Virtual Chief Information Security Officer (vCISO), (2019 – Present)• • Serve as fractional vCISO for several multi-national corporations including a large multi-national medical device manufacturer with $1.25B+ in annual revenue, a aircraft leasing company, and a transportation company• Provide oversight, strategic direction, and cybersecurity operations management for medical device manufacturer comprised of 11+ business units in 30+ locations with 8,000 employees utilizing both on-premise and cloud environments• Spearhead the implementation of new security solutions based on pre-defined cybersecurity requirements and the corporate risk profile and manage the development of all cybersecurity policies, plans, and procedures.• Responsible for the governance, risk, and compliance of cybersecurity activities and performance.• Direct all outsourced cybersecurity functions, including the security operations center, email protections, penetration tests, and cybersecurity-related professional services.• Notable achievements while in the position have included:o Developed and implemented the risk management program, vulnerability management program, data classification and Data Loss Prevention, incident response program and other critical cybersecurity functions.

• Conducted risk assessments, gap analyses, maturity assessments, and data flow analyses against industry best practices, standards, and regulatory requirements.• Conducted ISO 27001/2, HIPAA, PCI, CIS CSC 20, NIST Cybersecurity Framework, NIST SP 800-53, FFIEC Cybersecurity Assessment Tool, and CSA CCM gap analyses, maturity assessments, risk assessments, and threat agent risk assessments.• Performed in-depth business unit analyses for strategic insurance industry clients to identify the point of exposure for sensitive data in hardcopy form.• Completed PCI Reports on Compliance (ROC) for global retailer and ATM solutions developer.• Developed PCI-compliant vulnerability management system corporate standards and procedures and information security policies that complied with various industry standards and frameworks.• Conducted in-depth data flow analysis of PCI, PII, and PHI data for financial institutions and healthcare organizations.• Supported pre-sales activities with client calls, statement of work (SOW) development, and level of effort estimates.

• Served in an executive-level role with profit and loss (P&L) responsibility for the Cybersecurity Practice.• • Oversaw the development of security sales materials, educational webinars, and client presentations.• Developed and implemented growth strategies for the penetration of various markets, including government (federal, state, local, DoD) and commercial (financial, healthcare, education).• Utilized a consultative sales approach specifically targeted to clients with information security needs and developed security service offerings, including CISO as a Service.• Made sales calls, wrote statements of work (SOWs), and developed pricing for all Cybersecurity practice-related opportunities.• Conducted in-depth HIPAA-related risk assessments and developed gap analysis and a roadmap so the hospital could apply for HITECH Meaningful Use incentives.• Provided high-level information security consulting on security program management, regulatory compliance, and industry best practices for both federal and commercial clients.

• Worked with large financial institutions' CxO-level personnel in a consultative sales approach to identify and analyze enterprise security requirements and develop appropriate security solutions.• Responsible for the initial identification of security needs to the closing of the sale and transition to delivery.• Re-established strategic client relationships with corporate security principals in dormant accounts.

• Provided high-level consulting and NIST risk assessment services to publicly held companies to achieve FISMA/NIST compliance for their security management program.• Developed and implemented risk management guides and templates now used by the largest client for the consistent, quality development of risk management sections on federal proposals.• Led the development and delivery of the technical volume for the Social Security Administration Disability Claims Processing System proposal valued at $250M+.• Directed numerous authors in the development of the technical volume for managed services for the United Health Network of Ontario, Canada.• Drove the development of the technical solutions and volume for the Army Electronic Messaging and Collaboration System valued at approximately $240M.