Lexicon Cyber Security is a small, specialized, veteran-owned firm with a purpose. That purpose is to help small business protect the valuable information cyber criminals seek. As small businesses often do not have the resources to address cyber risk, Lexicon Cyber Security can fill that gap with cost effective cybersecurity advisory services.Services and Offerings include:• Setting or directing privacy and security policies, standards, procedures, and guidelines, managing and directing information security teams• Engaging with executive management on risks and KPI’s• Cyber security transformation that includes governance, risk and compliance, threat vulnerability management, incident response and security awareness training

Develop, implement, and monitor a strategic, comprehensive enterprise information security and IT risk management program. Work directly and advise executive leadership team and relevant stakeholders on the appropriate courses of action to mitigate or eliminate risk.Communicate cybersecurity KPI’s, business risks with mitigation strategies through risk assessments and risk management processes. Align cost effective security technologies with business goals and objectives.Understand and interact with related disciplines through committees to ensure the consistent application of policies and standards across all technology projects, systems, and services. Provide leadership to the organization’s IT and risk mitigation practices. Provide strategic and tactical security guidance for all IT projects, Digital Transformation including the evaluation and recommendation of technical controls. Create and manage information security and risk management awareness training programs for all employees, and contractors.Establish and implement a process for incident management to effectively identify, respond, contain, and communicate a suspected or confirmed incident.Identify, assess, and prioritize IT risks to data and systems, including external threats, cyber-crimes, internal threats, and third-party risks.

Part of a cross-functional Proactive Cyber Security Services team that manages, executes, and delivers various cyber transformation and advisory engagements for clients. Responsible for leading and managing strategic cyber security transformation engagements that reduces risks. Help clients ensure they are protected by developing transformation strategies focused on security, design, development, and/or implementation of Information Security systems, including vulnerability assessments, privacy assessments, identity and access management, incident response, security policy creation, security awareness training and metrics development, enterprise security strategies, architectures, and governance.

Responsible for information security across the Signet Jewelers enterprise. Signet Jewelers is the largest specialty jeweler retailer in the US, UK and Canada operating 3,600 stores with annual sales of $6 Billion. Reporting to CIO and working with the senior management team, I was responsible for $5M annual security budget and 10 direct reports to develop and executing an enterprise-wide cyber security and risk management strategy.

Responsible for building, developing and managing the Information Security Technologies and Operations Team. Driving success by safeguarding PHI, PII and HIPAA information and system assets against unauthorized use, disclosure, damage or loss. Serves as the focal point for threat and information security management to include internal and external security incidents and attacks. Lead and manage a team of security engineers in design, implementation and operationalization of IPS/IDS, Data Loss Prevention, Antivirus, Encryption and NAC solutions.

Manage the strategic planning and execution of Digital Architectural Governance and Security Management for AARP.Org web site. Has primary responsibility for defining, managing, and coordinating the diverse set of information security and internal controls and ensuring compliance. Leads proactive and reactive security audits, conduct third party assessments and controls to ensure policy compliance, identify and mitigate risks, implement necessary mitigating safeguards and controls.

Use a multitude of security threat monitoring tools that identifies data breaches and network compromises using externally generated intel feeds together with data sources like SEIM, Netflow within a 24X7 Security Operations Center, Malware analysis and open sources. Assists the Cyber teams by identifying, recording and managing host and network based indicators of compromise (IOCs). Compare network events with intelligence research to determine adversary motive, capability and intent of the threat to .Gov, Financial and Commercial networks. Interact and assist other cyber investigative teams within .Gov, Financial and Commercial organizations on time sensitive, critical investigations and findings.

Provide senior leadership and direction for Global Information Security Operations to include infrastructure security architecture, security standards, guidelines, and policy of technology solutions. Participation in planning the 3-yr and 5-yr security business plan and manage 3 million security budgets to include forecasting.