Founded and currently manage the Application Security Program in the ABB Enterprise Software Product Development Group. ● Established agile based industry focused risk management program to include formal policy, secure architecture, secure implementation, and product security testing for all SaaS and traditional products in the portfolio globally. ● Manage product security compliance program auditing products and ensuring they have proven adherence to specific customer security requirements as well as required global standards, regulations and guidelines such NIST, ISO, IEC, FISMA, and NERC CIP. ● Responsible for team of security managers focusing on corporate governance, customer vulnerability handling, application security best practices training for product management, product development teams, and quality assurance teams. ● Responsible for design and implementation ● Maintain strategic relationships across business units and IT to include Executive Team, Legal, Sales, Marketing, Program and Development Management, and Lead Architects. ● Manage sales lifecycle for security related RFP responses and nurture customer security relationships for all enterprise software customers globally. ● Present keynote presentations and customer facing workshops at corporate sponsored events. ● Mentor and coach a large group of product level security subject matter experts. Provide code level training to all development staff on secure implementation principles and strategies. ● Participate in industry standard creation, most recently the Cyber Security Framework for Critical Infrastructure.

● Managed security for software related projects in the Enterprise Solution’s Group. There are approximately 60 active (SaaS / IaaS / PaaS) projects ongoing at any given time. ● Responsible for software security strategy in the ESG group.● Designed and delivered Secure Software Development Lifecycle training classes that comprise of: ○ Dell Software Security Process and Strategy○ Global Regulatory Compliance (GRC) ○ Software Security Architecture Threat Modeling ○ Secure Development Principles and Practices ○ Static Code Analysis ○ Security Validation Testing● Managed Security Risk Assessment vendors who perform 3rd party audits of software development projects. ● Designed and maintain internal Software development penetration laboratory. Serve as security auditor of software development projects and provide development teams with final security clearance for products when released to ship (RTS)● Collaborated with cross functional teams across the organization to develop global Dell software security strategy. ● Served as security evangelist for development teams outside of ESG provide security presentations and technical advice for design architecture as well as implementation in source code.

● Performed comprehensive security assessments for clients. This process involved performing on-site interviews of key personnel, data gathering of internal network data and wireless networks using a variety of automated tools. ● Assessed physical security controls, evaluated BCPDR plan, all administrative and technical Information Security policies, procedures, and business process workflow. ● Prepared series of reports consisting of an executive summary, detailed findings, and databases that housed all raw data collected. The reports contained remediation recommendations for any deficiencies found as measured against ISO 17799, ISO 27001, GLBA, and/or HIPAA. ● Performed External Vulnerability Assessments and Penetration testing for PCI clients and other clientele. ● Manually verified all of the findings from Nessus and explored other potential vulnerabilities using a variety of techniques and insights gained examining clients external infrastructure. ● Presented detailed reports to personnel outlining findings and openly discussing remediation recommendations. ● Designed a C# .NET tool to parse Nessus NASL Plugins, Nessus NBE's, and MBSA results into a common database for use in creating reports and deliveries.● Prepared Statements of Work for Bids and RFP's.● Worked with Sales as a technical expert on Information Security related knowledge. ● Working knowledge and familiarity with many Information Security related regulations and methodologies including HIPAA, FISMA, SOX, PCI, OSSTSM, OCTAVE, ISO 27002 (ISO 17799), RIIOT

● Performed comprehensive business and technical analysis of enterprise class EDI systems and supporting subsystems. ● Performed in depth on-site interviews of all stakeholders and compared data to industry best practices from both a business and technical perspective. ● Authored multi volume assessment which comprised of formalizing business processes, justifying technological implementation as supporting the business processes and recommended business and technological efficiency improvements.

Provide IT security consultation services to a select group of clients.

● Responsible for all aspects of product development. Created and implemented HIPAA security policies and procedures for client base. ● Led team that designed Health based communications infrastructure (HL7) that allows disparate systems to exchange information securely. ● Managed team and designed scalable C# .NET/SQL (database independent) based Physician Management Information System utilizing agile software methods and post-agile methods. ● Managed team and designed PHP/PostgreSQL based Laboratory Information Management System for clinical laboratory which cut their associated operating costs by over 65%. ● Designed ADO.NET 2.0 data provider for database system not fully supported in .NET. ● Designed ANSI X12N EDI implementation for Electronic Medical Billing and Patient Accounting● Designed system for delivery of Laboratory Reports to various Physicians.● Managed Firewall and VPN solutions centrally for client base.

● Managed team of engineers on multiple projects. Developed and trained staff on existing and emerging technologies where necessary. ● Developed Windows MFC applications to help assist with daily activities. Designed and installed various small and large-scale data networks. ● Designed and installed corporate intranets. Installed and managed UNIX, Novell, and Microsoft networks. ● Redesigned and fixed complex WAN and LAN consisting CISCO Pix Firewalls, CISCO 7000 series and 2500 series routers, and CISCO Catalyst switches for 52-campus school district during a network blackout. ● Designed and implemented Web-based database management systems and WWW sites for small businesses. ● Installed, configured and maintained office network including mail servers, web servers, firewalls and IDS systems.

● Acted as a focal point for security related matters for multiple major corporations. Installed, configured, and managed pool of 1500+ Cisco PIX and Checkpoint 2000 firewalls for multiple enterprise level clients. ● Prepared security policies for customers and consulted on various levels of security model. ● Setup, configured, and troubleshot various VPN's to and from customer remote locations. ● Hardened Windows and UNIX based servers and workstations. ● Troubleshot and repaired firewalls and other networking devices in the field. ● Helped customers identify and correct complex network related issues affecting functionality and performance.

● Applied knowledge of networks gained working with UNIX towards Windows NT training. ● Assisted in the design and setup then managed a small Windows NT network connecting Windows 95 workstations using 10BaseT routers and CAT 5 cable. ● Researched and proposed solutions in conjunction with management for budgeted WAN implementation for use in the support of the T38 Avionics Upgrade program

● Integral part of engineering team that Designs, Codes, and Tests software and hardware changes for the UPT/IFS (Undergraduate Pilot Training / Instrument Flight School) T37 and T38 embedded flight simulators in Ada and C. ● Gained lasting experience working in different areas of the flight simulation world. ● Gained working knowledge through vigorous training in UNIX System Administration of Harris Nighthawks and Sun386Is consisting of Bourne Shell scripting, awk, managing user accounts as well as setting up then troubleshooting networks using Ethernet and Star topologies.● Advanced to B1b Advanced Weapons Simulator at Dyess AFB in Abilene. Applied experiences gained at Randolph toward the advancement of the B1b simulation program. ● Designed Coded and Tested software changes in FORTRAN for the simulator.