• Built an enterprise wide information security group for American Financial Group. This was the first of it's kind for AFG.• Created a risk based security program that reports to executive management and the board.• Created a security council to integrate 15 decentralized IT organizations into the enterprise security program.• Created a security monitoring and incident response program for the enterprise.• Created a enterprise wide vulnerability management program.• Created a security operations and architecture team to service the enterprise security needs.• Created a compliance and governance program to oversee enterprise risk.• Created a 3rd party risk assessment program.• Created an enterprise security management program based on NIST CSF that can assess the enterprise on a monthly basis.• Created a enterprise security awareness campaign in collaboration with our corp communications group. It focuses on protecting the company and protecting the employee in their personal life.• Created IR playbook that include executive roles from all areas of the company.• Created an enterprise wide phishing program with metrics that are reported to each business unit president.• Serve as a security evangelist to the 33 different business units within AFG. This includes one on one conversations and department wide presentations.

• Key member of the Executive IT leadership team reporting directly to the CIO.• Set the vision and strategic direction for GAFRI’s information security program.• The information security office includes:o Disaster Recover / Business Continuityo Security administrationo Security architectureo Security policies and standardso Secure password managemento Vulnerability managemento Identity and access managemento Monitoring, compliance, and certificationo Secure development life cycleo Security Awareness• Key Achievements:o Implemented corporate wide role based security model with automation driven directly from HR systems. This reduced new employee setup time from 5 days down to 1 day.o Created comprehensive vulnerability management program. Through this program we were able to mitigate 7490 vulnerabilities in the first year with no impact to production.o Implemented security awareness program that included annual online testing of all employees. The company test score became a balanced score card measure for IT.o Drove compliance with multiple federal, state, and industry specific regulatory requirements. These included monitoring, encryption, and personal identifiable information protection (PII) projects.o Lead a mobile security project to secure and encrypt GAFRI’s mobile devices and removable media.o Lead new DMZ architecture project to secure GAFRI’s growing internet facing business model. We created new zones and policies for the DMZ. This included a presentation zone, application zone, and database zone.o Implemented a secure file transfer system that enabled the business to support the wide variety of external parties that require data exchange. We were able to facilitate 350 new data exchanges with external parties within three months of going live with this system.o Lead security aspects of GAFRI’s development of three new external SharePoint websites.

• Lead security architect guiding the implementation of the Toyota Security Guidelines for all 17 North America manufacturing operations. The Toyota Security Guidelines are a certification level required by Toyota of Japan to receive confidential engineering data.• Primary spokesperson for the Toyota Security Guidelines for all division in the research and design areas.

• Key member of 4 integration teams during the Duke Energy and Cinergy mergero Strategy team – Set Duke’s new IT strategies and standardso Connectivity team – Developed Active Directory/Exchange strategy and integration plan for new Dukeo Security team – Merged the best of class security practices for new Duke. Merged the Duke and Cinergy security policies and guidelines for form a new policy structure.o Portal team – Assisted in merging the Cinergy web portal with the Duke web portal.• Sat on several Duke IT committees to verify that security is engaged in all new projects• Championed enterprise wide security initiatives such as 2-factor authentication and DMZ consolidation• Conduct monthly penetration tests on the Duke infrastructure, and reported findings to the compliance committee• Advised the SCADA (SCADA systems are used to control the power grid) team for Duke Carolina’s on the secure model I had created for Cinergy’s SCADA system during the NERC 1200 implementation. This model will be used during their system upgrade.

IT Security Principal – Cincinnati• Set the strategic direction for information security technologies at Cinergy• Team lead for the information security group at Cinergy• Define and manage all IT security related projects• Primary source of IT security requirements for the NERC 1200 compliance team and key member for implementation. This project secured the SCADA system for Cinergy, and brought Cinergy into NERC 1200 compliance.• Primary source of IT security knowledge for the Sarbanes-Oxley team at Cinergy• Project lead of a 4 month project to bring Cinergy’s DMZ to a best in class model• Primary coordinator of all major IT projects at Cinergy to insure IT security requirements are in place• Gave presentation at new employee orientations to increase IT security awareness• Key member of the project team it integrate Active Directory to Oracle 10g• Wrote a interface to link PeopleSoft data to auto populating Active Directory groups• Performs quarterly penetration audits of Cinergy, and reports them to executive management• Presented several community talks around home and small business cyber security to aid local business that can not afford an IT security staff.• Implemented IMLogic to allow the business to utilize instant messaging securely• Championed the network access controls project to begin to deploy NAC at key locations in Cincinnati• Implemented Microsoft’s PKI solution for internal certificate use• Assisted on the deployment of a secure wireless infrastructure at the 4th and Main campus. This solution utilized machine certificates and Microsoft PEAP.• Primary security representative on the disaster recovery team