As Associate Director - Cybersecurity, I lead the team responsible for Cybersecurity Risk and Policy Compliance Management within the Chief Security Office. The team's focus is on qualitative and quantitative risk and policy compliance management around confidentiality, integrity, and availability of data and systems across the company. Primary accomplishments include:- Designed and implemented a robust Cybersecurity Risk Governance framework leveraging a decentralized risk identification structure relying on trust and expertise across the security organization- Improved turn around time for compliance assessments by as much as 30% resulting from workflow and process enhancements driven by a migration from RSA Archer to ServiceNow- Implemented new procedures to accelerate the lifecycle of compliance and risk assessments by clearly communicating expectations for user submissions- Developed and deployed an enhanced informative SharePoint site serving as the central point of content for the Cybersecurity Risk Management team and associated processes- Created and published internal risk and compliance metrics on the ServiceNow platform related to team performance as well as general policy exception tracking- Contributed to the Quantum Computing risk management whitepaper for telcos in collaboration with the cross-organizational GSMA Post Quantum Telco Network task force- Spoke as a quantum risk panelist at Mobile World Congress 2023 in Las Vegas, NV

Worked with cross-functional teams to evolve an External Cloud Use policy to drive the use of public cloud environmentsServed as a policy liaison between the Chief Security Office and the Public Cloud team to provide clarification on policy requirements tied to cloud implementation standardsCollaborated on the creation of cloud security guidance documentation covering the technical implementation of cloud services across major IaaS providers

Developed a Cloud Security Center of Excellence designed to centralize cloud security knowledge for easy consumption by project teamsConsulted on a variety of cloud use cases with a focus on tying initiatives to security policiesPartnered with teams across the company to assess compliance frameworks and ensure the confidentiality, integrity, and availability of dataParticipated in the review process for Cloud Access Security Broker (CASB) vendor down selection in order to perform a Proof of Concept addressing Shadow IT, Device Access Control, and Cloud DLP

Developed compliance-strong cloud security policies across the company to improve security posture in cloud services Assisted Cloud Governance team with assessing new cloud service use cases Wrote the Cloud Security position paper which became the de facto document providing guidance around generalized security requirements and recommendations for using cloud services

• Lead and operate the AT&T Cloud Governance program to ensure security and process compliance of workloads in public cloud environments• Lead and operate the cloud compliance process to review workloads in private cloud environments hosted with 3rd party cloud providers• Offer business value by utilizing Cloud Access Security Broker cloud analysis software to determine risk ratings of cloud service providers and assembling a cloud inventory framework• Manage risk by working with end users to reduce the use of high risk cloud services• Partner with business units to determine use cases of cloud providers during the cloud governance submission process• Document procedural workflows for the cloud governance and processes• Apply critical thinking to business processes in an effort to limit the potential risk and exposure of sensitive data and convey the importance of governance over the flow of data in both the cloud space• Serve as a resource to Supplier Security and other compliance areas of the company• Communicate cloud security policy up and down the management chain

• Develop the Mobility Governance program to improve the enterprise mobile security posture• Provide leadership and guidance for the Vulnerability Risk Management program• Assist in the implementation and operation of the cloud governance model• Offer business value by utilizing Skyhigh cloud analysis software to determine risk ratings of cloud service providers and assembling a cloud inventory framework• Work with business units to determine use cases of cloud providers during the cloud governance model submission process• Document procedural workflows for the cloud governance process• Apply critical thinking to business processes in an effort to limit the potential risk and exposure of sensitive data and convey the importance of governance over the flow of data in both the mobile and cloud spaces• Serve as a resource to 3rd party risk and compliance areas of the information security department

Hired as Systems Engineer, promoted to Systems Engineering Supervisor, then promoted to Systems Engineering Manager. I manage the Helpdesk and Systems Engineering team and also serve as the technology lead on a number of projects involving infrastructure components such as Active Directory, Exchange, VMware, EMC, Dell Equallogic, Dynamics CRM and numerous other corporate technologies. I provide recommendations to upper management on improvements to the existing infrastructure as well as suggestions for future technologies that will reduce costs and enhance overall performance.

This position entailed providing desktop support to different clients on an "as-needed" basis. Other dutied included servers upgrades and maintenance, Active Directory and Exchange administration, as well as some basic administrative scripting.

Provided second tier support for technical support calls.Provided high quality training to new technical support staff.Managed the hourly scheduling.Interfaced with management as needed.