Building a cybersecurity program aligned with business objectives, improving maturity and managing risk associated with current and future cyber threats

Promoted to lead a new organization focused on increasing digital resilience and readiness within the company and critical suppliers.• Developed and launched an enterprise security incident management framework to align company cybersecurity, data privacy and supplier incident activity• Built a cyber crisis management team and processes for coordinated response to high severity incidents• Increased organizational readiness through tabletop exercises and after-action reviews• Leader for a cross-functional team identifying, assessing, and remediating company vulnerabilities to geopolitical cyber threats

Created and led a new organization, blending heritage United Technologies and Raytheon personnel and processes, to develop and implement a comprehensive program managing digital and supply chain risk in the new company.• Developed a new digital risk management policy establishing common requirements for managing digital risk across the organization• Enhanced organizational digital risk management by connecting strategic and tactical processes and improving the cycle of risk identification, assessment, response, and monitoring• Launched and facilitated a cross-functional Cybersecurity Council as a governance model cornerstone and promoting information sharing and decision-making • Consolidated legacy third party risk assessment processes, streamlined using OneTrust Vendor Management and executed vendor assessments, based on NIST 800-171, to identify and mitigate risks • Conducted enterprise and cyber events to identify risks, quantify using the FAIR framework, mitigation and support strategic planning

Led an organization driving cybersecurity governance and aligning the corporate and business units, executed special projects for the CISO, developed a consistent and repeatable digital risk management process, and supported Legal with ethics and compliance investigations, data collection, preservation, and processing for significant litigation.• Established a Cyber Steering Committee, comprised of senior leadership, chartered to increase strategic alignment, facilitate risk-based decision-making, and monitor the health of the Cyber Program• Executed culture, process and technology (Archer) changes, increasing digital risk management maturity by one full CMMI level• Expanded the global Investigations team by 50% to improve case delivery speed and analytic quality• Renegotiated a vendor service agreement to elevate performance and decrease cost by $5M

Lead for the global security operations, cyber incident response and investigations teams responsible for delivery of security monitoring, incident response, threat intelligence, threat hunting, digital forensics and investigations services. • Streamlined operations and decreased response time by combining the Security Operations Center, Incident Response and Investigations/eDiscovery teams into a centralized Incident Management organization • Reduced false positive rate 70% for key processes by identifying pain points and automating manual steps • Executed purple team events with business partners to strengthen security controls and monitoring processes • Managed the global implementation of email threat protection and network detection and response solutions

Team lead and analyst for the cyber incident response team providing rapid response, containment and incident handling services globally. Advisor to senior leadership on all aspects of information security. • Enhanced visibility and security monitoring by expanding data collection across multiple network and hundreds of log sources • Designed and implemented processes to monitor and correlate privileged access activity • Implemented a methodology to capture, consume and propagate threat intelligence indicators • Lead project to review and refine incident response processes; focused on efficiency and analytic value • Developed strategic security metrics and corresponding processes to provide a health measurement of the security strategy

Group leader involved in the planning and execution of mission support to the National Ground Intelligence Center (NGIC). Responsible for unit information systems, information assurance, security clearances (S2), unit training (S3), and subordinate officer development. Retired rank: Major.

Professional services consultant using a collaborative, vendor neutral approach to design and implement technology solutions to achieve business goalsMultinational Manufacturing Conglomerate • Architected and managed a global security information and event management (SIEM) solution to analyze and correlate log and network data from disparate systems using commercial and open source technologies • Team lead of an internal penetration testing team (Red Team) designed to objectively assess security controls and processes • Security architect on multiple projects spanning applications, infrastructure and mobility • Member of design and implementation team for incident response • Managed multiple external penetration testing projects • Performed security testing and validation of multiple VPN solutions to replace hardware tokens • Key member of a governance committee for applications within a web hosting facility

Delivered security and infrastructure solutions across diverse industries as a professional services consultant.Multinational Manufacturing Conglomerate • Assessed critical servers for compliance to corporate policies and security standards • Collaborated and developed security policies and standards around server configuration, directory services, access controls, data protection and application security • Conducted internal penetration tests for organization business units to validate security controls and identify weaknesses • Performed web application security assessments on business critical applications to identify vulnerabilities and educate developers on secure coding techniques • Security architect working with internal customers on projects to meet business and corporate security requirements • Evaluated new technology, such as mobile devices, full disk encryption, remote control software and Bluecoat proxy authentication for functionality, manageability and security implications to the enterpriseBanking/Financial Services Corporation • Performed an ISO 17779 security assessment, gap analysis and remediation of 300+ critical systems resulting in enterprise standardization, tighter system security, and increased regulatory compliance • Implemented an enterprise security management tool supporting system policies and server hardening • Developed and implemented a process to test and certify over 60 applications in a centralized Citrix server farm