• Champion and evangelize the use of best practice security controls and the use of a positive security model for infrastructure access.• Worked with software engineering teams to enable programmatic access to security and network infrastructure, develop automation and orchestration pipelines, and enable middleware portals via APIs and enable self-service portals.• Researching and evaluating Zero Trust solutions and network segmentation strategies for firm owned assets and IoT devices based on user, device, workload/application, and network traffic patterns.• Researching and evaluating Secure Access Service Edge (SASE) and Security Service Edge (SSE) and Zero Trust Network Access (ZTNA) to integrate hybrid cloud and on-premise work environments.• Architect, design, and evaluate Network Access Control (NAC) products and authentication and authorization methods to provide posture and compliance checks, port security, and 802.1x to over 1.5 million+ endpoints globally within the firm. • Architect, design, and evaluate Authentication, Authorization, and Accounting (AAA) IAM services for both infrastructure and user access (VPN remote-access and WiFi authentication for 300,000 users).• Researching and investigating IAM authentication and authorization services for ephemeral infrastructure.• Researching and evaluating solutions to automate and orchestrate testing pipelines to shorten certification timelines of infrastructure and associated operating systems and applications.• Establish relationships and cross partnerships between other technology towers and line-of-businesses.

• Monitor, analyze, and enhance the effectiveness of the Enterprise-wide Information Security program.• Establish monitoring measures via enterprise SIM/SIEM to detect and ensure correction of security breaches and policy violations.• Analyze and recommend action on security related incidents; notify appropriate owners and IT Security Governance.• Develop information security risk identification, tracking and mitigation processes strategy and methodology.• Provide data for audit indicating changes made to access control lists to facilitate audits and other investigations.• Track and maintain operational security access metrics.

• Provide a hands-on technical role as well as manage a team of network engineers and system administrators. Conduct annual staff evaluations and performance reviews.• Work with the CTO to determine budgeting and capital and operational expenditures with regards to the organization’s network, security, and server infrastructure. This includes managing vendor support and maintenance contracts (Cisco and EMC/VMWare).• Provide a strategic direction with regards to Data Center unified fabric, network topology, and network security best practices and evolving trends.• Migrating a private hosted IaaS cloud solution to AWS and an onsite Data Center utilizing VCE VBLOCK integrated infrastructure consisting of Cisco, EMC, and VMware.• Analyzing how to leverage cloud services such Microsoft Azure and Amazon AWS for hosted virtual computing.

• Manage a staff of Network Security Engineers and conducted annual staff evaluations and performance reviews. Provided technical mentoring for junior level engineers.• Provided a strategic direction for the organization with regards to network security best practices and evolving security trends.• Managed network security infrastructure and conducted vulnerability assessments and pen tests.

Held various system, network, and security engineering roles within server and network infrastructure groups.