Responsible for the Information Security program, including the direction, oversight, and operations of the IT Security Office and Privacy program. Also responsible for establishing and overseeing the Operational Technology (OT) Cybersecurity Program for Pinnacle Propane directly and through subordinate management. Other activities include but are not limited to:o Establish and maintain the information security architecture.o Implement policies and procedures to maintain, monitor, control, and protect information assets.o Assess systems, applications and processes to ensure compliance. o Monitor and direct the mitigation of risks and vulnerabilities.

Responsible for the overall direction of security execution and operations. Duties included design, plan, implement and maintain security policies, procedures, and practices which provide protection for the fa-cility, information, equipment and personnel in accordance with business and Client requirements. Also responsible for the management of Information Security related projects needed to remediate audit find-ings. Such projects included implementation/transition to Tenable IO, RedSeal, Multi-factor Authentica-tion and CrowdStrike.o Documented and reported progress on all remediation activists. All deficiencies were aligned to Apple’s internal Security framework. o Responsible for regular reporting of vulnerability scanning and remediation results. This includes full documentation of all remediation closure and escalation.o Status reporting of all security related projects.o Ensure alignment of security objectives and mission of executive leadership.

Responsible for managing and executing Information Security and Business Continuity assessments of High Risk-Third Party vendors located within the United States, Canada & Latin America. Third party risk consultants act as assessors and examine a third party's program to determine if they meet BAC requirements, identifying control gaps that may expose BAC to risk. Assessors are required to be familiar will all areas of Information Security to include Governance, Risk, Compliance and Operations. Consultants/assessor must review evidence that demonstrates the implementation and effectiveness all Security measures/controls. Such controls would includes anti-virus protection, data loss protection, complex passwords, business continuity planning, Incident response, asset management, change control and access control. o Responsible for review and logging of all work papers as they result to each assessment. o Scheduled and drive pre-assessment activities to include scope verification, vendor kick-off call, additional documentation request, population of vendor profile data, scheduling assessment working sessions and post-assessment review.o Responsible for completion of 2 assessment per month (one assessment requires a minimum of 2 weeks to prepare).o Report all observations, document all evidence collected and document all statement collected as verbal attestation.

Independent security consultant for Urban Solutions Team LLC. Primarily responsible for business de-velopment and management of client engagements. Client engagements include the Lancaster Independ-ent School District and Henderson Chicken. o Responsible documentation of project proposal and statement of work.o Responsible for providing the kick-off presentation.o Responsible for regular status reporting of all projects.o Responsible for documenting gaps and recommendations.o Responsible for producing the final report and read-out/summary deck.

Proactively assist in the management of a portfolio of clients, while reporting to Senior Managers and above. Involved in the financial management of clients while actively involved in business development activities. Help identify and research opportunities on new/existing clients. Contribute to the development of your own and other team’s technical acumen while developing strategies to solve complex technical challenges. Assist in the management and delivering of large projectsTrain, coach, and supervise staff. Stay current with local and national business and economic issues. Continue to develop internal relationships and the PwC brand.

Responsible for on-time delivery of Information Security related projects at the client site. Projects typically range from 4 week to 12 months and may require an independent effort or a coordinated team effort. Projects include: o Client Name – Implementation of a 2-factor authentication solution (Quest Defender) as part of a network segmentation effort required for PCI compliance. Solution was in use by 2000+ users for secure authentication or a Citrix environment. The project was completed on time under budget.o Client Name – End to end Implementation and documentation of a firewall management solution (Tufin). The solution consolidated the management of 160 firewalls (Checkpoint and Cisco) into one appliance.o Client Name – Aided in the development of the Information Security strategy for Client Name (a divestiture of the another Client Name division).o Client Name – Independently managed the documentation and remediation of internal audit deficiencies for Texas Health Resources. o PwC (internal) – Managed the project team responsible for the assessment of the internal PwC Information Security Policy.o Client Name – Developed, implemented and completely documented a patch manage governance program for Client Name (Divestiture of another Client Name).o Client Name – Performed an end to end security assessment of the call center workflow/processes for various Client products.o Client Name – Performed security architecture review for vendors that manage, process and/or store Client employee or customer data.

o Administration of security appliances including Q Radar log management, CheckPoint firewalls, PaloAlto firewalls/web filter, McAfee ePO, Tripwire file integrity monitoring, SolarWinds network monitor, Juniper VPN and SecureAuth 2 factor authentication. o Responsible for Information Security Policy drafting and revision as well as security related solutions architecture, evaluation and upgrades.o Management of compliance remediation activities (primarily for PCI and SOX audit findings). o Incidents and investigations concerning data breaches, privacy, intrusion, acceptable use and monitoring procedures.o Responsible for Information Security awareness and training sessions for other departments within the company.o Improved visibility of the Network Security department through effective communication with the business, other departments within IT and upper management.

o Effectively maintained security infrastructure to include implementation and management of Security Event Information Management solution (TriGeo), Virus protection (ePO-McAfee), Forefront Unified Access Gateway, Websense web proxy and Data Loss Protection solutions and TopLayer IDS/IPS o Solid project and relationship management used to ensure compliance with Federal, State and local mandates as they pertain to information security (Company policy, PCI, HIPAA and FDA regulations). o Responsible for effectively handling investigations and Incidents concerning data breaches, privacy, intrusion, acceptable use and monitoring procedures.o Execution of security awareness, IT Security training sessions for other departments within IT, risk assessments, ongoing research, patch management and policy development.

Taught the Information Security curriculum. Courses included:o Intro to Networkingo Switching and Routingo Into to Information Security o Information Systems Auditingo Information System Forensicso IT Governance and Complianceo Windows Server Administration

o Managed IT Security awareness program and IT Security website resulting in 40% greater visibility of IT Security Policies and Procedures.o Saved the company over $2 million in fines by affectively managing remediation of IT Audit findings. Findings included SOX, PCI, Security Policy and Privacy compliance, o Improved project efficiency for IT Security related projects by consulting with various personnel throughout the System Development Life Cycle. The variance of project delivery for IT Security related projects was reduced by 7% in 2009.o Saved over $100,000 in duplicated efforts by researching analyzing, and identifying current and emerging technology trends, products, concepts for improvement of the team’s business processes. o Maintained project and procedure documentation and later migrated all procedures to Archer (Governance tool) for automation.

Taught the Information Security curriculum. Courses included:Network EssentialsIntro to Information Security

o Supervised the roll out of Device Sanctuary 4.2.2 (removable media and device detection application). Eliminated 100% of data spills resulting from the use of unsanctioned USB drives. o Managed exceptions such that associated processes and documentation were deemed exceptional by internal audit.o Department awarded the 2009 IT Excellence Award for most affective and well managed IT project (Device Sanctuary).o Enforced ITAR (International Traffic in Arms Regulations) standards sustained 100% compliance and avoided fines.o Ten time IT Star award recipient.

o Implemented security recommendations for wireless infrastructure. o Trained and managed a team of five employees to complete software rollout to 70 campuses in 2 months eliminating school time start up inefficiencies. o Managed smooth and error free rollout of 6,000 desktops and the relocation of 140 servers to centralized location in 3 months. o Planned and installed infrastructure for new additions to the Facilities Department saving the district over $20,000 in contract labor.