Responsible for developing, implementing and maintaining worldwide information security program which will be certified to ISO27001. Developing a new framework of policies and standards; collaborating with various business units, service areas and regions for continuous improvements and efficiency of processes; sustaining information security and all areas relating to the protection of intellectual property stored on information systems as well as establishing, implementing and maintaining the information security program; balancing levels of security, ensuring user convenience and controlling costs.Key Metrics:* Reduced inbound and lateral malicious email and phishing by more than 99% documenting over $5M in fraud avoidance from compromised supply chain* Implemented industry best practice standards across all business units for both IT and IT using an ISO27001 framework with controls influenced by NIST* Reduce number of security solutions by 45%* Added cutting edge, automated security solutions leveraging AI while keeping run costs flat.* Drove down corporate risks by more than 60%

Advisory role, coordinator of InfraGard nominations and elections as well as special recognition awards.

Certified senior level information security professional combining a Master’s Degree and solid experience with leading-edge information security systems and network design, analysis and implementation. Proven track record building and leading Information Security organizations, planning and analysis of security architecture, infrastructure and applications, policy, procedure and standards development and training for a wide range of Fortune 500 companies.Specialties:* Information Security Management and Architecture* ISO27001 Security Certification (full stack of policies, procedures, technology and standards)* ISO27701 Privacy Certification (full stack of policies, procedures, technology and standards)* NIST, PCI, HIPAA, and GDPR compliance* Vulnerability assessment, Analysis and Cost effective RemediationIn short; keeping your enterprise secure from advanced cyber hackers and insider threats while showing your customers (and competition) your ongoing commitment to security and privacy .

Brought onboard Zones to build a world class information security and data privacy program. Coordinated senior with leadership to achieve ISO27001 certification for information security and ISO27701 certification for privacy in my first year. Adapted and significantly matured business processes and controls to meet emerging security and privacy regulations worldwide. Developing sweeping new programs that included:* ISO27001 certification* ISO27701 certification* NIST CCF * PCI DSS * HIPAA * GDPR * CCPA * PIPEDAForemost, I provided technical guidance and leadership to IT to improve asset management, identity and access controls, information classification and handling, security awareness and integrating information security into project management and application life-cycles. I built a Security Operations Center that leveraged machine learning and automated response and forensics for 24x7 monitoring and incident response with minimal staff.

Responsible for developing, implementing and maintaining worldwide information security program certified to ISO27001, I created and led V&E's information security strategy team coordinating senior partners, COO, CIO and General Counsel. I developed policies and standards; collaborating with various departments including Information Technology service areas and regions for continuous improvements and efficiency of processes; sustaining information security and all areas relating to the protection of intellectual property stored on information systems as well as establishing, implementing and maintaining the information security program; balancing levels of security, ensuring user convenience and controlling costs.• Obtained accredited ISO27001 security certification for the firm in 2015 – the only law firm to be certified at all US and UK offices.• Formed the Houston (ISC)2 Chapter in 2011 for information security professional’s education and collaboration. Coordinated monthly meetings and training.• Formed the first FBI InfraGard Legal Special Interest Group (Legal SIG) to foster stronger ties between law firms and law enforcement and promote information security effectiveness for the industry.• Member of the Board of Directors for the Houston FBI InfraGard.• Awarded the FBI InfraGard regional "Meet the Challenge"award in 2018.• Technical lead for V&E’s launch of its cybersecurity practice area.• Hosted regular CLE training seminars for the firm’s lawyers and clients on cybersecurity.• Managed client security assessments and information security aspects of engagement letters.

• Develop information security strategy, policy and architecture providing compliance with ISO 27001, NIST, ITIL, HIPAA as well as state and international privacy regulations.• Develop standards-based information security risk assessment and analysis program.• Develop and direct security penetration testing and vulnerability analysis.• Architect information security infrastructure solutions.

I've worked as a senior security architect and consultant at various major companies like Bank of America, BG Group and MGM Mirage. Duties included:• Manage and consult on information security strategy, policy and architecture providing compliance with ISO 27001/27002, GLBA, SOX, COBIT, NIST, HIPAA and state privacy regulations through matrixed staff at over 70 locations in the US, UK and Mexico. • Responsible for applications, systems and database audit, vulnerability testing and analysis for SAS70, SOX and other audit compliance. • Performed extensive network security penetration testing, systems and application vulnerability analysis and risk assessments for several national financial corporations using a variety of tools including Rapid7 Nexpose/InSightVM, nmap, TCPWrappers, Tripwire, L0phftcrak, Snort, ISS Scanner and SUS. Architected and implemented enterprise wide desktop security (VPN, PKI, identity management, anti-virus, anti-spyware, firewalls, centralized updates, patch management and single sign-on).• Designed and implemented e-commerce web sites and applications for Fortune 500 companies and local small businesses.Details and timelines for major projects are below.

Review, document and update Information Security policies, standards and baselines to meet ISO27002, PCI and bank standards..

· Conduct technical design reviews with various groups including application development, enterprise architecture, information security, systems, network, and database groups to develop secure frameworks and enterprise applications.· Oversee major security infrastructure projects: encryption, PKI, DLP, etc..· Create and provide ongoing stewardship for security policies and related standards.· Ensure compliance with information security standards through representation on project and virtual teams· Lead Global Security.Architecture team

Security vulnerability assessment, server hardening and secure, automated file transfer solution deployment..

Manage teams and vendors who support users and/or safeguard the company's assets, intellectual property and computer systems. * Participate in a leadership team to develop and execute IT strategy * Set security objectives and metrics consistent with company strategy and compliance requirements * Manage global IT security model, including risk assessments, policy, procedures and controls * Develop and recommend department budget. Authorize expenditures in accordance with approved budget. * Oversee all help desk activities, respond to escalated help desk issues, and interact with internal customers on all levels to help resolve IT-related issues in a timely manner * Oversee the administration and maintenance of call tracking software * Ensure that company IT assets are maintained responsibly * Maintain company Business Continuity Plan * Document company strategic plan

Managed full project life-cycle from inception to deployment of information security projects for MGM MIRAGE worldwide. Deploying PGP PKI, Symantec Compliance Control Suite (CCS), Vontu and Database Security (SDS), Identity Management and a secure email infrastructure with Data Loss Prevention (DLP).

• Completed pre-SOX audit compliance anal;ysis for applications, systems and database audit, vulnerability testing and analysis (Oracle, DB2, MS SQL, LDAP).

• Drafted information security strategy, policy and architecture providing compliance with ISO 17799/27000, GLBA, SOX, COBIT, ITIL, HIPAA and state privacy regulations. • Managed project and schedule and deployed Bindview solution to automate regular security vulnerability and risk analisys and penetration testing on all MS SQL, Oracle, Windows and Unix systems for PCI, SOX, HIPAA and corporate policy compliance.

• Created information security strategy, policy and architecture providing compliance with ISO 17799, GLBA, SOX, and business best practices.

• Managed information security strategy, policy and architecture providing compliance with ISO 17799, GLBA, SOX, COBIT, DITSCAP, NIST, HIPAA and state privacy regulations through matrixed staff at over 70 locations in the US and Mexico. • Improved enterprise security and reduce corporate risk through extensive network security penetration testing, systems and application vulnerability analysis and risk assessments for several national financial corporations using a variety of tools including Nessus, SAINT, COPS, nmap, SUS, TCPWrappers, Tripwire, L0phftcrak, Snort, ISS Scanner and SUS. Architected and implemented enterprise wide desktop security (VPN, PKI, identity management, anti-virus, anti-spyware, firewalls, centralized updates, patch management and single sign-on).

Performed disaster recovery analysis and developed business continuity plan.

Managed information security strategy, policy and architecture through a combination of direct and matrixed staff with over $1M budget.

Managed NAI Global Services Center providing managed firewall, anti-virus and VPN security services for over 6,000 sites nationwide. Developed Best Practices Program and authored guides for anti-virus, firewall, VPN, PKI, encryption, penetration testing and vulnerability analysis product delivery and configuration.