• Acting in dual capacity as Penetration Testing Technical Leadand Costumer Service Delivery Manager for the AmericasRegion.• Collaborate daily with other C-Level Executive and Regional inreview and resolution of security services projects.• Provide subject matter expertise in Risk Management &Governance to our organization and services.• Actively engage in Diversity, Equity & Inclusion (DEI) initiatives• Collaborate with C-Level executives to execute Next GenerationCyber Security projects.• Provide metrics to C-Level executive and Cyber security team forthe America Region.• Manage Third-Party vendors relationships for the penetration testingservices.• Lead and oversee the development of the next generation ofCyber tools and applications for our Global Penetration Testing

• Manage the overall US Member Firm Application Security program and help trained new resources in US and oversees including 12 full times employees and various contractors. • Managed and coordinated the delivery of over 120 Internal Web Applications Penetration test annually. • Managed and coordinated our Third-Party Penetration Testing Services to help comply with contractual obligations and help provide technical knowledge and recommendations on remediation.• Provide technical support to Risk & Compliance reviewing Third-Party Penetration report provided by our vendors and providing feedback to leadership as part of the Third Party Risk Management process. • Managed major work streams. Including a project to test all our public facing applications. This was a 1-year project, covering over ~3,000 assets, managing ~10 contractors.• Re-designed our Phishing campaign process to test all US Member Employees adding additional test for employees per year and additional different types of attacks\techniques. • Performed initial evaluation and deployment of the Phishing Outlook add-in that replaced the previous reporter option and provided additional enhancements and data that help us assess our employee’s resilience to phishing attempts. • Collaborated with Deloitte Cyber Design Solution Studio to help enforce the minimum requirements for SSDLC production release. • Provided Support Risk and Compliance Team with clients, industry and auditing requirements such as (AUP, SOC2, ISO 27001, FedRAMP)• Continue building relationships and promoting Application Security Services with several business owner within the US Business Function to extend the coverage of our AppSec program. This effort lead to growing our SAST program from ~800 to ~1,500 (or 700 new) profiles.• Tested and Deployed a new DAST Scanner as our new US Firm approved DAST vulnerability scanner.

• Managed the overall US Member Firm Vulnerability program including both Network and Application Security. Including managing 5 full times employees and various contractors.• Assisted with SAST / DAST scans and performing Application and Network Penetration Testing. • Built relationship promote Application Security Services with Deloitte Application Studio and other development groups over the US Firm that lead to over 600 new applications for SAST. • Deployed Network Vulnerability scanners to enhance the US Firm Network Vulnerability program and provide better service to our clients. This included several high priority scanners for the US Firm Federal Practice, US India Networks, and VIP Clients Segmented Networks. • Delivered and managed our phishing program to train our employees and build employee resiliency against real world scenarios• Tested and Deployed on-prem IDS/IPS solution in collaboration with Deloitte Global Cyber groups. • Tested and Deployed on-prem Email Security and Malware Analysis devices to improve our ability to detect and improve our defenses against advanced threats including phishing and malware. • Collaborated with the Threat Intel Team gathering data related to state sponsored attacks.

• Recognized by Cyber Leadership as a Mobile Device Security SME. • Collaborated with other teams performing research and adding knowledge of new industry threats and technologies to the enterprise InfoSec practice.• Performed technical research, tested solutions and help developed security standards and guidelines for Windows Surface, Android (smartphones and tablets) and iOS (iPhone and iPads) family of products. Some of the standards included:o Global Policy Objects; o Use of S/MIME certificates in mobile platforms;o Enterprise key management and Full device encryption of mobile devices including Android, iOS and Windows Surface products.• Provided support testing new operating systems versions for iOS, Android, Windows 8.1 and OS X Mavericks to ensure compliance with our standards and develop security recommendations to mitigate gaps in the implementation; therefore, been part of the task force team developing the disk images to be used across the US Firm.• Tested various vendor products for digital rights management systems (DRM) and provided security recommendations to Leadership. • Performed analysis, testing and reporting of security recommendations for new mobile device management systems (MDM) ensuring enterprise standards are met to enforce encryption, remote wipe, remote locking, and geo-location of devices among others.• Responsible for the analysis, testing and mitigation of zero-day exploits across different systems and applications including iOS, Android and Windows operating systems. • Actively involved in mentorship initiatives to empower junior talent and help network with other leaders across the organization.

• In addition to previous responsibilities, I became primary “On-Call” (around the clock) key resource for the level 2 federal security incident forensics response team. • Administer and roll out new VMWare based cloud testing virtual environment.• Responsible for the resolution of firewall requests.• Worked closely with customers and internal teams to verify compliance of impacted servers using IBM’s Big Fix and Tivoli’s Web Reports. • Experience with our IPAM (IP Address Management) tool to effectively visualize the network and infrastructure impacts of new firewall rules. • Tasked with analyzing and approving incoming and outgoing network traffic rule changes to ensure security compliance. • Ensure limiting of subnet access for new firewall rules. • Work closely with customers to find specific solutions that will minimize the impact to business operations while ensuring security guidelines are met. • Familiarized with the implementation of federal DISA STIGs (security and technology implementation guides)• Tasked with recovering file backups using Autonomy’s Trident software, email data using PowerShell scripts and Connected ® Classify and Collect software for incident response activities involving malware, device theft, device loss, etc. • Responsible for the forensic analysis and review of incidents to find sensitive data that if compromised could impact business operations or client data based on client agreements and data classification. • Report to top leadership forensic findings and high priority items categorized by client and impact of the sensitive data in order to take immediate action. • Tasked with the evaluation, testing and reporting of DLP (Data Loss Prevention) tools from vendors like RSA, Symantec, etc.

• Responsible for developing new and updating outdated security standards and guidelines for the Information Security Risk and Compliance team.• Initiate the peer review and leadership approval workflow for new standards and engage in constructive discussions about impact and mitigation benefits of new standards to be rolled out. • Worked closely with internal IRC teams for multifaceted input on new standards including teams like: vulnerability testing, corporate governance, and risk & compliance teams.• Administered the Internal Security SharePoint Document Library and responsible for the creation of effective communication to impacted national teams to take action on future policies to be enforced. • Responsible for the discovery, enforcement and implementation of new SAP Security rules for accounts and groups using the SAP Compliance Calibration tool. • Administered the creation and cancellation of permissions to users and service accounts inside the SAP system. • Worked with the Kintana Change Management System to push and deploy new policies and permission changes to the production SAP environment. • Worked with the Internal SAP Audit team and offshore resources to optimize the discovery of vulnerabilities in the active permissions on our production systems. • Administrator and key resource for the setup, and operations of the IRC Virtual Lab. • Lead the testing of new applications and operating systems like Windows 7 and Windows 2008 R2 inside our Virtual Lab. • Ensured compatibility and reported findings to leadership on integration challenges of new OS’s to be rolled out. • Tasked with the resolution of tickets from Service Desk (our internal Change Management System) in order to resolve a varied set of security issues including SAP access control, password reset for super admin accounts, etc.

• The HITEC Emerging Executive / E+ Program is a year-long, cohort-based program that develops emerging and high-potential Hispanic technology leaders looking to become tomorrow’s high level corporate executives. The work of the Emerging Executive / E+ Program continues to be central to HITEC’s core mission – to develop future Hispanic technology and business leaders.• The Emerging Executive Program is designed specifically for manager/director level executives that have mid-level management experience and are in a position to take that next step in their career towards a senior-level role.

• Responsible for the maintenance and technical support of RF Systems. Capable of deploying, sustain, troubleshoot, and repair standard radio systems and equipment (radio frequencies wireless, line-of-sight, beyond line-of-sight, wideband Satcom and ground based communications)• Veteran of Operation: Enduring Freedom. • Honorable Discharge: September 2011.• DOD sponsored security clearance: Active.

• Tasked to spearhead an audit initiative to ensure compliance with the BITS Security guidelines. • Worked closely with internal teams and an external group of auditors to provide all available data for the BITS analysis. • Responsible for gathering scattered data from different internal systems to compile random sample information. • Work closely with the initiative team to identify and pinpoint gaps in BITS compliance. • Responsible of demonstrating and defending several group policy objects and tasked with the creation of focus groups with random cross-functional company users to ensure all GPOs are active. • Tasked with administering the IRC Lab to test new security measures and new products in a contained environment. • Responsible for evaluating final findings, analyzing and creating reports for top leadership in order to develop an action plan to mitigate any gaps in less than 6 months. • Winner of national ITS case study and recognized for an outstanding creative program to attract and retain young talent with an especial focus on campus hires.

• Tasked with documenting security standards and procedures for the US information security practice.• Key resources tasked with the creation of a unified and overall security standard for COBIT compliance. • Responsible for identifying key criteria, vulnerabilities and gaps in current security standards; to subsequently develop a mitigation and gap analysis of current standards. • Provide effective recommendations and plan of action to bridge the gaps encountered in order to develop and optimized security architecture to be applied in our national practice with a special focus on securing our federal practice. • Presented and defended the findings to middle and top leadership with excellent feedback and performance reviews as outcome. • Updated the information security internal document library and spearheaded a campaign to share and distribute this content with other national teams. • Ability to work effectively in cross-functional and collocated teams including interaction with offshore resources.• Actively engaged and worked closely with several internal departments required for the assigned tasks like Networks, Architecture, Disaster Recovery and backup, Operations and the National Office of Practice teams.