Responsible for leading Coalfire's PCI practice and SaaS product development efforts to coordinate and implement all PCI project methodologies, to include working with leadership to develop and implement a central strategy and vision.Devising prompts for ChatGPT, Claude, and other generative AI tools in order to improve customer and team member experiences.Collaboratively work with other practice leads and customers to define the best product for customers.Utilizing OpenAI technologies to define stand alone and prompt chains to expedite assessment and automation components in order to give time back to customers and team members.Develop, test, and integrate automation and reporting capabilities into all Coalfire practices through Coalfire’s SaaS products to enable better experiences for customers and team members.Build and maintain a growing list of payment and/or cybersecurity compliance frameworks against known industry/regulations/standands (ie NYDFS, GDPR, DORA EU 2022-2554, Spain ENS v2023, SWIFT CSCF)Work with other product leads to refine the compliance, framework, and reporting needs for internal and external customers for healthcare (HITRUST, HIPAA), government entities (FedRAMP), and all other international and/or domestic entities (ISO/SOC).Responsible for developing and issuing marketing content along with a team of dedicated marketing personnel that are assigned to the PCI practice. Marketing content includes blogs, industry whitepapers, educational videos and online webinar support for Coalfire and our partners.

Responsible for leading Coalfire's PCI practice and CoalfireOne product development efforts to coordinate and implement all PCI project methodologies, to include working with the leadership team to develop and implement a central strategy and vision.Actively participate in several Cloud Security Alliance (CSA) working groups and attend the PCI SSCs Community Meetings to engage with the community and drive innovation and change.Developed, tested, and integrated automation and reporting capabilities into all Coalfire practices to enable better experiences for customers and team members.Work with other product leads to understand compliance, framework, and reporting needs for internal and external customers for healthcare (HITRUST, HIPAA), government entities (FedRAMP), and all other international and/or domestic entities (ISO/SOC). Act as the final escalation point for all PCI projects, to include any PCI DSS requirements interpretation challenges or client conflict resolution requests.Responsible for management and oversight of Coalfire's global quality assurance program associated with all PCI project types (PCI DSS, 3DS, PA-DSS, P2PE, QPA, PFI, and SSF)Responsible for developing and issuing marketing content along with a team of dedicated marketing personnel that are assigned to the PCI practice. Marketing content includes blogs, industry whitepapers, educational videos and online webinar support for Coalfire and our partners.Responsible for supporting sales initiatives with regard to Coalfire's PCI business vertical, to include assisting the sales team with the development of sales templates and costing processes, as well as, supporting outbound sales communications that are associated with PCI topics, to include involvement on project proposals for critical or high-risk projects.

Develop, plan, and conduct risk management control and compliance audits (Sarbanes-Oxley 404, GLBA/FFIEC, FISMA, and PCI DSS, ISO 27001/27002) for medium and large companies.Develop and manage integrated domestic and global compliance, risk management, and cross-referenced industry best practice audit frameworks to allow companies to effectively manage costs, while ensuring continued compliance with external and internal auditors. Manage and maintain a team of security and compliance assessors, as well as, provide guidance, mentoring, and oversight for team operations.Implement process and tool development operations for Windows, Linux/Unix, virtualization platforms, infrastructure components to increase Coalfire efficiency on assessment activities. Assist sales team in identifying, quantifying, and closing qualified sales leads. Define and run custom reports in Salesforce to track pipeline.Participate, manage, and conduct comprehensive technical audits, including the review and/or penetration test of complex, disparate networks & systems, SCADA environments, and applications.Conduct incident response and digital computer and memory forensics activities of Windows, *nix, and embedded systems (Point of Sale,etc). As necessary, assist organization's through litigation proceedings.Manage and maintain detailed indexes of modern and emerging malware, rootkit, and botnet binary variants. Maintain and support federal law enforcement (FBI, USSS, DHS, NSA) on cybersecurity threats.

Manage client and delivery for IT governance and assurance audits for Sarbanes-Oxley 404, GLBA/FFIEC, FISMA, and PCI DSS assessments. Work with sales leads to quantify and close reoccurring and new business opportunities. Plan assessment schedule to align with client expectations and resource availabilities.Conduct technical network and vulnerability operations, client remediation and guidance, and network, application, and black/white box penetration test assessments.Conduct incident response and digital computer forensics activities to aid clients in identifying and containing security or intellectual property breaches. As necessary, assist organization's through litigation proceedings.

Manage client and delivery for IT governance and assurance audits for Sarbanes-Oxley 404, GLBA/FFIEC, FISMA, and VISA PCI. Conduct technical network and vulnerability operations, client remediation and guidance, and network, application, and black/white box penetration test assessments.Established Coalfire's Incident Response division with the support of team members and Coalfire's President, Rick Dakin in 2006. Proceeded to define uniform technologies for bit-image data captures (live and offline), analysis / searching through Encase and FTK, and customer reporting. Conducted incident response and digital computer forensics activities to aid clients in identifying and containing security or intellectual property breaches. As necessary, assist organization's through litigation proceedings.