In my role as the Associate Vice President and Chief Technology and Security Officer, I have taken on leadership responsibilities that encompass a broad spectrum of crucial areas. A significant part of my role involves formulating and executing a forward-looking IT strategy designed to bolster the growth of our global campus. This strategy is especially focused on facilitating mergers, acquisitions, and the establishment of new campuses. Concurrently, I am at the forefront of an IT modernization initiative that places a premium on automation, multi-cloud environments, containerization, and seamless API integrations, ensuring that our technology infrastructure remains at the cutting edge of innovation.One of my standout strengths lies in crisis management, where I have adeptly guided our organization's response to various incidents. My approach is anchored in minimizing operational disruptions and enhancing our overall preparedness and resilience. This includes overseeing business continuity and disaster recovery efforts, ensuring that our operations remain robust and resilient even in challenging circumstances.Furthermore, I continue to chart the course for our multi-year IT vision and roadmaps, with a strong emphasis on business enablement via IT transformation. This strategy also involves the integration of Agile principles to propel our product and service offerings to new heights across the university. My purview extends to overseeing IT operations, with a particular focus on refining processes to support the university's growth, both domestically and on a global scale. My steadfast commitment to delivering innovative security programs remains unwavering, all with the goal of providing our user community with a seamless and secure experience.

Responsible for enterprise-wide information security architecture and engineering program protecting Harvard’s intellectual property, data, applications, and systems. Lead Architecture and Engineering teams focused on cloud adoption, identity and access management, and capital projects.I successfully implemented a cloud-first security strategy that cut costs significantly with the shutdown of ineffectual campus data centers. I led several long-term projects that eliminated legacy systems, along with substantial technical debt. I secured alignment, support, and funding from school CIOs in highly distributed IT environments to centralize an IAM Active Directory project around single identity and shared service. Since 2016, I worked tirelessly to modernize Harvard’s information technology services. I introduced agile processes that increased work output. I created advancement and professional development opportunities and career resources for Harvard staff, which increased staff retention. • Create and maintain governance to ensure alignment between enterprise technology architecture, technology products and standards in support of evolving business and technical strategies and objectives.• Define security architecture and strategy focused on NIST CSF, CIS Top 20, and TOGAF.• Develop strategies to enable cloud adoption of AWS, Azure, and GCP.• Mature SDLC processes incorporating automation via Jenkins, Travis CI, etc. integrating application security testing (SAST) with web application penetration testing (DAST).• Architect and build solution to classify, identify, and remediate over-sharing of sensitive data using Cisco CloudLock, o365 DLP with automated alerting and remediation.• Adapt information risk management practices into organization-wide adoption of Agile.• Create Security “MVP” that standardized protections across all IT assets.

At M.I.T. I was fortunate enough to serve as security and resilience director, providing oversight for complex IT projects ranging from risk management, mitigation, response, and availability. My primary objective in overseeing the wide range of technical security operations was to reduce IT risk and enable disaster recovery in the IT environment. I’m proud of the mentorship program I created to allow for leadership opportunities and job shadowing. I fostered and encouraged a “culture of security” on campus and disseminated cybersecurity information and awareness materials across campus. Also, while there, the adoption of security services rose by 45% and resulted in the creation of an IT service portfolio for IT providers and their consumers. • Oversee security operations (SOC), IT audit, business continuity, and disaster recovery for the overall IT environment.• Create information security risk management program based upon NIST 800-171.• Advise Senior Staff and Directors quarterly on information security program health and current threat landscape.• Create portfolio of services and consulting to better serve the community by clearly identifying consumable services, consulting services, and metrics for individual groups to identify security priorities.• Devise data security classification including; aligning data sensitivity with security controls around human research studies (IRB), HIPAA, PCI, PII, and internal classifications.• Develop data analytics platform (Splunk) creating dashboards and risk profiles to evaluate enterprise risk exposure.• Establish application security practice, incorporating threat modeling and secure coding best practices into enterprise SDLC and project management lifecycles• Launch cross-functional Security Champions community, creating career paths in security for technologists, and coordinating activities across IT operations, architecture, engineering, and development;

As the senior architect, my responsibilities at UPenn involved managing system security measures and the overall IT infrastructure to identify and eliminate potential security threats. I implemented vulnerability and threat assessment architecture. I was accountable for custom rule creation and Sourcefire IDS infrastructure. Also, I implemented an automated system that enable customization and developed a code to shuttle and transform data, which enabled integration. Here I furthered my leadership ability when I was charged to lead the team at UPenn responsible for the architecture and design of SIEM (Splunk) and vulnerability management platforms. • Responsible for designing and building Penn’s security instrumentation network to detect and eliminate risks through vulnerability management and threat assessment. • Design and build network observability using Cisco Sourcefire IDS infrastructure and custom-rule creation. • Implement automated system enabling customization of vendor-supplied rules-specific environment. • Write applications and code enabling integrations with 3rd party products.

I held multiple technical positions at Drexel University between 2001 and 2012. I began in 2001 as a senior network security analyst and authored custom NAC solutions written in PERL code for processing vulnerability scan results and event alerts. Promoted in 2003 to senior security analyst, I protected and secured the university’s digital assets and enabled business continuity.In 2009, I was offered a position as the information security director. My responsibilities included designing and implementing all information security and identity management programs and related activities. Not only did I coordinate risk assessments, but I also developed incident response policies and procedures and ensured compliance.

I started at PayQuik to help build and secure their money transfer software. Generally speaking, I managed key servers and created Linux operating system hardening and minimization procedural guidelines. I’m pleased to say, CitiGroup acquired the end product and with that I moved on to return to Drexel in 2009.

Ensure adherence to security policies from all departments and colleges.Write custom PERL code for processing vulnerability scan results and alerting on events.Deploy centralized firewall for windows clients (ZoneAlarm)Manage Snort/Bro IDS systems, Argus and Cisco NetFlow to report on anomalous traffic.Hardened Solaris installations using customized JASS security scripts.Hardened AIX, IRIX, Linux, and Windows NT/2000 servers by writing customized shell, Perl, and batch scripts.Transformed homegrown processes/toolsets of log aggregation into a cohesive, standardized set of solutions that elevated efficiency and accuracy university-wide.Deployed proxy servers for student dorms to ensure compliance with the University Network Security Policies.Setup Darknets to monitor scans against our University netblocks using Argus and flow-tools. Created Jumpstart/Kickstart servers for unattended OS installs to confirm with hardening/minimization guides.

Developed operating system hardening/minimization guidelines for Windows, Solaris, Linux, and BSD based operating systems.Created installation server to automated operating system installation that conformed with hardening/minimization guidelines. Provided central log aggregation for log analysis, reporting, and alerting in real-time of critical system and application messages.Setup LDAP to consolidate authentication of all Unix based systems as well as web applications.Manage SAN zoning and deployment on IBM “Shark” and “Fast-T” storage arraysPerform systems administration of Solaris, AIX, Free/Open BSD, Linux, IRIX, and Windows operating systems.Utilize configuration management system (cfengine) to centrally manage all key servers.

Performed penetration testing/analysis of servers, routers, and switches to ensure network and server security.Provided reports detailing security risks, potential loss and mitigation factors.Hardened AIX, IRIX, Linux, and Windows NT/2000 servers by writing customized shell, Perl, and batch scripts.Secured and administered Solaris systems (Enterprise and Sunfire) using modified JASS architecture.Created documentation of securing both hosts and networks within a university setting.

Managed IS team including system/network administrators and helpdesk staff.Responsible for creating job descriptions, salary justification, and all aspects of the hiring process.Proficient in resolution of staff concerns.Created professional development goals for staff.Charged with annual performance evaluations.Provided hands-on training for all staff members. Worked with various telecom vendors for provisioning of T1 lines.Held responsibility for firewalls, routers, and Layer II/III switches.Diagnosed all network issues by means of Open Source tools spanning all OSI Layers. Implemented Linux as file and backup server for Windows and Macintosh clients.Setup and maintained Windows NT 4.0 domain/standalone servers.Migrated mail system from Lotus Notes to Microsoft Exchange.Administered MS SQL server 7.0.Designed Network/System monitoring system with Red Hat Linux.Created Web based e-mail system using Linux and PHP.Performed system administration of several operating systems including: Sun, Linux, BSD, Windows NT/9x, and Macintosh. Designed and implemented security procedures and guidelines for Internet connectivity and satellite offices.Built servers with custom-made Linux distribution focused on disk performance and memory management.

Deploy and maintain company firewalls running Checkpoint Firewall-1 on Nokia IP 330s (IPSO)Write ACLs for Extreme and Cisco switches/routers providing access to all regional data centers and NOC.Manage VPN tunnels to regional data centers with Nokia CC 250 VPNsExecuted penetration testing of firewalls, VPNs, routers, switches, and servers.Performed security auditing using Nessus, SAINT, Retina, dsniff, and ngrep.Secured Oracle database servers running on Sun Solaris systems.Migrated existing data center to new hosting facilitySetup Inktomi Traffic servers as proxy/caching servers at regional data centers throughout the East Coast.Assisted in the architecture of a secure nationwide network.Created technical documentation templates for the setup of a ISP.