Technical manager role with a global team responsible for security architecture, engineering and security operations. My team and I deploy capabilities that protect the cloud, with Identity and Access Management programs, privilege management and conditional access with a design goal of a zero trust model.Manage and mentor employees, setting key initiatives to develop capabilities to improve security maturity across the enterprise. Designing controls for on-prem as well as the Azure Cloud, manufacturing (OT) security, endpoint security controls and network. Implement Security Operations Center resulting in more time for engineering to improve services.As always not forgetting the human element, push security education program to end users and educate using ethical phishing.

For mostly fiscal reasons I moved back to Philadelphia. I must admit I could have benefited from a bit of hindsight. Working since my teens I did not time it perfectly.

I resigned to relocated back to Philadelphia end of August 2014.As the Chief Information Security Officer for the Department of Technology (DT) I was responsible for providing direction and implementation of an information security management program, change management and DR/BC services for DT, the shared service organization for CCSF. This was later expended to include CTO and other security initiatives city wide.My team and I set out to implement a Cyber Security program that reduces risk to city information assets.Security Services Business unit goals were published aligning security team activities for the next year. A first for DT, formally approved Information Security and Change Management Polices. A mandatory minimum security awareness training program for DT with progress in deploying city wide; with most either evaluating the solution or adopting for security awareness training.As Acting CTO I was charged with operational oversight for Operations and Infrastructure (O&I). The O&I group provided shared network and predominantly virtual infrastructure services to city agencies. This was an experience as it conflicted with my Information Security role.

Implementing CyberSecurity program as directed by parent company PCC without risk to Timet operations. Interact with IT, Management, Business Units and Information Services influencing an Information Security aware culture and communicate perceived risk to the business. Manage Information security protects to on-time completion. Keep current with possible threats to the organization. Run Security awareness campaigns; validate Information security policy compliance and lead division security operations.During my time at TIMET I was responsible for a successful company wide design, deployment and end user training of endpoint security control Invincea. I also performed a risk analysis on the status of Window XP retirement. To build build relationships across the company I created a Security SME network from each satellite location which met monthly.The role was not challenging enough and decided to take an opportunity in San Francisco.

Network and Mobile Security Subject Matter Expert working with Technical Groups to deploy and maintain secure access solutions. Network security role included providing consult, review and approving requests for network changes to internal and Dow's multi-tenant network design. Performed security risk assessments for corporate projects using industry standard processes. Where reviews did not fit within the process I was asked to perform a qualitative security risk review. Gathering facts and options or the product/event/solution that would created an SME security opinion of the perceived risk/residual risk and provide a recommended way forward.Continue to support the Rohm and Haas transition to Dow Systems. Incident response responsibilities covered both Rohm and Haas legacy and Dow systems. Using network forensics and SIEM tools to gain more knowledge of the issue at hand and resolve as quickly as possible for the business.During this position I obtained my CRISC Certification through self-study.

During this time the Dow Chemical position was changed to contract managed by Judge Technical.

Dow Chemical acquired Rohm and Haas Company in April 2009. My role was accountable for preforming risk analysis reviews for multiple corporate initiatives using both standard review process based on ISO27001 or a Subject Matter Expert (SME) security review. Working as the Risk Reviewer, SME or both my role performed risk assessments of business or information technology solutions. Security gaps were identified, communicated to the project team and consensuses obtained on mitigation. Influencing changes without direct reporting relationships. Risks were always mitigated and review approved and closed by key stakeholders. During my assignment my role also provide subject matter security expertise on a variety of technology areas including perimeter security, mobile security and encryption, implementing egress firewall rules for Dow Datacenters without operational impact. Technical Standards were reviewed with stakeholders and suggestions incorporated into technical standards. My responsibilities included working with with incident management to provide solutions to operational issues affecting both Rohm and Haas legacy and Dow systems. Secondary responsibilities include security operational support for legacy Rohm and Haas systems and the migration of these legacy systems to corporate standards (Network/Wintel).

A strategic and operational security role for a global specialty chemical company with revenues exceeding $9 billion. Team Lead Information Security protection with a full time security engineer and three regional support personal with 25% of their time allocated to security. Responsible for Technical strategic planning and technical support for a wide area of Information Security including Microsoft Windows Server Technologies, IPS/IDS, Cisco firewalls, Cisco Virtual Private Networking (VPN), encryption, virus protection and penetration scan mitigation. Influenced change across departments working with technical leads without any direct reporting structure.Responsible for corporate Information Security policies and standards including mobile security, network policies and personal wireless technologies. Carried out vulnerability scanning/attack footprint assessments for service and web applications offered internally and externally via reverse proxy.Supported centralized security administration process improvements and provided third level support to our security administration group. Performed Security Architecture reviews for COTS solutions, server design and network security. Regularly took leadership role during security incidents to resolve business issues quickly and when required follow up on successful technical resolutions that conform to policy and technical standards.Additional Assignment: Feb 2005 - Nov 2005 Chemical Information Data Exchange (CIDX), (American Chemical Council, later ChemIC)Non-Profit trade association working with members of the Chemical Industry to improve overall industry Information Security.During this position I obtained my CISSP and CISA Certifications through self-study.During this time I also became a US Citizen.

After transferring to the United States my responsibilities included subject matter expert for Collaboration Tools (Lotus Notes platform) and the new Windows 2000 Desktop and standard Server 2000 builds. Solely responsible for the standard server build which was deployed across the company.The Standard Server build was fully automated with server role selection and hardware platforms integrated in to the install script. Standard configurations for a secure insulation of the server were incorporated. Each service required an owner and reason for being installed and configured within the standard build, exceptions were handled with Post Server Install SOP. Server Install Standard Operating procedures were maintained and communicated to interested parties.

During 1997 Rohm and Haas implemented a common desktop. Approximately 9,000 workstations, of which 3,000 were in Europe, were migrated to a Microsoft Windows 95 desktop. Traveling 15 months out of 18 meeting with customers to resolve issues and remove barriers to successful inplementation. Influenced changes to Global Team to resolve global deployment, technical and European language issues. I received a Vice Presidents Award for my contribution to the deployment. The European deployment was completed on-time.

I started Rohm and Haas (UK) in my teens as a trainee stores clerk. I picked up the manuals and started to learn about this IT thing. I gained more responsibility within the IT department and eventually was responsible for all aspects of the site IT. Implemented my own standard desktop to reduce support calls and make more effective use of resources. I assisted in deploying this concept across the company with that moved to our Croydon Office. Moving from the North East of England to the South was a big deal. (more than the later move to the states).Supported AS/400, IBM 3270 SDLC Remote Office Connectivity. (Green Screen later upgrade to Rumba Emulation).Supported 200+ Users on-siteSupported Novel Netware Server & AdministrationImplemented and Supported IBM Token Ring Network across manufacturing site.Provided high level guidance when required on SCADA Network (Wintel Only)