• Developed and managed an information security program ranked by Forbes in 2023 as the 25th out of 200 most cybersecure company in the United States.• Reduced the overall threat target of the organization by more than 50% by developing an enterprise- wide configuration management standard and program for all computer, database, and network assets. • Created hardened secure operating systems, published corporate baselines and standards for creation, monitoring, and remediation of configuration drift.• Reduced costs in repetitive security findings and initiated a 30% reduction in cycle times. Automated application security testing into development platforms allowing for live code testing prior to software build commits that trigger pipeline policy scans.• Created and implemented a vulnerability management program that provides faster, exact risk reduction to the organization. Collaborating with vendors, internal teams and stakeholders, developed an enterprise-wide risk engine to customize rating risk vulnerabilities affecting the organization. The outcomes of this project include the capability to use multiple factors to risk calculate vulnerabilities custom to the environment. This allows teams to focus on high impact risks and threats. • Currently leading a project to deploy hyper automation throughout the various security teams to reduce incident response time and attack dwell time. • Incident response manager for all cyber, fraud and internal incidents, keeping incident response teams on track and executive management, legal, lines of business and any regulatory or reporting agencies apprised as the investigation continues.• Manage and develop a team of seven information security professionals with a focus on incident response, forensics, threat intelligence, vulnerability management, configuration management, application security, hyper automation, and red team disciplines.

• Ensured compliance with federal regulatory guidelines, state banking guidelines, and corporate policies/procedures.• Developed and implemented an information security program.• Reported “State of Security” at all executive and quarterly board meetings.• Developed and led Capital Bank’s cyber incident response program.• Managed third party security vendor and SOC relationships.• Designed and implemented systems, policies and procedures related to Anti-Virus; Anti/Malware; HIPS; IPS; DLP; SIEM; Encryption; Web filtering; DMARC, and various other systems.• Led FSISAC CAPS, FEMA, DHS, and other various cyber desktop scenarios.• Developed and led Capital Bank’s threat hunting program.• Coordinated third party penetration testing teams.• Represented information security during internal/external cyber audits.• Developed Capital Bank’s vendor risk assessment program.