Risk & Cyber Strategy

Security Strategy, Risk & Compliance, focusing in Cloud Security for AWS and Azure. Managed multiple international engagements for assessment and remediation activities for multiple frameworks, including NIST 800-53, 800-171, PCI DSS, ISO 27001/2, 27018, 27019, SOC2 (SSAE16/SSAE18) Type 1 & type 2, NIST CSF. Industries include government and defense (EU, Japan and South Korea), Media (South Africa, US, Japan), Industrial and Energy (US, Japan, South Korea), Financial Services (US, Japan, Australia, EU, Chile.)

Joe provides detailed direction on key compliance related technical and marketing tasks to launch an offering, or collection of offerings in the portfolio. He is accountable for key outcome metrics, including customer satisfaction, accessibility and revenue and profitability of assigned offering. He performs pipeline and opportunity cost analysis and prioritizes compliance asks of the global market teams. Joe works collaboratively with General Managers, geo sales teams, internal and external auditing teams, as well as other product line compliance and security SMEs.

I act as a sales and delivery firefighter to help lead global teams to customer success and satisfaction. Working with colleagues and customers on five continents, I've helped sell and deliver seven figure information security engagements in many industries, and in a variety of countries. Language barriers are something I'm extremely skilled at overcoming; one particular point of pride is when my Japanese team and customers told me that I'm the most patient westerner they've every worked with during engagement sales and delivery regarding language issues.While I've had many great experiences at IBM working cross-culturally, one of the most interesting has been while I was the Information Security Officer for the European Union Directorate General TAXUD (the customs and tax division of the EU.) I worked with hundreds of people from Poland, Romania, Greece, Belgium, Spain, Ukraine, and other countries with competing priorities and communications styles. Besides getting to partake in Belgian frites, having to haul back kilos of Leonidas chocolate for my family, and visiting many WWI sites throughout the area, it was one of the most rewarding experiences I've had. Even projects that are worth millions of Euro still depend on the people that are getting the job done. I pride myself in gaining the trust of my team, as well as the customer. I have the best interests of both at top of mind.

I led information security engagements in the energy, chemical and retail sectors.

Lead and participated in security and privacy assessments as well as remediation planning, for companies spanning an array of industries including: retail, federal & state agencies, financial services, manufacturing, hospitality, healthcare, construction, and professional services firms.Serve as a national expert in the Payment Card Industry - Data Security Standard (PCI-DSS) segment of business for the firm; managed several multi-million dollar, high profile engagements; responsible for managing staff, client, and project relations/milestones/final product,Work closely with Partners, Senior Managers and Managers in all assessment efforts. Prepare and managed engagement budgets and staffing.Manage client programs with budgets approaching ten million dollars, including authoring and presenting to audit committees and C-level management.Extensive experience in leading information security related engagements including: introduction of risk-based prioritization of PCI-DSS remediation efforts; identification of compensating controls across platforms and applications; analyze and present deployment plan for intrusion prevention system rollouts in the data center core; identify critical events and tune current event logging and alerting capabilities to reduce information chaff and isolate meaningful events; interface with C-level executives to identify organizational challenges; generate cooperation and understanding between technical, security, and business teams with great efficacy; assist in planning through discussion in differences between PCI-DSS versions and give risk-based guidance on forthcoming PCI-DSS standards; conduct data path mapping of PCI-DSS relevant data for systems; design and manage internally driven remediation projects; provide interface as subject matter expert between entities and acquirers for assessments and third party audits

Functioned as sole risk advisor for business continuity, physical security, and IT security. Conducted risk analyses, risk program coordination, and consultation on risk mitigation plans.Lead the design and execution of risk and control identification, integration, evaluation, and reporting processes. Provided expertise in risk assessment and mitigation to internal and external clients.Regularly advised senior management on key risk management efforts, in addition to reporting of new risks and mitigation strategies.Lead integration and collaboration efforts for major stakeholder groups and programs, to include internal audit acceptance of multi-million dollar programs. These programs include strategic identity management planning and data loss prevention implementation.

Worked at plants that produced refrigerants using anhydrous Hydrofluoric acid, which kills people pretty quickly. I've walked through a cloud of chlorine gas to get back to the admin building after fixing DNS settings on an operator's terminal, etc. Worked for Equifax, Dell, Michelin, Computerland, etc. Network/Windows Admin. Electrocuted myself installing DSL repeatedly. Trained sales people on VPNs to enable tire dealers in the middle of nowhere to get rebates, set up new offices, etc. I volunteered for that in November in Nova Scotia, and I didn't own a jacket (being based in South Carolina). Team player. Security administrator.