microsoft ADFS, and Microsoft Certificate Authorities.Implemented and managed the operation of access control and identity management tools for privileged access to systems based on roles and exception process.Designed, implemented and tested full incident response plans for all subsidiaries under my watch to include asset priority and criticality assessments, and operational thresholds for recovery time objectives.Managed 24/7 Security Operations Center for seven Boeing subsidiaries with use of Security Information and Event Management tools from QRadar, RSA NetWitness, and Splunk.

Performed daily functions of building, architecting, and maintaining systems running inside Boeing network for meeting of operations, cybersecurity, and compliance requirements. Provided all data needed to C-Level executives and board members for presentation.Worked on the transition from physical servers to virtual servers, using VMware for over 50% of the systems in a $5 billion annual revenue subsidiary.Migrated the company from Lotus Notes to Microsoft Exchange.Implemented Ivanti provisioning application called LANDESK.Designed and implemented Citrix and AppSense systems for ERP transition team used by over 1,000 users for coding, testing, and finally production replacement of workstations for half the company.