Responsible for Capital One programs in Workforce Productivity, Asset Management, and High Risk Tech Change under the IMPACT Technology Risk Managment (TRM) organization.

Responsible for overseeing the security posture of the McKinsey Global Energy and Materials (GEM) practice using internal frameworks based on the NIST CSF.Directed program vision, roadmap, secure product design and maintenance, control implementation and compliance, and organizational risk governance. Collaborated across engineering, risk, privacy, and legal, both at Firm and practice levels. Lead practice audits and security testing. Represented security in client and partner interactions, growing firm-client security engagement practice and relationships. Drove firm development and implementation of artificial intelligence cyber risk management framework.

Lead the team which developed Department of State (DOS) official Risk Governance, coordinating with disparate DOS agency sub-organizations in collaboration with the DoS Director of Assessment and Authorization, leveraged experience and subject matter expertise, serving as the authoritative department-wide standard for RMF implementation. Enterprise Architect and Delegated Authorizing Official Representative (DAOR) at a US Intelligence Community (IC) Agency supporting the security accreditation process in accordance with the NIST Risk Management Framework (RMF) in a DevOps CI/CD environment. Responsible for advising the Designated Authorizing Official (DAO) of cybersecurity risks associated with information systems.Privacy RMF Lead at the Defense Health Agency (DHA) conducting Privacy Risk Assessments (PRAs) and HIPAA Safeguard Reviews (HSRs) in accordance with the OMB Circular A-130. Responsible for briefing senior personnel (e.g. Chief of Privacy) on security matters and emerging trends.Cybersecurity Subject Matter Expert serving the US Agency for International Development (USAID), conducting security architecture reviews.Onsite Project Lead at the Pentagon supporting the US Joint Staff (JS) J6 Command, Control, Communications, and Computers Cyber Directorate, reporting to the J6 Chief of Cybersecurity/Enterprise Risk Management. Responsible for the JS security accreditation process in accordance with the NIST SP 800-37 Risk Management Framework (RMF). Team CPAR performance was evaluated and rated as Exceptional, noting deliverables were of the highest quality.

Led DHS Trusted Internet Connection (TIC), Security Architecture Review (SAR), F-CND/FIRE, and assessments in support of the Enterprise Network Service Support (ENSS) program for the DHS Federal Network Resilience (FNR) branch. Conducted assessments in accordance with the FedRAMP Security Assessment Framework and the NIST Cybersecurity Framework.Lead Northrop Grumman FNR Cybersecurity Reference Architecture development efforts to provide federal agency guidance to securely implement technologies. New material included cloud computing guidance, utilization of FedRAMP, and the negotiation of service-level agreements (SLAs) with external service providers.Subject matter expert for NGTS Strategic Programs Support (SPS) for systems compliance with the DFARS/CMMC, NIST SPs (800-53, 800-171), and supported Continuous Monitoring and Diagnostics (CMD) as a service (CMDaaS) guidance, incorporating cloud-based guidance and developing the Concept of Operations (CONOPS).Subject matter expert supporting Resilient Systems Independent Research and Development (IRAD), presenting solutions to potential customers and clients, with emphasis on advanced MTD-related research and implementation. Speaker at the Northrup Grumman TechFest and TechExpo showcase.

Deputy Program Manager and Principal Security Specialist serving the Security and Technology Policy (STP) Branch ST&E team, leading ST&Es in support of DHS CBP in order to ensure compliance with the Federal Information Security Management Act (FISMA) of 2002. Independently responsible for testing development and operational systems for compliance with defined NIST SP 800-53 and DHS Sensitive Systems Handbook (SSH) 4300A security requirements as documented with the security Requirements Traceability Matrix (RTM). Provided recommended technical, operational and management mitigations to address vulnerabilities exposed through assessment.Awarded Employee of the Year (2012)

As a member of an IV&V team, performed Security Test and Evaluations (ST&Es) in support of DHS USCIS. Independently responsible for testing development and operational systems for compliance with defined NIST 800-53 and DHS SSH 4300A security requirements as documented with the security requirements traceability matrix. Presented with the Chairman's Award for Outstanding Technical Service for the ST&E automation work performed on behalf of USCIS.

Responsible for management of asset resources, including installation and secure configuration of DHS Science and Technology (S&T) server equipment. Developed prototype SharePoint 2007 portal for tracking and to aid in Operations and Maintenance activities. Produced regular network status-related reports using enterprise tools: McAfee Web Gateway, Tripwire Enterprise, and Altris CMDB. Developed and documented Standard Operating procedures for these tools and the use of the portal.