Leading the security and compliance function through digital transformation, including a team of 10 practitioners in three main areas: infrastructure security and security operations; application security; and governance, risk, and compliance. We manage risk; design, implement, and operate security programs; and assess the security of our environment.

As an Advisory Council member I advise on the topics of interest to CISOs. This drives the topics for each series of in-person and virtual events that are held at chapters across the country, bringing security leaders together to discuss their challenges in a collaborative and safe group.

BostonCISO is the preeminent peer leadership network of New England chief information security officers. Our membership is comprised exclusively of CISOs (or equivalent executive roles) from public and private companies, government, education, healthcare and nonprofit organizations.Our mission is to build a strong, professional community among New England's information technology leaders, by providing a forum to share ideas, best practices and experiences relevant to CISOs.As Vice Chair I work hand-in-hand with out Chair to develop the programing, content, and network that will most benefit our members, ensuring we continue to drive value and differentiation from other CISO networks.

Benjamin Franklin Cummings Institute of Technology, commonly known as Franklin Cummings Tech, empowers students to achieve their career goals and attain economic advancement through accessible, flexible, and hands-on technical and trade education. We deliver 21st-century education built on history dating back to a 1790 bequest from Benjamin Franklin to the City of Boston to invest in trade education and entrepreneurship.The Industry Advisory Council for Cybersecurity strives to maintain alignment between the curriculum developed and delivered by the Institution with needs of cybersecurity teams operating at companies and within the public sector. As a member I leverage my years of experience leading high-functioning cybersecurity and IT Risk Management teams to ensure graduates are ready to contribute and further our industry.

As a member of the 1EdTech Security Committee, I am responsible for addressing the security concerns for all 1EdTech standards. This includes: - Reviewing the 1EdTech Security Framework - Identifying and raising security concerns that affect all 1EdTech standards - Reviewing and approving other standards, such as the Open Badges Specification

Led the strategic portion of our security function, focusing on developing and deploying effective security programs. Directly responsible for 2 application security analysts and indirectly lead activities of up to 10 people at a time through influence and project work.- Made risk posture transparent and measurable by building a complete risk management process.- Reduced vulnerabilities in the environment through a structured vulnerability management process, including scheduled scans covering over 90% of our environment and active remediation.- Matured application security program by establishing standard security assessment processes including static code analysis integrated into the continuous integration pipeline. Led application security team of 2 individuals.- Increased speed of detection and response to security events through the implementation of LogRhythm SIEM; led vendor evaluation, process documentation, use case definition, installation, and configuration.- Reduced phishing rates and other human-focused incidents with a security awareness program that included monthly awareness meet-ups, intranet site, short technical videos, phishing exercises, and an October security “jamboree”.- Increased clarity of security requirements through review and rewrite of security policies.- Provided security oversight to the implementation of advanced protections for email.- Created and oversaw the execution of an application security risk assessment questionnaire for Tier 1 applications.- Indirectly led the activities of two security analysts to execute the programs outlined above, resulting in increased output from both individuals.- Acted as a liaison to business partners on security concerns, including use of external tools.

During a time of great organizational change, grew from Security Analyst to Director in 4 years. I was recognized for my ability to build effective teams: As director, I built and led a team responsible for delivering security engineering services globally in a newly-matrixed organization; As manager I rebuilt a team of six after the departure of the previous leader.- Led a team responsible for delivering security engineering services globally.- Recruited a team of 7 individuals tasked with designing the security engineering function, processes, and artifacts from the ground up.- Responsible for identifying and documenting the coverage, maturity, and efficacy of current security controls.- Built business case and rationale for investment for all security control improvement investments.- Drove the requirements gathering, proof of concept, business case development, and funding request for four simultaneous security projects.- Acted as business owner of the implementation of CyberArk for privileged user management to control shared accounts.- Delivered a Certificate Management Service that reduced cost as well as risk of outage or compromise.- Defined global security investment roadmap, including aligning priorities with risk.- Identified and created security standards to align with policy, regulations, and risks.- As Product Owner for employee-facing identity and access application, provided guidance on strategy and oversaw feature design and prioritization.

Rebuilt and led team of 6 individuals responsible for the confidentiality, integrity, and availability of web-based applications serving over 5 million customers in higher education and K-12.Coached team through large, corporate wide transition, aligning them with the proper areas in the new organization to maximize their contribution and retention.Served as interim Director of Information Security for the same business unit for 6 months, reporting to upper management on risks, project statuses, and incidents, as well as defining security budget.Decreased average vulnerability time to close by increasing visibility of open vulnerabilities within products.Decreased the denial of service recovery time for critical applications from hours to under 15 minutes without additional expenditure.Led the implementation and operationalization of a security event and incident management system, which helped the team identify and respond to multiple security events.Led a project to drive a backlog of over 1,500 security vulnerabilities to closure.Helped architect security for an internally developed cloud deployment and automation platform.

Updated and communicated key information security policies and guidelines, including patch management, vulnerability management, and secure system build.Directed, oversaw, and reviewed the work of a Junior Information Security Analyst.Acted as security consultant for architectural design including cloud and DevOps, identifying and addressing security concerns and risks in the design.Active member of IT engineering group responsible for automation of system and build deployments, performing system reviews, build reviews, and providing guidance on securing automation processes.Oversaw external third-party assessments.Responded to over ten different security and availability incidents, providing forensic review and security guidance for re-establishing service.Performed operational duties including reviewing security alerts, firewall rule change review, and system reviews.

Consultant with experience in IT security, data loss prevention, risk and compliance, and IT strategy.

UNIX Scripting, Solaris administration, grid computing and grid FS research and deployment.

Designed website for Engineering News.In charge of general web upkeep.Successful troubleshooting of PC and Mac problems.