The Director of Information Technology (IT) Security is responsible for developing,implementing and monitoring a strategic, comprehensive enterprise cybersecurity and IT riskmanagement program. The Director provides the vision and leadership necessary to manage the risk to the organization and will ensure business alignment, effective governance, system and product availability, integrity and confidentiality. This position reports to Chief Information Officer (CIO).

Leads the cyber security strategy for the organization that supports North American operations with a cloud-native SaaS application servicing 100’s of customers from SMBs to Fortune 500s. This includes Security Operations, Governance, Risk and Compliance and Data Privacy. Reporting directly to the CEO, I have taken this organization from a barely-there program to SOC II in 15 months.• Implemented organization’s first cybersecurity strategy and program plan• Developed and implemented a full complement of cybersecurity policies and procedures, leveraging known security frameworks and compliance requirements• Manages projects and programs to ensure the timely implementation and delivery of technologies to ensure compliance• Implemented first security stack for the organization including firewalls, IDS/IPS, SIEM, AV/EDR, DLP, vulnerability management, patch management, and cloud security products• Provides CI/CD and secure application development oversight and review for cloud-based SaaS application• Oversees incident response and disaster recovery planning and operations• Reports regularly to corporate leadership on security metrics and security program progress• Manages security budget and balances against total IT spend and risk appetite of the organization• Coordinates with 3rd party suppliers and providers to verify risk management practices

Teaching Cybersecurity Essentials

Championed the institution’s cybersecurity strategy, reporting frequently to academic administration and the Board of Regents in support of resolving findings discovered by Internal Audit and other audit groups. I organized 20+ cyber analysts and architects to accomplish our mission and the institution’s mission with a multimillion-dollar budget, efficiently addressing threats, compliance requirements and the changing academic landscape. Worked with the CIO and the institution to combine operations across academic and health center campuses. • Established University’s first Cybersecurity Strategy to lead security activity and risk management for the next 4-5 years, aligned to the University’s central strategy and provided vision and direction for the cybersecurity teams• Designed first reporting and metrics system to present to executive board for risk assessment and progress• Led conversations with other IT leaders to bring campus technology partners under the corporate IT umbrella• Managed transition to 100% fully remote work force due to global pandemic conditions• Coordinated response to first campus wide central endpoint management program and provided security expertise and advisement• Established system wide Identity and Access Management Program for a cohesive approach to identity that allows for a more dynamic and secure experience • Reduced phish prone percentage through a dynamic training process to faculty, staff and students• Realigned the university’s IT risk program with the NIST Cybersecurity Framework• Established the university’s controlled unclassified research (CUI) security capability to enable classified research• Managed multi-million dollar resource allocation for personnel, technology and development

Managed the daily security operations for the university including malware detection and remediation, email/account abuse or compromise, and other events or incidents. I managed SOC operations which protected university assets from abuse or attack. I assisted in the development of strategic plans for continued/enhanced security operations. I managed resources and budget to ensure the security team had the resources and abilities to adequately detect and respond to events and incidents.• Developed OUIT’s first Security Incident Response Policy/Plan and documented associated run book for the events and incidents the team may handle• Managed the business aspect of security operations by assessing risk, identifying gaps, recognizing budget constraints and weighing needs with those of the larger organization/university• Identified 3-5 year operational needs for forensics and incident response and have architected a plan to ensure the appropriate hardware is in place to enable the capabilities and workflows necessary for success• Ascertained appropriate path to FISMA compliance for a research grant that allowed the research team to accept and sign the grant and proceed with the program• Worked with multiple departments to document organizational risks and offered OUIT security services and expertise to implement or adopt new security practices, technologies and procedures• Managed acquisition, implementation and continued operation of new secure email gateway• Took the University into the next generation of endpoint protection technologies with Dell DPPE and Cylance• Coordinates security initiatives across inter-disciplinary teams and across University organizations• Established the first Security Operations Center (SOC), manned by OU students as Tier 1 Analysts both triaging alerts and developing custom integrations

General Duties: Supply system level security engineering expertise in the development of specialized aircraft information systems to ensure eventual certification and accreditation; Advise system engineers and software engineers on security requirements; Implement security best practices in the form of policy and procedures; Ensure the secure development of information systems; Develop accreditation artifacts for acquisition milestones / certification and accreditation; Subject matter expertise in security engineering, disaster recovery, media handling, authorization and account management, other security specific disciplines• Developed Test Plan and procedures for aircraft level information system evaluation• Produced 18 different policy documents in support of accreditation and successfully coordinated their acceptance across multiple organizations• Refined processes for systems engineering, software acceptance and artifact development which helped to streamline work products• Hosted a seminar with industry experts in Data at Rest (DaR) encryption to define a path forward for organizational information systems

General Duties: Provide expert technical consulting in DoD and Federal Information Assurance and Security efforts; Develop accurate and in depth accreditation documentation; Advise customers on security measures that meet or exceed DoD/Federal standards; Work with customers using various different security frameworks such as DIACAP, NIST, FedRAMP, HIPAA, SANS, etc.  Completed multiple DIACAP documentation packages for significant medical device resellers across the various DoD services on time and without error  Facilitated multiple meetings with vendors to review and document their device’s security posture  Redesigned an enterprise network system based on DoD and commercial security standards  Performed risk assessments and vulnerability analyses using leading edge analysis tools  Assisted in the development of proposals for new and existing customers

General Duties: Provide expert technical consulting in Information Assurance and Security during all phases of product acquisition and development including requirements development, engineering, product development and production; Develop security documentation in preparation for accreditation; Provide independent document evaluation as part of the certification and accreditation process  Generated Information Assurance Strategy and other accreditation documentation in preparation for a major government acquisition, ACAT 1D program  Provided technical evaluation of acquisition documentation for Phase 1 System Readiness Review in ACAT 1D program  Provided security focused system design inputs which resulted in the linkage of requirements associated with system functions  Developed risk mitigation strategies for information security related risks  Built, configured and hardened server environment for project development and integration efforts  Employed security engineering techniques to design a secure computing environment  Managed test environment for simulation of target environment; includes new and emerging technologies  Scanned and hardened servers, workstations and network components with standard DoD tools  Assisted with the development of proposals  Budgeted man hours and scheduled milestones for project completions

General Duties: Provide critical analysis of comments to customers from the team; Tier I support to team for assistance in documentation production and analysis; Analyze security documentation for newly proposed medical IT systems; perform risk assessment; annually review existing medical IT systems for security enhancements or new/unmitigated vulnerabilities  Developed Platform IT(PIT) checklist to streamline processing of PIT systems  Managed the Plan of Action & Milestones (POA&M) quarterly reports across all treatment facilities  Provided engineering expertise in discovering vulnerabilities in medical IT systems  Developed vulnerability analyses and “get well plans” for customers  Provided expert analysis of accreditation documentation for certification and accreditation validation for numerous Air Force customers  Performed manual and automated STIG & SCAP compliance scans on multiple platforms

- Maintain core services for medical personnel at Malcolm Grow Medical center- Ensure enterprise data is backed up to ensure recovery- Modernize data center to implement green initiatives as well a Continuity of Operations- Manage personnel to ensure customers are being supported quickly and efficiently

Coordinated live test of WAN accelerators between multiple vendorsSelected Certeon for command deploymentDesigned an implementation solution and convinced senior leadership to allocate $922K with fallout money (EoFY)Implementation phase currently underwayResponsible for program management of the USAFE NIPRNet migration of the GSU at Ankara, TurkeyCoordinated and prepared an engineered architectural proposal for migrationInterfaced with multiple organizations and commands to complete projectProject completed: Overall 10 months, $765KPlanned and developed project plan and implementation for new Task Management ToolCoordinated with Invoke Systems (contractor) to install and evaluate Microsoft CRMDeveloped training material for HQ USAFE command roll out of new Task Management Tool Managed Air Force and HQ USAFE Microsoft Data Rights Management projectCoordinated with HQ AMC on Air Force RMS effortsPlanned RMS test program at HQ USAFE

Facilitated contract renewals of local phone service for USAF recruiter offices/ANG bases Navigated records, current services and existing technologies for contract renewalManage contracts from $5K to $115K Assisted in developing the Civilian Employment Plan for the 38th EIG FY06-09Assisted in facilitating an FY06-FY07 VERA/VSIP for the 38th EIGPerformed the Quality Assurance for FY06 Employee Performance Evaluation for entire 38thDeveloped core documents for internal use at the 38th EIG for use with NSPS Developed and facilitated a PALACE Acquire orientation and training meetingParticipated in Integrated Product Team meetings for planning, acquisition and installation of communications infrastructure at various Air Force basesDeveloped division briefings on Source Selection Acquisition, SOO’s vs. SOW’s, and PPBE

Designed and programmed Graduate College websiteDeveloped Oracle database applications to move operations onlineDeveloped graphics for the website and Graduate College using Adobe productsAssisted with the acquisition and installation of new technology