Start-up Cybersecurity Firm that went from 0 to $4 million in sales within 18 months. Acquired by Access Point Technologies.* Provided Cyber Advisory Services to a large Insurance merger * Provided Technical Due Diligence support to a $100 million PE backed acquisition of 6 companies* Provided cloud migration advisory to PE backed acquisition

* Over 3 years won $53million in sales (24million in advisory services)which represented over 90% of QOMPLX's revenue* Executed global transformation of one of the world's largest law firms* Won 10 of 11 opportunities

• Architected and executed a SOC 2 Type 1 & 2 compliant SaaS program• Architected and executed a Privacy Program for GDPR compliance and Privacy Shield Certification• Lead all Governance, Risk, and Compliance efforts• Implemented an Application Security Program aligned to OWASP• Implemented a company-wide Security and Education Training Program• Architecting and aligning security controls to meet ISO 27001/17/18 for Managed Cloud Services• Implemented prescriptive security controls and assessed to PCI-DSS V 3.2 standards via SAQ-D for compliance as a Service Provider• Aligned and mapped existing security controls for HIPPA compliance as a Cloud Service Provider - SaaS

• Plan and schedule audits, developed audit work programs, and executed integrated audits.• Successfully implemented an ISO 17020 quality system for NIST 800-53 security and compliance audits.• Successfully navigated a FedRAMP 3rd Party Audit Organization (3PAO) assessment (NIST 800-53) for certification with minimal deficiencies. (Awaiting certification)• Lead Penetration Test Engagements: Scheduling, Resource Allocation, Rules of Engagement, and Final Reports to include client management and interaction.• Provided NIST 800-53 moderate and low audit guidance across the full stack for IaaS, PaaS, and SaaS providers for compliance: Boundary Identification; hypervisor issues; multi-factor authentication; continuous monitoring and tool selection.• Advise CEOs, CISOs and Executives on implementation of NIST 800-53 (RMF) to meet compliance standards. (Advise on GRC Tool selection)• Provide Independent Risk Assessments for small to mid-size companies:o Security Risk Assessment for a 250-person Federal Contractoro Business Protection and Risk Assessment for an international Block Chain Encryption Companyo Independent IT Risk Assessment for an international non-profit.

• Led Security and Business integrations for two major mergers and acquisition efforts. ($5 billion merger and $120 million acquisition)o Responsible for security due diligenceo IT mapping, IT Staffing, Business application use, inventory and software licensing.• Responsible for internal compliance and IT control assessments as part of contractual and regulatory requirements, Sarbanes-Oxley 404, GLBA, FISMA, ISO 27001, COBIT.• Achieved RMF and CMMI level 3 accreditation for a $500 million, satellite constellation from design through on-orbit operations to include the space vehicles, launch site, manufacturing factory, and ground station staffed by over 900 personnel (Utilized Exacta). o Executed and aligned business priorities to encompass regulatory requirements through direct management of design and architecture of the secure information system and infrastructure.o Monitored key decision points and managed the Plan of Actions and Milestones to ensure on-time, in scope, and within budget delivery of the system and associated software.o Provided leadership and management of the system administrators, network security engineers, information assurance analysts, software developers, and end user requirements to deliver a secure and compliant system that met user needs.o Managed Key Performance, Indicators and Service Level Agreements of all 3rd Party Vendors and Subcontractors.o Directly engaged and developed strategies for disaster recovery and continuity of operations.• Created and documented efficiencies and cost reductions by breaking through departmental information silos.o Identified control gaps and aligned business objectives and priorities with IT, IT security, Developers, Network Engineers, Audit and the PMO.o Identified and leveraged overlaps in common controls of multiple mandates to reduce cost of maintaining duplicative controls.o Created yearly savings of $1 million cost reduction in direct labor while managing 50+ professionals.

• Senior advisor for technical security design, implementation, and management for senior executives in research, development, test evaluation, acquisitions and operations for the U.S. space community and senior government and space industry executives. • Ensured the US Air Forces interests in security, risk, and compliance of the XSS-11, Experimental Microsatellite program were achieved.o Provided expertise and management to the prime contractor and AFRL for information assurance and security risk.o Ensured system development and design met USAF specification.o Documented risks and provide mitigation strategies to enable key decision makers within the Defense Department and USAF to make decisions based upon accurate information.o Worked with network engineers, system administrators, and software developers to accredit a unique ground station that could securely process, store, and transmit sensitive data.• Planned over 150 internal audits and reviews to ensure that operational components met the leadership’s expectations for security and compliance. • Was responsible for the direction of Security Research and Development and alignment with business needs to reduce the risk of exposure to sensitive intellectual property.

Sgt. / Marine Security Guard • U.S. Embassy Seoul, South Korea• U.S. Embassy Georgetown, Guyana• U.S. Embassy Amman, Jordan