• Creating the cybersecurity requirements related to the mergers and acquisition process for large and small companies including assessment questions, responses, and standards.• Created cybersecurity committee to govern multiple organizations from a cybersecurity perspective - including risk and metrics.• Negotiated purchasing related to a number of security tools and services.• Created assessment framework to monitor and report against for cybersecurity across organizations.• Assessed the cybersecurity tools capabilities of the organization and worked with IT.• Worked with legal to review incoming and outgoing contracts on a regular basis.• Created a risk committee to discuss risk register, IT, business owners, etc. framework and risk register and created the risk register itself and to update others on various aspects of risks within the organization including risk alignment.• Build standardization and cybersecurity metrics across the Galway brand of companies including the distinction of inherent risk verses residual risk and tied it into the overall metrics of the organizations. Inherent risk was pulled from cybersecurity insurance related tools to ensure reasonable accuracy.• Help build the foundation for Enterprise Risk Management (ERM).• Worked with legal, security, marketing, and IT to update the policies, procedures, and standards.• Worked with auditors on the balance between compliance for company interconnections technologies, practices, and standards while maintaining compliance.• Updated the vender risk management program and assessment numerous venders / projects for cybersecurity risk.• Worked as part of a change management selection committee to select a new product.• Working with others to develop an identity governance program and associated reports.• Built a threat and vulnerability program to monitor the relationship between various reporting tools and work as a team towards the reduction of risk with the operations team.

•Speaking engagements at customer events, executive briefings, and SHI events about a range of topics.•Created Security Agenda for full day executive briefings. Gave 1.5 presentations and an incident response scenario.•Guided C level executives at fortune 500 companies on new products, etc.•Learned more than 120 different security product lines and many of their integrations with one another.•Brought in new tools and processes to SHI.•Trained sales executives on new mechanisms for baselining customers based on risk and maturity•Created and ran incident response scenario with members of roughly 20 companies.•Training junior account executives about new security tools.•Guided C level executives to build better security programs within their organizations.•Being helpful answering questions on various lists.•Whiteboarding solutions with customers.•Creating and modifying security programs with various venders for customers.•Writing RFP Responses.•Helped customers with governance approaches for their organization.•Kept up to date on multiple risk reports including Verizon, McAfee, Symantec, and so on.

• Created a 12 point program profiling the maturity and risks of the various parts of the corporation.• Presented accomplishments, programs, and future plans to the Board of Directors.• Built consensus working with CISOs around the greater NYC area around solutions.• Created a high level security architecture to aim for.• Selected, set up, and utilized a Managed Security Service. Performed incident response related to alerts. Trained and educated staff to handle incidents.• Selected the high level hardening standards for the organization. Worked with IT to start the various implementation of the standards.• Selected range of security solutions for the organization including file integrity, vulnerability management, MSS, NIDPS, APT solution, multifactor authentication, etc. Several are in the process of being implemented.• Created and gave security awareness training for the organization.• Created security architectural diagrams and held meetings to build consensus around the program.• Proposed a stronger authentication posture that could also aide in audits.• Proposed making changes on the NAT structures and IP schema to reduce risk.• Selected trusted services principles for SSAE 16 SOC2 audits and lead IT & Compliance towards certification.• Created Configuration Management Training and gave it to senior management.• Created Risk Management framework (based on the CMS standard) and provided an internal report based on risks.• Created Incident Response standards and program utilizing the VERIS framework. Training for junior staff for incident response training was created in relation to the program.• Created vender assessment program to evaluate the risks.• Worked with the corporate communications department for internal and external security messaging.• Worked with the Chief Financial Officer and Vice President on security budgeting.

• Managed Security Operations Center and a Data Loss Prevention team. This includes vulnerability management, incident response, next generation firewalls, SIEM, endpoing protection, etc.• Managed SSAE 16 SOC Type I and Type II audits including audit evidence and discussions• With others, helped to write and architect a new Client GRC team processes. • Evaluated and wrote responses to MSAs, SOWs, Questionnaires, etc.• Create Presentations for Executive Management.• Trained junior staff on a range of functions.• Evaluated employees as potential candidates.• Worked with staff to architect new solutions and educated senior staff on the pros and cons.• Approved global changes on a change control board.• Lead Weekly GRC meetings.• Performed SaaS risk assessments.

I have two primary functions - security sales engineer and "consultant" where I am on site at companies performing any number of security related functions. Here are some sample responsibilities;• Guided C-Level executives in fortune 500 companies in a presales and post sales capacity to; - Determine appropriate strategies and tactics to mitigate risk - Eliminate risk and/or audit findings by architecting solutions for implementation - Ensure appropriate education on cloud platforms and compliance - Perform gap analysis related to compliance (PCI, HIPAA, etc.) - Write policies and procedures. Examples include, BYOD, change management, compliance, risk assessments, incident response. - Provide Training and Education for global threat intelligence, offerings, etc.• Updated customer & datacenter network diagrams with security appliances.• Educated account executives and engineers on how to position security.• Acted as project lead on many engagements.• Evaluated security technologies / networks (cloud and premise) to meet customer requirements.• Created and/or modified internal and customer presentations for a variety of security solutions.• Collaborated with sales, marketing, and IT teams to promote products and services.• Analyzed public security intelligence reports such as; - Congressional Cyber Security Report - Verizon Data Breach Investigation Response (DBIR) [2010 to 2013] - Verizon PCI Report - Trustwave Global Security Report - Ponemon Institute, Cost of Data Breach [2010 to 2013]• Authored internal documents on security.• Taught the DBIR and correlated findings to Verizon services for account and sales executives.

• Performed IT & Business Risk Assessments, Business Continuity Planning according to CMS guidelines.• Impacted auditors’ assessment of risk during critical audits.• Provided incident response for enterprise and perimeter environments from analyzing logs, Tripwire, NIDS, etc.• Lead various IT teams to develop remediation strategies for findings relating to Windows, networking, Solaris, Mainframe, database, applications, etc.• Reported the status of findings to senior management, technical teams, and the CMS.• Worked with business/IT to respond to audit findings, penetration tests, vulnerability assessments, & war dialing.• Approved, architected, and project managed IT / security changes to enterprise & perimeter environments.• Wrote and Hardening Standards for Windows, IIS, Mainframe, VMWare, Databases, Network Devices based on FDCC, USGCB, DISA, NIST, NSA, IRS, CIS, etc.• Project Manager for security projects; AD Implementation, Endpoint Security, CMS regulations, firewall rules, FIPS compliance, risk mitigation, and so on.• Audited Bluetooth and A, B, G and Wireless Networks.• Documented Layer 2 and Layer 3 Network Maps for enterprise and web portals.• Performed Forensic Investigations & Incident response using Self Created Forensic CDs. • Wrote and/or Taught Security Awareness Training, Code of Conduct, Configuration Management / Security Lifecycle, Incident Response, etc.• Wrote and/or Upgraded System Security Plans.• Wrote policies and procedures for forensics, logical access, passwords, network devices, windows, IIS, databases, Change Management, Network use, to ensure security and adherence to DISA STIGS and FISMA.• Analyzed IDS, Syslogs, Firewall logs, Domain Logs, RACF, & Tripwire on a daily basis.• Performed physical inspections of the workplace for PHI, FTI, PII, passwords, confidential information, slab-to-slab construction, fire safety, etc.• Worked with business and IT to implement FISMA (CMS enhanced NIST 800-53) controls.

I taught a course called "Internet Proficiency" for several years. It was a broad, yet in-depth examination of all aspects of the Internet; starting from its infancy through today. I prepared students for working with the Internet in a real-world working environment. I gave students an overview of the operating systems, security, practices, and utility in regards to the Internet in a corporate setting. I did my best to ensure technical know-how for troubleshooting network / Internet related issues as well as how to best utilize the web.

I moved up through a few different positions at the New School. Here are some sample activities;• Coordinated with management to implement new security policies and procedures.• Managed all aspects of PC infrastructure including DNS, Security, Active Directory Structure, with hands-on implementation, and streamlined the process.• Created technical policy and procedure guide for academic computing including staff policy and guidelines including PC installation policies.• Trained coworkers (and separate departments) in PC technical specifications.• Supported numerous labs including Macintosh, PC, Unix, and Audio / Video equipment.• Evaluated the university’s security posture and implemented new strategies for preventing and handling incidents.• Planned, budgeted, and executed several lab expansions utilizing project management.• Managed a full and part time technical team; trained lab aides in day-to-day operations.• Taught a series of classes to lab and administrative staff about the computer field.• Coordinated with faculty and staff to implement in-class needs such as SQL and Cold Fusion Servers.• Managed a general information web site. • Planned & purchased new servers, equipment, etc.