I oversee the implementation and maintenance of security controls such as network and cloud security controls, intrusion detection/prevention systems, vulnerability management, identity and access management, enterprise email security, endpoint and data loss prevention solutions.Network: Design, implement, and maintain network security controls such as firewalls, intrusion detection/prevention systems (IDS/IPS), and web filtering solutions.Cloud: Implement and manage security controls for cloud computing platforms, including AWS, Azure, or GCP. Develop monitoring capabilities for cloud activity to detect suspicious behavior and potential threats.IAM: Design, implement, and maintain IAM policies and procedures. Manage user access privileges and entitlements.Mail: Implement and manage email security solutions (i.e. - webmail gateways, DMARC, DKIM, SPF) to protect against spam, phishing, and malware attacks.SaaS: Oversee procurement and development of enterprise password management solution. Oversee procurement and development of SaaS security posture management solutionEndpoint: Oversee endpoint security configuration. Ensure endpoint activity for suspicious behavior and potential threats are addressed timely. Implement and manage endpoint security solutions to protect laptops, desktops, and mobile devices from malware, ransomware, and other threats.Vulnerability management: Oversee and mature the IT asset inventory, scan and assessment coverage. Identify, track and report on relevant vulnerability metrics to key stakeholders.Key Values and Strategic Roadmap: Put clients first and consistently display a positive attitude and behaviors that demonstrate an awareness and willingness to listen and respond to clients in order to meet their short-term and long-term needs, requirements and exceed their expectations. Enforce integrity, critical thinking, problem solving, communication, accountability, communication, and innovation.

In an impactful and elastic landscape, I am dedicated to fostering resilience and confidence in the face of cyber threats. My mission is to effectively respond to, uncover, and rectify cyber incidents, serving as a reliable partner during times of chaos and uncertainty. My personality and drive foster secure design solutions, risk management strategies, critical thinking and problem solving, team building, and coaching and mentoring our future. • Spearheaded 10 strategic and proactive incident response services delivering cyber security strategies, risk profile and threat mappings, and incident leadership training for 55 global middle market businesses and diverse industries.• Cultivated and led a high-performing team of 12 professionals, managing $2.2 million in revenue, specializing in cyber response services encompassing reactive, fraud, insurance, insider, and proactive incident response.• Virtual Security Director for 25 companies, leading data classification, threat and vulnerability mapping, comprehensive business risk mitigation strategies, and incident handling and recovery. • Orchestrated centralized crisis response efforts as the incident commander, seamlessly integrating with client response teams and serving as the vital communication bridge between leadership, business owners, and legal during crises. • Specialist for the design, methodology, and delivery for all critical zero-day exploits and analysis, and communicating to stakeholders the business scope, criticality and impact. • Primary point of contact and trusted advisor for 30 clients throughout the lifecycle of incident response; developed and executed response strategies, and managed relationships, resources, and tasks across numerous and unique business models, partners, industries, stakeholders, legal, and compliance.• Lead advisor across multiple compliance, security and risk frameworks: NIST 800-30; 800-39; 800-53; 800-61; 800-83; 800-171 and CSF; PCI-DSS, Mitre ATT&CK, and CIS.

The current state of readiness and resiliency is only a snapshot in time. My mission is a journey with the client, customers and partnership to create and deliver world-class, innovative, and valuable services and solutions that assess the current state, but delivers the desired state of security.• Directed, trained and assessed the corporate security vision, strategy, and programs across a team of 50 professionals specializing in security, incident response, adversarial testing, privacy, risk, compliance and business continuity assessments. • Virtual CISO for 25 organizations, specializing in data protection, incident response management, threat mapping, and comprehensive business risk mitigation.• Spearheaded 3 unique IR services that test a core response team's ability to detect a controlled adversary and reconstruct the attack lifecycle and tactics; numerous control objectives are met across several compliance standards and security frameworks by integrating IR testing, penetration testing, and logging and monitoring capabilities within the solution.• Subject matter expert for risk profile development and roadmaps; spearheaded the initial rollout of the methodology, design, interview, and testing requirements for NIST 800-171 readiness assessments, and NIST CSF tier development.• Created 4 tailored risk services that assessed the readiness and security benchmarks of the overall cyber security program, mapped and weighted controls and testing procedures to cis attack vectors, business process risk strategies, and Mitre ATT&CK tactics, and developed prioritized remediation roadmaps aligned to the lifecycle of attacker techniques and impact.• Mentored and cultivated a team of 15 cyber specialists that achieved 25 industry-leading certifications, regularly contributed to the development of complex cyber security assessments, supported a variety of global advisory engagements, and developed innovative industry tools reducing assessment time and cost by 20%.

My goal and vision are to provide effective and defensible direction and leadership for information security and consulting teams, and their response, readiness, and remediation strategies. My key roles are to provide world-class enterprise consulting services, business and process impact assessments, compliance and standards strategies, and technical and strategic consulting training and mentorship. • Developed a team of 12 professionals and championed a curriculum and career path focusing on business hardening, business strategies, market landscapes, layered-defense strategies, and risk assessments. • Developed 5 global incident response services for tactical deception, secured virtual environments, anomaly detection and reporting, and signature development for world-wide remote investigations, and near real-time analysis.• Led enterprise risk management, privacy, and security breach investigations, containment, and recovery efforts for 35 middle market businesses, and 110 incident response team members.Subject matter expert and solution architect for cyber resiliency, data monitoring, intrusion analysis and breach mitigation, system and network recovery, and communication solutions.• Developed foundational consulting training focusing on the skills and confidence to create and present comprehensive and actionable reports to distinct audiences, clearly communicate findings and criticality to a variety of clients and stakeholders, collaborate with numerous consulting verticals and disciplines, and understand business drivers, strategies and constraints. • Lead teacher and facilitator for both tactical analysis and strategic planning for the following courses: -- Debugging/Disassembling a Basic Binary -- Buffer-Overflow/ Application Security -- Decoding Basics -- Initial Triage and Investigation -- Process Risk, Data Mapping and Classification

Honor, integrity and duty are the hallmarks for my work ethic, commitment, drive and dedication. My strengths and vision for this role provide honest, fearless, and adaptive leadership and cultivation, strategies to ensure sustainability for standards and compliance, mitigation of risk and impact through expert incident response handling, detection and containment, and protect our data with strong and effective information assurance practices. • Lead Analyst for USAF Computer Emergency Response Team, providing intrusion detection for assets worldwide.• Led 29-person team across 4 disciplines (Network Attack, Defense, Exploitation, and Intelligence) providing base-wide response, awareness, training, resiliency, and indicators of compromise.• Managed a $10.8M budget supporting 1600 group resources, 2400 personnel, and 150 annual projects.• Developed behavioral analysis to identify resource anomalies and quarantine communications near real-time• Developed, created, and incorporated a standardized security monitoring effort that included base-lining traffic, protocol inspections, and securing and correlating security events• Implemented layered-defense strategy to include intrusion detection and prevention, perimeter control, network and application access control, and host system analysis and integrity