The Working Group is dedicated to developing standards, best practice guides, and recommendations to help increase defenses to the growing cyber threats to our communities nationwide. At a broader level, IJIS is tasked with identifying and reviewing the tools, processes, techniques, and practices that can yield immediate benefits for the IJIS domains of focus including homeland security, criminal and civil justice, and public safety.

Building & Leading high potential Information Security Teams. Always pushing the innovation envelope to bring more value to business processes while balancing risk. Areas of Focus (Highlights):- Medical Device, Product & iOT Security- Identity & Access Management- Identity Access Governance- Threat Intelligence- Security Operations Center (SOC)- User Behavior Analytics- Security Architecture (Cloud, Platform as a Service, IAM)- Security DevOps- Automation and Orchestration - Security Awareness & Training- IT Controls & Governance- Risk Assessments- Compliance- NIST, ISO 27002- Use Centered Design (UX)- Innovation

Senior Manager within the Global IT Security Department, reporting directly to the CISO. I am responsible for three of core cyber-security pillars ; Enterprise Threat Management (ETM), Compliance Training & Risk (CTR) & Product (Device) SecurityENTERPRISE THREAT MANAGEMENT:- Cyber Threat Intelligence Center Build-out and Management (Monitoring Security Incidents)- Incident Response (APT, Malware, Etc...)- Insider Threats- Data Forensics- Vulnerability Management (Internal, External, Penetration & Application Testing)- Data Loss Prevention (DLP)- SIEM Rollout & Management (Splunk)COMPLIANCE, TRAINING & RISK:- Policy Management- Compliance Management (ex. FDA, PCI, HIPAA, NIST, ISO, etc...)- Risk Management- Vendor Risk Management- Contract Reviews- Security Awareness- IT Security Audit- Standard(s) Gap Analysis- eGRC Rollout (RSA Archer)PRODUCT SECURITY:- Identify Threats w/in a Device's Eco-System (Device, Programmer, Application, Server)- Centralize Core Security Processes to enable Corporate-Wide Cost Savings around Security- Product Inventory Management- Pre & Post Market Risk Assessments- Device Penetration Testing (Internal & 3rd Party Researchers)- Application Security Testing (Static & Dynamic)- Customer Risk Questionnaire Management- Sales & Marketing Security WhitepapersInitiatives & Projects:- Technology Leadership & Development Program Strategy Owner (Rotational Associate Program)- IT Intern Recruitment & Training Strategy Owner - Global Cloud Adoption Committee- Global IS Metrics Committee- Cloud Data Management- Strategic Planning

Manager within the Global IS Security Department, reporting directly to the CISO. I manage two of the core pillars within our department; Enterprise Threat Management (ETM) & ComplianceETM:- Incident Response (APT, Malware, Etc...)- Data Forensics- Vulnerability Management (Internal, External & Penetration Testing)- Data Loss Prevention (DLP)- SIEM RolloutCOMPLIANCE:- Policy Management- Compliance Management- Risk Management- Vendor Risk Management- Security Awareness- IT Security Audit- Standard(s) Gap Analysis- eGRC RolloutInitiatives & Projects:- Security Operations Center (SOC) Build-Out- Global Cloud Adoption Committee- Global IS Metrics Committee- Cloud Data Management- Strategic Planning

• Report directly to the Chief Information Security Officer (CISO)• Leader of the Global IS Security Compliance pillar. Tasked with building out this organization• Manage resources to ensure Boston Scientific (BCS) is compliant with International, Federal, State and Local IS Security requirements and regulations• Created and now lead our information security awareness campaign including; live and virtual training presentations, bi-monthly newsletters, email phishing trainings, development of a dedicated intranet web page to ensure our user population understands IS security risks• In charge of overseeing the involvement of IS Security in the Mergers and Acquisitions process• Created and now lead the initial and ongoing vendor security due diligence functions to ensure BSC’s third parties meet minimum security best practice controls to protect BSC managed data. • Provide IS Security alignments for all global IS projects to ensure projects are meeting the minimum security requirements to keep systems secure• Initial Founder and contributor with Legal, Global Compliance, Global Privacy, Human Resources, Physical Security and Quality leaders of the Global Data Governance Board with the purpose of providing governance over our data assets• Creation and management of global IS Security policies to provide governance over standards, requirements and laws.• Creator and now leader of IT Security Audit functions to ensure all polices and best practices are occurring. The goal is to branch this function out to other areas of the organization.• Present to Global IS Leadership on risks to the organization, security initiatives, policy alignment and other areas of concern• Work with Global Security on classified investigations into employee and third party malicious activities. • Exposure to the economic development and opportunities involved with emerging countries and markets

• Responsible for the creation and/or updating of Information Security (I.S.) standards, polices and procedures• Work with organizational wide business lines to create company I.T. governance, standards and information security program• Distribute policies and procedures using different avenues including; in person, email, online training system and mail• Develop and present Information Security Awareness Training to monthly new-hires along w/ corporate-wide annual training. • Perform and manage risk assessments and business case analysis to identify control deficiencies which helps to reduce organizational risk• Organization security expert of security regulations and requirements including, HIPAA, HITECH, MA 201 CMR 17, Red Flag, ARRA, PCI and more• Manage external vendors during audits, vulnerability testing, risk assessments and consulting work.• Create remediation and project plans for audit findings, risk assessments control deficiencies• In charge of updating senior management on audit findings, control weaknesses, security threats and trends• Project lead on the implementation of I.T. security projects including but not limited to; Mobile Security, Disaster Recovery/Business Continuity, Vendor Management, Audit log management, Data Loss Prevention, Security Risk Assessments, Endpoint Encryption and Risk Assessment tools• Responsible for researching and keeping leadership abreast on security incidents and breaches. • Member of the following organizational committees; Security Team, Compliance/Security, Employee Training, Meanigful Use / ARRA, Emergency Preparedness and Employee Action Committee• Responsible for security vendor due diligence and on-going due diligence • Creator and contributor to both the Information Services (monthly) and Compliance/IT Security (quarterly) newsletters• Attend industry standard security and compliance conferences, webinars, and lunch & learns

On site Management of IT Security Projects including:- Internal & External Vulnerability Testing;- Penetration Testing;- Social Engineering;- Physical & Logical Application Security;- Internet Banking;- GLBA;- Business Continuity and Disaster Recovery Planning;- Vendor Management;- Risk Assessments;- SAS70;- Mass Privacy Laws;- IT Consulting; and- A wide variety of other IT Security services.

Genzyme Corp. AccountCitizens Bank Account

Install, Implement and Train Hospital staff on the PCM application suite (CPOE/Physician Order Entry)

Mutual Fund Service RepSoftware Assurance

CashierStore ManagementInventoryWarehouse StockingHandle DepositsCustomer ServiceWebsite Ordering