Avenue Security helps our technology start-up clients demonstrate a robust cybersecurity program to their customers, enhancing trust and credibility in their services.We provide cybersecurity strategic plans, assessments, audit readiness support, and ongoing management of cybersecurity governance, risk, and compliance programs and will implement and manage cost-effective cybersecurity solutions through our vCISO services. Frameworks supported include SOC 2, NIST CSF, CIS, ISO 27001, PCI, HIPAA, NYDFS, GDPR, CCPA, and more.

Kudelski Security is a cybersecurity consulting company dedicated to solving complex problems with innovative solutions. As the information security strategy, risk, & compliance practice director, I lead our delivery teams to support our clients by understanding client problems, delivering effective solutions, & developing our consultants. Using my 25+ yrs of experience, across banking, consumer products, healthcare, manufacturing, oil & gas, & insurance industries, I help clients define security strategies, policies, operating models, architectures, & resource & cost estimates & implement governance structures, steering committees, procedures, technologies, & services. As a security consultant, I have developed & tailored numerous risk mitigation & control enhancement plans used to address IT, cybersecurity, & privacy program & architecture gaps for some of the world’s largest & most complex organizations, leading to actionable design & implementation plans. My work includes addressing compliance frameworks for global clients, subject to more than 145 regulations (e.g., OSFI, FFIEC, SEC, FRB, NYSDFS, FISMA, RBI, HKMA) & international industry standards (e.g., NIST CSF, NIST 800-53, ISO 27001/2, COBIT 5, PCI-DSS, HIPAA, NERC, NRC, NNSA).My background & experience allows me to lead business case development, cost estimating, resource planning, & project reporting for the implementation of global security solutions addressing information classification, asset management, data protection, encryption, vulnerability management, security event monitoring, incident response, patch management, change management, anti-malware, file integrity, endpoint forensics, web filtering, intrusion detection, data loss prevention, security awareness, vendor risk management. disaster recovery, & business continuity capabilities.

During my 20+ career, I tackled new & interesting projects filled with complex challenges & amazing companies- $600M+ security investment project, led security architecture subject matter experts & performed cost estimating, resource planning, & project reporting across 39 simultaneous projects covering 76 security services - Digital transformation project for a global media company, delivered Zero Trust strategy, architecture, & roadmap that incorporated legacy assets with MS Azure & AWS environments- Remediation project for a US company that, had failed their financial controls audit 3 yrs in a row, was unable to provide a “clean” PCI report, & was written up in the hacker magazine 2600 on how to compromise their POS system; within 9 months, I led the organization to a successful financial controls audit, clean PCI ROC, & POS vulnerability remediation- Built security & privacy program from “ground up”, defining IT security operating model, resource planning, & cost estimating for the implementation of steering committee, policies, operating model, procedures, technologies, & capabilities for a 12,000-employee organization with offices in more than 90 countries - Led IT & security implementation & operations of a nuclear facility used to convert weaponized nuclear material into nuclear fuel, meeting NNSA & NRC requirements - Led the creation of a consolidated compliance framework covering 145 financial industry regulations (e.g., OSFI, FFIEC, SEC, FRB, NYSDFS, FISMA, RBI, HKMA) from 9 countries & aligned to industry standards (e.g., NIST CSF, NIST 800-53, ISO 27001/2, COBIT 5, PCI-DSS)- Led a team of highly skilled ISSO responsible for conducting security assessments based on the NIST RMF, resulting in the ongoing A&A of 250+ applications- Led the transition & operation of SOC for a U.S. cabinet-level executive branch department, replacing 12 of 13 analysts & adjusting service hours from 8 hrs/day x 5 days/wk to 24 hrs/day x 7 days/wk

Zermount is a professional services organization that provides cybersecurity services to US Government Agencies.I served as the program manger for multiple cybersecurity programs and as the senior IT security advisor to the CISO and D-CISO on security authorization and accreditation (A&A), risk and vulnerability management, operations, and problem solving activities

Conducted security program, privacy program, and regulatory and compliance framework assessments for some of the world’s largest and most complex organizations, leading to design and implementation plans for risk reduction and operational enhancements As part of a $600+ million security investment, led security architecture design reviews; influencing and approving infrastructure security architectures across 39 simultaneous projects that implemented or enhanced 76 security services for a global professional services organization Conducted CISO transition labs helping clients formulate strategic individual and organizational action plans addressing time, talent, relationships, and personal legacies by refining priorities, evaluating team skillsets, and assessing stakeholder support

Managed the security architecture team of engineers, responsible for conducting infrastructure security risk assessments, network segmentation and remote access control designs, and technology implementations, including the deployment of 1,600 firewalls in 3 months to 800+ stores and the implementation of web application firewalls for a top 100 e-commerce website hosted in a hybrid cloud environment.Performed risk reviews, covering all new technology implementations as part of the risk assessment process, approving solution architectures and implementation plans, and managing a team of security architects and engineers.

Responsible for the hiring, training, and operations of the Security Operations Center (SOC) team within the Computer Security Incident Response Center (CSIRC)Developed and transformed the Security Operations Center (SOC) team of analysts through hiring, training, and day-to-day operationsTransitioned the incident response capabilities from an 8x5 (eight hours per day, five days a week) operation to 24x7 operation, increasing the detection and response capabilities for the agency

Responsible for IT systems design, implementation, and day-to-day operations Managed the IT team and responsible for adhering to National Nuclear Security Agency (NNSA), Nuclear Regulatory Commission (NRC), and National Institute of Standards and Technology (NIST) compliance requirements

Established the IT security strategy, team structure, and day-to-day operations Responsible for the design and implementation of the security program, including the enhancements that enabled compliance with Payment Card Industry data security standard (PCI-DSS) requirements, and passing the Japanese Financial Instruments and Exchange Act “JSOX” compliance audit

Built the security and privacy program from the “ground up,” established a steering committee of C-level executives, documented policies and procedures, defined an operating model, and selected security services. This position led the Global Information Protection program and interfaced with internal and external clients and functioned in an executive capacity, representing information protection, security, privacy, and risk. Established, implemented, and directed the strategic long term goals and objectives of the department. Accountable for financial and personnel performance. Responsible for vendor relationships and negotiations. Provided direction to internal customers regarding information protection expectations of legislation, standards, and best practices. Reviewed and approved contract provisions related to information protection. Responded to client inquiries regarding the methods used to safeguard the data they entrust to BCD Travel necessary to provide travel-related services.Prepared and presented investment business cases and led the design and implementation of information classification, asset management, data encryption, vulnerability management, security event monitoring, incident response, patch management, change management, anti-malware, file integrity, endpoint forensics, web filtering, intrusion detection, data loss prevention, security awareness, disaster recovery, and business continuity capabilitiesDefined and assessed data center security requirements for facilities in the US, Germany, China, and the UKHired and mentored a globally diverse team located across Europe, India, Asia Pacific, and North America