Taking the leap of faith into entrepreneurship!After 20+ years of working in IT & Cybersecurity, I’m excited (and a little nervous) to announce that I’ve officially started my own consulting business! 🚀CyBase Risk is a catalyst cyber risk management consulting firm, dedicated to empowering small and medium-sized businesses (SMBs) with insight and roadmaps to proactively protect and reduce their exposure to cyber incidents. We offer practical programs that accelerate the process of defining your existing cyber maturity level. We partner with top-tier Managed Security Service Providers (MSSPs) to implement baseline controls required by insurance companies and industry regulations (NIST, NYDFS, SOX, HIPAA, SEC, etc.). ​​Collaborating with other industry experts enables us to deliver a comprehensive and effective approach to mitigating cyber risks.🔑 What we offer:• Real-world breach simulations — Custom-tailored exercises to test and strengthen your security defenses.• Baseline Controls Assessment & Customized Roadmap — A roadmap to guide your security improvements.• Security Awareness Training & Phishing Simulation Curation — Ensuring your team knows how to recognize and respond to threats.​​​​We are proud to serve as the consulting arm of CyberSecurity GameChangers, 501(c)(3).

As the Founder of CyberSecurity GameChangers (a 501c3 nonprofit), my goal was to create an organization that encourages the next generation of leaders, engineers and change agents by serving middle, high school, early college students and school systems. We provide partnering programs to schools in underserved areas, foster diversity and expose them to Cybersecurity and Technology​ Careers that will ‘Change the Game’ for them & their family dynamics.

• Fifteen+ years of internal and external consulting, training and leadership experience in the areas of: Data Security & Privacy Programs, Risk Management, IT Audit, Business Continuity and Disaster Recovery, Vendor Risk Management and IT Service Management (ITSM)• Ten+ years hiring, developing, and managing direct report and large-scale project teams across multiple internal and external organizations.• Keen problem solving and decision-making experience in high-profile, pressurized situations.• Well versed in evaluating business processes and troubleshooting to isolate the cause(s) of process breakdowns, performance gaps, and/or organizational needs. • Proven ability to deliver strategic initiatives and solutions that align with business objectives within scope, time, and budgeting requirements.• Dynamic planner/manager of high-profile projects focused on the areas of IT Audit & Remediation, Secure Software Development, Service Delivery Management, Incident Management, IT Service Management, Enterprise Architecture, Business Continuity/Disaster Recovery, Risk Analysis, Vulnerability Assessment, Information Security and Response Planning. • Strong understanding and Hands-on experience of Secure Application Development Processes (SDLC), Software & Product Architecture Solutions, Network Infrastructure, and Database Structures• Specialized Compliance knowledge of: GDPR, PCI DSS, Fraud, Dodd-Frank, BSA / AML, CFPB, FFIEC, GLBA, SOX Controls, HIPAA/HITECH, & other Federal and International Government Requirements• ITIL, ISO, COSO/COBIT, CMMI Controls, Best Practices and Certification Processes• Energetic self-starter with excellent team development, strategic planning, budget management and negotiation skills.• Skilled in recognizing opportunities to build productive relationships and improved operational processes across business lines and technology.

Tru2Me POD was created specifically to cater to the many talented and aspiring podcasters in the southern sector of Dallas, TX. We provide a professional and convenient environment for podcasters who may not have the necessary equipment or space to record high-quality audio content. We offer a wide range of services and turn-key solutions for the first timer as well as the seasoned pros.

• Strategic Leadership: o Managed a team of Cyber GRC Analyst, providing leadership, guidance, and mentorship, fostering a collaborative and inclusive team culture that values diversity of thought and encourages professional growth.o Led the Corp. Data Compliance Committee fostering data governance initiativeso Created and tracked cyber KRIs and KPIs for service delivery and overall security posture• Risk Management:o Maintained the risk register, assisting with self-assessments, and contributing to risk management strategies and processeso Led security efforts related to Mergers & Acquisitions, including assessments and post- acquisition activities to fully integrate acquired entity into all security controls and processeso Matured Third Party Risk Management Program• Governance and Compliance:o Created, maintain and continuously mature information security policies, standards, and controls; work with senior leaders to ensure that any impacts and associated work to remain compliant is included in Product and Technology roadmaps.o Developed and enforced cybersecurity policies and procedures, fostering a security-conscious organizational cultureo Spearheaded regulatory compliance efforts, successfully achieving and maintaining compliance with industry standards and regulations.o Collaborated with regulatory compliance on the privacy programo Oversaw remediation efforts and related findings identified by Internal Audit, IT Risk, and Third Party Risk Assessments• Security Awareness and Training: Owned the security awareness training program, including selection of courses, phishing campaigns, awareness campaigns and reporting

• Evaluate and assess cybersecurity risks while continuing to enhance cybersecurity risk management process • Cyber liaison for internal/external audits, assessments and Third Party Risk Management processes• Oversee and improve Cybersecurity Awareness and Training Program• Vulnerability Management Process Owner – VM strategy, process, and program improvement • Own and implement Data Loss Prevention Program and liaison for Data Governance Program • Implement Global Secure SDLC process across multiple development team, products and applications and operating systems • Help reshape Cybersecurity Service Delivery in support of digital transformation • Monitor and track KRIs and KPIs related to cybersecurity service delivery and overall posture• Collaborate with IT and business peers to identify and resolve systemic risks and process gaps• Set annual strategic projects and objectives in support of business goals• Manage the creation and tracking of risk treatment plans, including the creation of policy/standard exceptions• Hires, supervises, develops, evaluates, mentors and coaches staff• Manage team budgets and forecast appropriately

• Evaluate and assess cybersecurity risks while continuing to enhance cybersecurity risk management process • Present identified risks and their control plans to leadership team• Actively participate in the governance process associated with cybersecurity and technology standards• Create information security policies and standards and recommend enhancements and changes to existing policies, controls, and standards based upon the evolving operating and threat landscape• Assist in interpreting, understanding, and applying information security policies and standards to mitigate cybersecurity risks• Maintain controls that enable the organization to operate efficiently, cost effectively, and within compliance standards• Manage the creation and tracking of risk treatment plans, including the creation of policy/standard exceptions• Communicate risk postures and metrics to senior management and business• Act as a cybersecurity risk escalation point for project teams

• Security, Audit, Risk & Compliance (SARC) – Considered a recognized authority on SARC technologies, theories and techniques. Work daily with matrixed IT SMEs/team members across multiple client lines of business to manage and deliver risk assessment and audit remediation activities for: PCI, EU Commission, Client-specific controls testing, SOX, SOC1/SOC2, Cybersecurity, HPE Self-Assessments, and multiple client internal & external audits. • Data Protection & Privacy Practice Lead – Strategic Development of privacy, security and compliance solutions for complex enterprise environments, • Executive Account Security Officer – Served as an embedded and trusted member of client security team to develop and nurture excellent client relationships at the executive level. • Managed Security Services (MSS) Delivery

• Information Security Officer (ISO) – Constructed a strategic roadmap and implementation plan that aligns to quarterly and multi-year corporate initiatives, tracking tactical wins and opportunities for improvement that lead to an enhanced security posture. Head cross-departmental Information Security Working Group to perform strategic planning and ensure security & compliance goals are met. Work with technology resources to administer Risk Management and Information Security Program, Threat Assessments, Incident Responses and Remediation Activities. Assess security weaknesses; identify tools, processes and resources to mitigate risks. Manage and conduct periodic risk assessments, application scans, and vulnerability scanning activities. • Regulatory Compliance/Risk Management (GLBA/Dodd-Frank/FFIEC) – Work with Enterprise Compliance to implement and manage the Regulatory Compliance Programs, including: Risk Assessments, Corporate Standards, Information Security, Disaster Recovery/Business Continuity, Federal and International Regulatory requirements, Industry Best Practices, Risk Management activities and audits/product reviews. Manage team development via career planning and industry training. • Contract and Vendor Management Program Manager – Formal risk review domestic and international business, software and consulting contracts for adherence to corporate policy, business capabilities and agreed upon audit, information security and risk management activities.