I lead a team of fifteen information security advisors focused on finding solutions to client challenges using targeted consulting services in application security, penetration testing, social engineering, vulnerability management, remediation, incident management, and risk management. As a team, we work closely with consulting practice leaders to define and refine our services to find market fit and meet specific client needs. We also partner with our sales team to identify client opportunities, advise clients on strategy, scope and define services, and manage the contracting process.My key contributions and achievements are: Work with team members on defining custom consulting engagements. Training and on-boarding members of the team. Presales and sales training and enablement on Risk Management, Application Security, Attack & Penetration, Enterprise Incident Management, Vulnerability Management and Remediation services. Identify root causes leading to inefficiencies and failures in our internal processes. Lead and manage process improvements for the team and cross-team efforts. Coordinate with sales leaders to manage sales opportunities.I was recognized for my contributions to an internal Client Solutions and Threat Management project with the 2021 Optiv Q2 Trailblazer Award.

I work directly with Optiv clients to clarify and understand their specific challenges in information security and identify solutions. I primarily work with our clients on Threat Management services such as application security, penetration testing, reactive and proactive incident management, advanced research, and breach simulation (i.e. red team exercises). As an Advisor, I have responsibility for assisting clients with operations primarily in the North Central US and across the US and Canada as needed.My key contributions and achievements are: Lead the North Central US as the primary resource for Threat Management. Maintain a high level of engagement with clients through multiple opportunity assignments in Application Security, Attack & Penetration, and Enterprise Incident Management. Provide mentorship to other Threat Management team members on information security topics, managing our service portfolio process, and developing new capabilities in our CRM tools.

I worked directly with Optiv clients to clarify and understand their specific challenges in information security and identify consulting services to address those challenges. My primary responsibilities were on strategic services for enterprise risk and compliance, GDPR, third-party risk management, and CISO level services. I had secondary responsibilities in technical services such as application security, penetration testing, reactive and proactive incident management, advanced research, and breach simulation (i.e. red team exercises). For managing my team's future growth, I was assigned responsibilities for managing training, coaching, and mentorship with my co-workers.My key contributions and achievements are: Led the Central Region as the primary resource for Advisory services. Maintained a high level of engagement with clients through multiple opportunity assignments in Application Security, Attack & Penetration, Enterprise Incident Management, Third Party Risk Management, and Enterprise Risk and Compliance services. Provided mentorship to other team members on information security topics and managing our service portfolio process.

I worked directly with Optiv clients to clarify and understand their specific challenges in information security and identify consulting services to address those challenges. I primarily worked with our clients on software security services, penetration testing, reactive and proactive incident management, PCI, GDPR, enterprise risk, advanced research, and breach simulation (i.e. red team exercises). For managing my team's future growth, I was assigned responsibilities for managing training, coaching, and mentorship with my co-workers.My key contributions and achievements were: Maintained a high level of engagement with clients through multiple opportunity assignments in Application Security, Attack & Penetration, Enterprise Incident Management, and Enterprise Risk and Compliance services. Co-managed a project to develop video-based training materials on Optiv services for account teams. Developed Powershell tools to automate key aspects for documentation generation and case management.

I am part of the author network at Pluralsight currently focused on creating training content for information security professionals as they advance through their careers. It's an opportunity to turn my own passion for lifelong learning towards helping others learn as well. I love working with Pluralsight on course creation. They make the process easy and fun. While this is a part-time job for me, I love being part of Pluralsight's efforts in democratizing professional technology training.I have six security courses in the Pluralsight library. I love any feedback you may on these courses. Please share.

As the Enterprise Security Architect for Information Technology at Purdue, I had a wide variety of responsibilities for the protection of information and information systems at Purdue. I drove the implementation of projects and security systems to help the security team and other university entities discover and mitigate security vulnerabilities within the network. I worked with the security project manager in defining and managing progress on the various projects in our portfolio. I worked with our colleagues in the compliance arena to facilitate their technical needs. I consulted with other IT groups at the university to address security needs. To tackle these challenges, I led a team of three security engineers.My key activities and achievements included: Developed and promoted an enterprise security architecture strategy for the Purdue University system. Researched, evaluated, and proposed internally developed and/or vendor-based solutions to reduce risk. Managed three security engineers tasked with deploying new services and enhancing operations. Assisted in operational management of network intrusion prevention system, security information and event management, endpoint security management, and vulnerability management systems. Designed the Vulnerability Management Program and oversee its implementation and reporting. Worked closely with Security Operations Center in security monitoring and incident response. Merged security systems from other IT groups to centralize security management and lower costs. Worked closely with Internal Audit to identify areas of risk, develop responses, and implementation. Engaged stakeholders on university system-wide information security initiatives and directives. Interacted with PCI, HIPAA, and other compliance personnel to address specific requirements. Consulted with administrators and leadership to identify significant risk and create mitigation plans.

As a research engineer at the Center for Education and Research in Information Assurance and Security (CERIAS), my responsibilities progressively evolved over time. I was originally hired to manage security research projects. In that capacity I established several research projects with interested students and worked directly with faculty on objectives and directions. I embraced the educational focus of CERIAS and served as a teaching assistant to a graduate-level course, trained many IT professionals in a variety of subjects in security, worked one-on-one with students interested in careers in the security field, and worked with teams to organize training and awareness events. I was called upon to conduct risk assessments for groups at Purdue and at other universities.My key contributions and achievements were: Acquired Information Systems Security Architecture Professional (CISSP-ISSAP) and Certified Information Systems Auditor (CISA). Conducted HIPAA Security Rule risk assessments for Indiana-based hospitals and healthcare practices through Purdue Healthcare Advisors (an ARRA-funded Regional Extension Center). Consulted with various organizations on information protection involving restricted data. Conducted research in intrusion detection, digital forensics, and security architecture. Managed student research groups for the embedded sensors, Poly^2, and File Hound projects. Automated firewall rule management and developed remotely managed security servers. Managed portions of the Center's IT infrastructure. Served as T.A. for CS626, Advanced Information Assurance, Spring 2003 and taught four classes.

At Farallon Risk Group our mission was to assist clients with managing their information security breach response through risk assessment, mitigation, breach response playbook development, and staff augmentation services. My key contributions and achievements were: Assisted healthcare and energy sector clients with regulatory compliance and breach notification. Conducted risk assessments and documentation review and created rating-based mitigation plans. Created consulting methodology for risk assessments and breach notification procedures. Trained ten developers in secure programming techniques and application threat modeling.

As the Product Manager for Solaris Network Security, I was responsible for determining customer network security needs and requirements, working with Solaris engineering teams on implementation of features, assisting customers with implementation of security configurations using technical documentation and tool development.My key contributions and achievements were: Acquired Certified Information Systems Security Professional (CISSP). Discussed needs with customers and researched market requirements for Sun product security. Negotiated and assisted in prioritization of Solaris OE software security engineering efforts. Wrote content for and managed internal contributions to the Sun global security web site. Presented the corporate vision and customer value proposition for Solaris software security. Developed security marketing collateral, presentations, and Solaris 9 product launch materials. Developed the Solaris Security Toolkit audit framework to test Solaris security configurations.

As a Project Engineer for Sun Professional Services, I was involved in assisting the consultants in the development of technical documentation, service methodology development, and software tools to manage security for clients.My key contributions and achievements were: Wrote four Sun BluePrints OnLine technical articles on Solaris system and network security. Created consulting methodology, tools, and training for building secure Solaris installations. Assisted in the development of the Solaris Security Toolkit, a tool for automating OS builds. Participated in consulting engagements, security projects, assessments, and internal training.

As a member of technical staff at Sun Labs, I focused on developing novel network security tools to solve real problems in system configuration management and assessment.My key achievement was: Developed and released the Sun Enterprise Network Security Service (SENSS), an open source, Java-based, hierarchically organized, intranet security policy enforcement and assessment system in collaborations with a top-notch team of security engineers.

As Co-Op student and UNIX systems administrator for UNIX systems group at Northern Telecom and Bell-Northern Research, I focused on delivering timely solutions and quality work for the customers that I served. My key contributions and achievements were: Diagnosed and corrected level 2 customer support issues with UNIX systems and applications. Managed user accounts on more than 4,000 workstations and servers for all of North Carolina. Served as after-hours technical support. Provided technical assistance to senior administrators for project work. Automated some routine daily processes to save manual effort and to reduce errors. Used security tools to assess the security configuration of the systems.