Technical lead for the IaaS Security Services Development and Operations team responsible for the design and development of security and compliance tooling for the Cloud. Producing complex innovative solutions satisfying security and compliance regulations to protect IBM’s customers. Specializing in security and compliance automation design with extensive knowledge and experience with multiple cybersecurity frameworks (i.e., NIST, FedRAMP, HITRUST), to develop the core functions of a continuous monitoring compliance program. • Designed strategic tools to automate the collection, analysis, and validation of compliance evidence for the IaaS Cloud environments. • Control Owner for FedRAMP High Gap Assessment initiative, reviewing several IT Controls, mapping evidence, and identifying solutions to maintain the security and compliance of the IaaS Cloud environments. • Defined and authored core security documentation for Standards, Procedures, and Testing to ensure compliance with NIST 800-53 v5.

Provided technical expertise in the solution design, implementation, and maintenance of an enterprise-wide Security Incident and Event Monitoring solution for the IBM Cloud service offerings. Overseeing the IBM Cloud strategy for monitoring all log source types, applications, users, and infrastructure components within the public, private and hybrid cloud solutions. Provided technical leadership for twelve Security Analysts which monitor alerts and respond to SIEM security events on a 24x7x365 basis, identifying log source integration aspects, reviewing systems performance, capacity planning, forecast management and defining and recommending the strategic direction to the Cloud leadership team. • Defined Security Use Cases and developed custom device support modules to enable security log monitoring of the IBM Kubernetes and Virtual Private Cloud environments. • Improved monitoring efficiencies with a solution to monitor a multi-console, multi-tenant QRadar SIEM service with one centralized view. • Provided SIEM Solution reviews and tuning to ensure the design continues to meet evolving business requirements. • Designed and developed a solution to ensure full end to end encryption of the Cloud SIEM solution. Honors / Awards • 2020 - People's Choice Culture Award for “Cloud and Data Platform Security - Entrepreneurial Spirit”. • 2020 - Technical Excellence Award for "Analysts tools for optimizing Threat Management operations".

Security subject matter expert in the design, implementation and support of Information Security and Risk Management solutions for multiple IBM strategic outsourcing accounts. Functioned as the information security focal to the client's senior management and executive teams. Supported the client's entire security and risk landscape, assessing, and recommending solutions to enhance their security capabilities on premises and cloud. Reduced risk and increased the client's ability to deal with emerging threats to their organization. • Led the development and implementation of policies and practices, security programs, multi- functional teams, and project plan delivery in specific areas such as logical & physical access management, information security, incident management, vulnerability management, issue & risk management, audit readiness and compliance. • Designed and implemented new security solutions focused on TCP/IP vulnerability scanning, Intrusion Prevention Systems, Incident Handling, Patch Management and userid administration.

Developed, implemented, and monitored several strategic, enterprise information security and risk management programs for the IBM Chief Information Office. Responsible for the GRC Program and all architecture responsibilities in each phase of the project life cycle from qualifying a request through plan, design, and implementation of a security solution, including resource staffing, hardware/software provisioning, licenses, maintenance, financial management, and ongoing steady state support of the program. • Planned the successive design, development, integration, and migration of legacy applications to an automated enterprise risk management solution which resulted in a 45% efficiency return. • Implemented agile project management methods in the development of IT Risk assessment reports which yielded a 20% savings. • Designed a Decision Storage Library to track key decisions for policy deviations related to Risk Assessments. • Created a Policy library to capture policy metadata, for IBM’s security policy review, modification, and publishing process. • Created a Control Library which provided a centralized view of IT Security Risk Controls based on Industry Standards and best practices. • Automated data extracts from key security tools into the IT Risk Assessment program which provided the CIO the ability to integrate metrics with the Risk Assessment.

Security and compliance support for the IBM Global Account (IGA). Responsible for the development and execution of strategic and tactical security solutions. Ensured overall service delivery compliance by interfacing with delivery personnel and teams across competencies and sectors., Collaborated with stakeholders, generating, and driving milestones, developing, and presenting executive level metrics to assure security compliance issues have been fully mitigated and propagated to all affected environments• Security and Compliance subject matter expert for the IGA Audit and Compliance Team - Responsible for providing command and control, direction and guidance in support of the account's overall security compliance objectives including the following types of audits: Corporate audits, ASCA Reviews, Canadian NIST group, and Third party audits (i.e: PWC or Ernst and Young) of IBM customers and Business Controls Review.• Tape Encryption Security Manager - Responsible for defining, generating and managing encryption keys/certificates for mainframe, distributed and cloud environments. • Remote Access System Focal Point - Responsible for ensuring 11 remote access system teams worldwide comply with IBM’s security policies required timeframes for off-boarding employees. • Privilege Log Monitoring Service Manager - Responsible for investigating security violations from the automated privilege log monitoring solution which is used to monitor ITAR, FFIEC, DR, SOX and systems containing SPI data on a daily basis.• Security Compliance Auditor - Responsible for developing and performing an internal compliance Spot Check program to strengthen the IBM Global Account’s ability to obtain independent confirmation of their Audit Posture.

Responsible for end-to-end security of the largest IBM internal global account – IBM Global Account (IGA). Led a team of Information Security Advisors in the evaluation, implementation, and support of security services for approximately 175,000 global users across multiple operating system platforms, environments and industries including IBM’s fully automated 300 Millimeter Semi-Conductor manufacturing facility. • Managed complex IT security services focused on TCP/IP vulnerability scanning, Server Health Checks, Anti-Virus, Intrusion Prevention System, Workstation Security, Incident Handling, Patch Management and userid administration. • Performed Risk and Vulnerability Assessments, identifying and implementing new security services worldwide to mitigate risk to the business. • Developed executive level presentations on the account’s security posture and audit readiness. • Provided Audit focal point, managing internal and external Audit responses for the delivery teams.

Planned, configured, and supported multiple network devices including routers, switches, and firewalls in a fast-paced web-hosting environment comprised of 150+ customers. Interfaced with customers to design and implement eBusiness web hosting security solutions including network architecture and security services: TCP/IP Vulnerability Scanning, Health Checking, Antivirus, Host and Network Intrusion Devices, Incident Response, Firewall Implementation, Access Request, and Policy Revalidations. • 24x7 network support coverage. • Security subject matter expertise and policy oversight to ensure audit readiness. • Developed and responsible for operational procedures for Network and Security support. • Provided business requirement analysis and translation to technology design and implementation.