My team is obsessed with protecting over an exabyte of data entrusted to us by customers from over 175 countries around the world.

Lead corporate and client system security, data protection/privacy and compliance strategy, implementation, assessment, and monitoring.Embedding DevSecOps principles in internal and client initiatives.Served as the security lead/key position for $196 million dollar contract at Centers for Medicare & Medicaid (CMS)

Provide oversight and coordination of security efforts, initiatives and standards across the CMS MSPIC and COB&R contractor programs. Provide the program with information security strategy, policy, standards, risk assessments, management processes, and technology to ensure that the program, stakeholder, and client information assets are adequately protected with acceptable levels of controls.

Responsible for information security, privacy, governance, risk management and compliance of Danya's Federal, commercial and internal client systems. Actively engaged with internal and external stakeholders throughout the project lifecycle - from writing proposals through to system deployment, maintenance and disposition.Strong background in writing policies, procedures, standards, guidelines and plans related to security and privacy program management and monitoring. Responsible for the creation and maintenance of documentation and ensuring that controls are implemented and working as expected in order to meet FISMA and other legal, contractual and regulatory compliance requirements.

My dual role as Director of Production Support/CISO was an exciting and delicate dance in a space rife with potential conflict but one that offered great opportunities for improving application architecture and security of production systems. I wrote the FISMA C&A documentation and implemented security policies, procedures, standards, guidelines, baselines and controls for our two largest CDC contracts and achieved FISMA compliance (ATO was granted).I led the ITSS - Enterprise Architecture and Security Services group which was responsible for governance, risk, compliance (FISMA and other legal, regulatory & contractual requirements), information security, enterprise architecture, change/configuration management, network services, IT operations and production support.In October 2011, I took on the additional role of Project Director for the CDCGlobalHealth.net and PEPFAR.net CDC Extranet contracts.

Reporting to the CIO, I was responsible for global IT systems security, network security as well as security-related aspects of Sarbanes-Oxley (SOX) compliance and controls implementation.

Reporting to the CISO, I was responsible for application security, database security and Sarbanes-Oxley compliance of the application & database environments. I worked with other members of the security team to execute operational procedures, monitor & configure security controls and remediate vulnerabilities. I authored risk analysis documents, the corporate encryption standard and provided feedback on corporate policies, procedures, standards and guidelines. I provided security guidelines to developers on how to implement secure systems, prevent SQL injection, normalize & evaluate user input, and avoid commands & products that have known buffer overflow issues. As the Sr. Data Architect, I reported to the Director of IT Architecture and was responsible for the corporate logical data model and the logical design of the enterprise application integration (EAI) initiative. I facilitated requirements sessions, produced the logical design documents, XML and Corporate Logical Data Model mapping, Schema and physical database deliverables for the company’s first EAI/message-oriented middleware initiative. I collaborated with the Applications Architect to produce the physical design documents; Co-led the integration and testing efforts; Performed code reviews; Managed project scope and facilitated meetings where stakeholders reached consensus on conflicting requirements.I worked with the Application Architect to design and implement a message / transaction logging and tracking system that supported a point-in-time recovery model compatible with all systems participating in the enterprise application integration (EAI) ecosystem. If a participating system needed to restore from backup, the message logging and tracking system supported replaying and ignoring (where applicable) messages that crossed the messaging middleware. I also led the migration of the Washington Gas customer ePortal from SQL Server 2000 to Oracle 9i.

Reporting to the CTO, I assisted in the design and review of the company's telecom service delivery/OSS data model/metamodel. I also created mapping and transformation documents (ETL) for the company's propsed data warehouse solution.

Designed the dimensional data model and was responsible for the complete data warehouse lifecycle of the extranet data warehouse which serviced large pharmaceutical clients in Canada and the U.K.

Wrote and maintained the multi-platform installation software. I also supported/trained programmers on the Speedware tools and was a subject matter expert for security aspects of the Speedware product line.

Performed analysis, coding, data conversion/migration and training for Receivables clients

Developed and enhanced IBM mainframe operational support systems

Canadian Armed Forces Reserves infantry unit.