I am excited to have recently taken on the role of Manager for the Cloud and Network platforms, which includes the platform and product owners, the architects and the engineering teams.Additionally (and historically) I run the team which owns BPX Energy's security architecture, engineering and operations functions, as well as the digital security risk function, platform and product.I have an amazing team of leaders and contributors with world-class technology skills.We are the interface between BPX Energy security and BP security leadership.We have to negotiate that fine line for the organization between enabling innovation, and maintaining strict controls to ensure the safety of critical infrastructure.

Started with an small company (Datalogix) in 2012 which was acquired by Oracle in 2014.● Integrated “startup mentality” org (Datalogix) into Oracle, focusing on maturing the security program and migrating all security capabilities to a new cloud platform:● GDPR compliance● Evaluate the security of new acquisitions and technical infrastructure architecture, and help design for integration with ODC and Oracle systems● Built and managed security operations, engineering, architecture and GRC teams within ODC Security● Hands-on security engineering and operations (designing, implementing and supporting security systems)● Architect for cloud security, focused on AWS and migrating to Oracle’s cloud platforms● Achieve and maintain compliance with multiple data standards for privacy, retention, data pseudonymization and sharing in an international environment● Significant customer contact representing Oracle Data Cloud’s security, privacy and compliance model to security and legal experts from many fortune 500 companies● Application security processes and tooling in DevOps-PRE ACQUISITION (Datalogix)● Took an ad-hoc security program and matured it to address significant risks to its data assets● Develop governance program for system and data security and privacy● Critical in landing many customers and partners such as Facebook, Twitter and Best Buy through security representation and successful audits● Lead security teams in a highly dynamic environment as it moved from traditional DCs to hybrid and then a fully cloud-implemented environment ● Grew the security team from one person to four teams, as the company grew from 179 to over 500 employees at the time of acquisition and then 1,500 as Oracle integrated six companies.● Performed security operations, engineering, incident response, architecture and governance tasks on an undersized team as we grew out the program● SecArch via TOGAF-inspired documentation and processes● Safe Harbor compliance

Was the first full-time CISO at DIA (as it's locally known). Previous CISO was an interim contractor who "held down the fort" until the permanent position was created. Prior to this, DIA had ISO positions with relatively restricted authority and responsibility.Brought on as a contractor at the 11th hour by the existing ISO to help with remediation and policy work resulting from a suspected data breach, and then a key player in achieving and maintaining DIA's PCI certification.Worked my way from contractor to FTE (Information Security Manager), then Chief IT Security Officer, and then eventually Chief Information Security Officer.Worked closely with contractors and the CIO to bring the Information Security Program to maturation, and unified two different security groups (Network Security and Information Technology Security) under one umbrella at the direction of the Office of the CIO.Despite being a government organization (DIA is operated by the City and County of Denver), DIA maintains an enterprise feel where maintaining a positive working environment is key.Along with PCI compliance, we created a NIST-based security control environment in an ITIL Information Technology organizationAlso, I was allowed to drive large tractors to plow snow. How cool is that?

Security consulting focusing on network and endpoint security, security pen-testing and vulnerability assessment, policy and security program review. Customers include: Swiss Army (Armisuisse), Banco Popular in France, Estée Lauder, US Army (Fort Carson), US Air Force (Arnold AFB), St. Vrain Valley Schools, Boulder Valley School District, Sheridan School District, many others.Integrated solutions into many environments under various regulatory environments and frameworks such as PCI, HIPAA, NIST, ISO 27k/1, Sarbanes-Oxley (SOX), COBIT and ITIL.

● Promoted from contractor to Manager of Security Engineering during my tenure, responsible for significant portions of the ISO 17799 and Sarbanes Oxley technical audit compliance efforts● Managed a successful security engineering team which developed critical security configuration management, provisioning, log processing and other tools● One of three Security Architects on a matrixed team responsible for both Corporate (internal) and Enterprise (external) planning

Senior Windows, Solaris, Linux and Security consultant