- Led a comprehensive overhaul of information security protocols, enhancing protection across all Genesis companies.- Supervised the migration to Google Cloud Platform, achieving enhanced data security and operational efficiency. Rolled out EDR/MDR/XDR and advanced SIEM capabilities, Generative AI for Email, reducing security incidents by 60%. - Ensured compliance with PCI, HIPAA, and SOX through rigorous internal reviews and external collaborations, improving operational compliance.- Strategically negotiated with third-party vendors to enhance cybersecurity measures and ensure comprehensive risk management, resulting in an improvement in risk mitigation throughout the enterprise.- Collaborated with business leaders to identify and rectify process gaps, implementing mitigation strategies that decreased security and risk vulnerabilities. - Provided critical support to departments, ensuring alignment with security and compliance goals, which enhanced operational adherence to security standards.- Led technology initiatives for legal holds, breach assessments, and internal investigations, bolstering legal compliance and reducing breach response times by 75%.

- Developed and designed a graduate level class around Cloud Security (SEC -6040) which is now part of the graduate curriculum. - Teach/Designed SEC 6040 - This course teaches students how to: build a security policy and SOP for an organization which is implementing a new network, applications, and web infrastructure. Topics include the following: Security Education and Advisory, Risk Management, Threats to IT Assets, Encryption, Standards and Compliance, and Security Testing and Implementation- Teach SEC 6070- This course builds upon ethical security practices by performing prescribed techniques while increasing the student's knowledge, skills, and abilities. Topics covered include ethics, standards, methodologies, tools/techniques, and legal ramifications- Teach SEC 6090 - This course is an intensive study of selected contemporary topics in Information Assurance. Emphasis is placed on research in areas pertinent to the current IT environment

Conducting workshops and use cases in Artificial Intelligence (AI) -Generative, Machine Learning and Deep Learning on the aspects of information risk, privacy and third party concerns. Advising multiple facets of security and risk issues including: Incident Response/Forensics, Secure Development (process) and 3rd Party Reviews. Working with venture firms for review of security brands in their portfolios or crosshairs.

Created and directed the security and risk operations for global team including United Stated, Shanghai, Shenzhen, Hong Kong, Bangalore and Munich. Created and directed the incident response program, including internal investigations. Restructured application development team in regards to SecDevOps, including selection and implementation of tools for compliance and application testing. Created and implemented Vulnerability Management ProgramDirect interface for 3rd party risk assessments. Responsible for managing the SOC (SSAE16 and SSAE18) program, including audit teams. Conducted and developed the Amber Road GDPR program, moving the organization to full global compliance.

- Systematically worked with multiple large industry specific organizations (Retail, Healthcare, Finance and Manufacturing) in regards to assessing, strategizing, implementing and maintaining multiple facets around information risk, security and compliance. - Strategic assistance around operational security as well as overall company directions. This assistance pertains to clients around pre IPO, early stage capital, board concerns and/or strategic growth.- Post incident assistance with reorganization around mandates or assurance to regain control and increase reputation awareness- Named forensics investigator for several insurance firms and law firms - Hands on around incident response and forensics - Named one of three IBM Security Agents in the country.- Risk Practice won Several IBM Global Partner Security Awards

The Technology Forum of Delaware serves the technology markets throughout the Delaware Valley. Technology Forum Delaware is dedicated to helping the region’s technology business leaders acquire the knowledge, relationships and resources needed to compete and succeed in a global economy.The goal of the Forum is to serve the diverse range of emerging and established technology businesses in the region, from Information Technology to Biotechnology, Alternative Energy and many others. We do this by providing the best and most relevant educational and networking programs on a monthly basis, including both open and exclusive members-only events.

- Created a multi-million-dollar company to address security and risk of clients around independence and objectivity needs in the assurance industry. - Focused on delivering engagement and direction around industry recognized frameworks while introducing planning that allowed the cost and effort to acceptable to the remediation. This was done by a Risk Posturing review based on intellectual capital and property developed over my career and the basis for the formulation in the software and work programs. - Successfully exited (sold) company in 2012.- Designed a GRC (Governance, Risk, and Compliance) software tool that addressed issues around risk frameworks, weightings and impact to the organization and allowed for the strategic implementation of control gaps- Led an incident response team focusing on the systematic stabilization for clients from either active incidents, (APT, breach, fraud, control breakdown) or supportive forensics (assisting with suspect activity, civil cases, or fraud).

Created IT Risk Management team for Clifton Gunderson's Mid Atlantic Service Center, expanding on company wide IT Assurance Audits. The IT Risk Management Group was responsible for: IT Assurance, SAS 70, PCI, Sox, Regulatory Audits, Computer Forensics and e-Discovery, IT Risk Assessments, Disaster Recovery/SCP, Application security review, Network security review, OS security review,Security audits, Information risk assessments, Penetration testing, Security Architecture Design, Design/develop/enforce security policies, procedures and standards, Security product evaluation, Security awareness program development, Security awareness training, Information security product development, Remote Access administration- Lead IT Risk Management Team on National level with resources local to service center as well as West Coast in commercial practice

Created and lead information security practice defining strategy, policy and related security improvement programs.Determined weaknesses in the environment and determined risks in order to maintain a balance between security and the business offering while protecting customers and AIG. Responsible for securing all production mission-critical Windows, HP-UNIX, Solaris and Linux based applications/systems supporting over 27,500 users in across the US. Responsible for overseeing all audits and regulatory compliance (primarily Sarbanes Oxley) as it pertains to information technology activities. Managed budget as it relates to IT Risk Management in AIG.Responsible for disaster recovery planning for Personal Lines Data Center. Introduced new processes and tools to aid in investigations. Created several incident management policies which have allowed for a more controlled responses to infractions.

Designed and implemented the security infrastructure including comprehensive security policy documentation, network and host based intrusion detection systems, firewalls, secure data transfer methods, secure VPN, third party partner connections, and physical security.Developed Security Incident Response, Group Policies, and employee termination procedures. Implemented corporate wide disaster recovery plan.Developed plans and tracked activities for HIPAA compliance. This included implementing EDI solutions, maintenance and installation of Windows workstations, configuring and installation of firewalls, IDS (Intrusion Detection System), security audits, Internet security routers, switches, servers and hardening the network and servers for security with primary focus on HIPAA.

Staffed and managed a team of 9 senior level engineers. Responsibilities included project management, technical design, quality assurance, documentation, client satisfaction, team direction and support. Average project size: $105,000. Served as key interface between client and company. • Developed Security Offering: Responsible for developing business strategies utilizing methodology and tools to analyze and assess customer security strengths and vulnerabilities. Assisted in the development of security policies. • Managed Service Offering: Assisted in the development of an operations management and systems monitoring application based on third party tools with a custom interface that produced $100,000 in recurring monthly revenue.