• Spearheaded the zero-trust security transformation, integrating advanced encryption and access control measures, resulting in a 30% improvement in data protection efficiency.• Directed over 100+ architecture evaluations, identifying 20+ high-priority risks and mitigating them to strengthen Bank's security posture.• Delivered strategic guidance to cross-functional teams, enhancing collaboration between security and operations, resulting in streamlined DevSecOps practices.

Guardian Cyber LLC sub several assessments, vCISO, and other senior consulting activities to us.• Assisted a healthcare provider client in achieving a 100% compliance rate in regulatory audits for HITECH/HIPAA by conducting thorough assessments and implementing necessary security measures, including DLP, NGFWs, SASE, AppSec Gateway, new security policies, and SecOps with XDR, data lake, and EDR combo.• Improved a blockchain-based service to attain 100% compliance with data privacy controls for CCPA and GDPR through security reviews and the implementation of necessary security measures, including EDR, SASE, and WAF.• Assisted a Florida State organization in reviewing NIST CSF for SMB to large companies, providing control reviews and making recommendations to C-suites and boards for improvements.• Advanced an AI-based start-up with data privacy controls for CCPA and GDPR by analyzing NIST privacy control gaps through audits and managing the project implementation of corrective actions.

As a Captain in the United States Army Reserves, executed the honor of leading dedicated units committed to safeguarding the nation's critical infrastructure, spanning both public and private sectors. Our mission encompassed the protection of vital resources such as water, power, gas, and nuclear facilities, among others.Commanded a team of 400+ Soldiers responsible for conducting cyber operations, including blue, red, and purple team activities, critical to U.S. infrastructure and military units. Our efforts were informed by threat mapping and utilized frameworks (e.g., MITRE Att&ck). We harnessed modern tools like Carbon Black and other EDR solutions, along with firewalls and third-party technologies.► Director of Cyber Operations | Deputy CISO – SOUTHCOM HQ (2017 – 2023): • Successfully implemented FedRAMP & FISMA controls, achieving unwavering compliance, and conducted a comprehensive gap analysis, reducing security risks by 20%. • Efficiently managed the certification process, leading to early compliance and cost savings of $2M, while ensuring smooth collaboration with various departments and external auditors. • Established proactive security measures, robust incident response, and recovery procedures, leading to a 95% reduction in security incidents and maintaining a spotless compliance record.► Cybersecurity Protection Team (CPT) – Lead operations for Cyber Protection Team 184, SW Cyber Protection Center (2015 – 2017): • Led military units securing critical infrastructure in public and private sectors, covering Water, Power, Gas, Nuclear, and more, ensuring a 99% success rate in defending against threats. • Trained and prepared over 125 U.S. Army Cyber Incident Response team members to effectively respond to advanced persistent threats and investigate SCADA and hybrid cloud incidents.

Dragonfly Financial Technologies, an innovator in digital business banking solutions, empowers secure liquidity and payment management. Established in September 2022, we acquired ACI Worldwide's digital banking business, expanding our global reach and team of 200+ professionals across 7 countries. We're dedicated to implementing a robust security program adhering to NIST, OWASP, CSA CCM, and data privacy controls to foster customer trust and ensure fintech industry security and compliance. Reporting to the CTO, led an information security department with a multimillion-dollar budget for advanced solution integration.• Built and scaled a world-class security program, achieving a 95% reduction in security incidents within six months.• Protected trillions of dollars in financial transactions by implementing advanced threat detection systems across 1,600+ APIs and applications.• Achieved a 300% ROI through strategic budget allocation and efficient resource management.

At 1010data, now Symphony AI, they champion a contemporary, risk-based approach to information security, recognizing the unique needs of each client. As the leader of a compact security team at this privately-held SMB SaaS big data analytics company, their focus is on seamlessly integrating a comprehensive security strategy into the CI/CD pipeline. Reporting directly to the CTO and CEO, they assumed the role of overseeing a four-member security team, effectively integrating a cybersecurity strategy budget exceeding $2.3M into the CI/CD pipeline.• Revamped the security program, addressing 68+ risk findings and compliance gaps identified in audits of NIST CSF, NIST Privacy, and CSA CCM. This initiative, approved by senior management, culminated in a thorough security program restructuring to bolster customer trust.• Oversaw a series of audits and tests, including 22+ vulnerability audits, 20+ penetration tests, 32+ forensic IT audits, and investigations in 2021, resulting in a remarkable 155% risk reduction.• Implemented a security roadmap to navigate complex regulatory and compliance requirements, including GDPR, CCPA, HIPAA, HITRUST, PCI, and SOC 2, leading to the successful achievement of multiple security and business goals.• Conducted four internal audits using NIST CSF and CSA CCM, collecting 157+ artifacts for SOC 2 Type II & HIPAA audits. This effort elevated the security posture from 0.98 to 2.12 within ten months, marking a 116% improvement by focusing on priority areas.• Revitalized AWS and Azure security baselines, significantly reducing risk and enabling the safe migration of Data Center tenants to IaaS environments. Executed 15+ new policies, processes, and solutions to mitigate risk and optimize operations while establishing a new InfoSec team.

In the role of Director of Information Security, this professional consistently engages with key stakeholders to champion contemporary enhancements to the bank's security posture. Emphasizing the significance of a robust Cybersecurity Program, they collaborate with decision-makers to define and execute strategic objectives aimed at fortifying defenses against evolving threats.By promoting open communication and aligning their goals with the broader organizational vision, they ensure that the Cybersecurity Program remains a top priority, safeguarding the integrity and resilience of the bank's critical information assets.Reported to both the CISO and Deputy CISO, overseeing multiple project teams, each comprising up to 10 professionals. My role included conducting comprehensive assessment and analysis for a strategy budget exceeding $6M. Functioned also as a Risk Manager and SABSA SEC Architecture Leader.• Enhanced InfoSec architecture and governance for new environments, delivering services worth $800M+, ensuring GDPR, SOX, and NYSDFS compliance, achieving a 99% compliance rate.• Optimized the migration of legacy services into cloud environments (O365, GCP, AWS, Azure), resulting in a more efficient and secure global transition of over $30 Trillion in assets.• Provided guidance to Privacy Officers and Data Owners on best practices and regulations, leading to an improvement in data security and regulatory compliance for 50 global data centers and saving over $100M in potential fines.• Elevated cloud controls to enhance the environment, contributing to a 20% enhancement in security posture and maturity level. This included leading the development of eight new policies.• Co-chaired multiple boards, including ARB, Data Protection, Digital, and Platform Engineering, effectively addressing cyber risk concerns and promoting best practices in security architecture.

Reported to CTO. Built and managed a team of 15 information security professionals.

Managed security programs that ensured the data security within NSA systems used by the USAF for Top Secret mission support and special weapon system projects.

Managed 8+ personnel handling DR, business continuity, blue, red, purple, SOC OPS, and CIRT teams. Performed analysis and prioritize both application and network vulnerability test results.• Award by 2-star general for best audit score of any secret network within the Air Force network.• Redesign architecture and implemented NGWFs, SIEM, IPS, and other state-of-the-art tools.

As an Executive and Signal Officer, Derly was responsible for GRC and Operations of IT network equipment, satellites, microwave, and optical tactical wireless communication solutions.• Executed 50+ network improvements to prevent access, DDoS, jamming, and wireless data capturing by applying physical controls, vulnerability management, and FW controls.• Led a company of 200+ Texas Guardsmen to implement NIST 800-53a controls through a custom mesh network. Network pass testing from NSA and various consultants for the level granted.• Managed and trained 150+ Soldiers conducting DoD and FEMA OPS via cyber blue team tactics.

NCO who supervised 100+ Security Forces, Physical Security, and multi-national force personnel. Worked with FBI and OSI on computer crimes.• Forensic Assistant on 30+ cases: prep to testify in court, collected evidence, interviewed suspects.