Boutique executive information security advisory service within Finance, Technology, Media & Entertainment, and Healthcare.

Worked in close partnership with NBCUniversal’s business and technology leaders to establish an industry leading technology security program and strategy. The NBCUniversal CISO owns the Global info-security, risk management and governance frameworks and all associated responsibilities including Security Policies, Procedures, Guidelines, and Standards development. Through the development of the first ever information security architecture, established a NIST compliant operational program which is in complete compliance with the businesses’ strategic objectives, risk posture, changing threat, and responsive to ever increasing attacks on global media and entertainment corporation. With an overall staff and budget which quadrupled during my tenure, I established proprietary approaches to social media management, web analytics, mobile marketing and content marketing; designed compelling pitch presentations that converted 85% of existing agency clients to one or more of the new services.Major Achievements: ▪. Established a program for company-wide risk-based security and compliance (including Payment Card Industry (PCI) Level 1 Merchant compliance).▪ Rebranded and launched the info security training and awareness program geared to end user duties to company-wide acceptance.▪ Launched MediaISSF (Media ISAC) as a founding member and first chair of 30+ member info security sharing forum. Served as an industry expert to FBI INFRAGUARD program, US Secret Service (USSS), Department of Homeland Security (DHS), NYC Police Department, and the North American Broadcaster Association (NABA), on media and entertainment information protection.

Created a world-class security program during a major period of business evolution; the business was transitioning from a traditional home delivery based newspaper to a multi-platform Internet-based media leader. This position required a nontraditional approach to risk and has required rethinking and reinventing of the traditional role of the executive risk manager within a constricting budget and expanding compliance environment framework. As the CSO, I was responsible for PCI and SOX compliance, privacy law compliance, physical security and personal security policy, and general security operations. The CSO is also the senior executive accountable for managing the secure development operations, security awareness and communications, and maintenance of security policies, standards, and programs across all business units of The New York Times Company. The most important asset of The New York Times is the company’s brand and reputation; as such, the CSO must proactively and cost-effectively protect the company against intentional or inadvertent information breaches and injurious data modification, disclosure or destruction.Notable Achievements:▪ Brought the company into Payment Card Industry (PCI) Level 1 Merchant compliance within six months of arrival by implementing a company-wide identity management system reducing audit deficiencies and workflows, and refreshing security solutions by strengthening intrusion detection, deploying anti-malware solutions to protect critical web-based applications and introducing secure coding practices into the development process while reducing overall security spend by 19%. Identified key data security investments to reduce risk by:- Launching a company-wide effort to identify, isolate and remove unencrypted information - Tokenized and outsourced credit cards to reduce risk and compliance requirements - Continued roll-out of laptop encryption to protect critical business data▪ Reduced SOX deficiencies by 92%

Developed regulatory-compliant governance model, instituted security policy and programs, strengthened awareness, and deployed viable solutions to maximize data security organization-wide. Protected company’s position as industry leader in info security practices and policies. Oversaw risk and vulnerability assessments and identified major security and compliance issues. Cultivated client relations with key accounts such as Citigroup and Secret Service. Implemented corrective plan of action and preventive measures to minimize threats and reduce security breach notices to management acceptable levels. Achievements:▪ Exceeded expectations, generating strong security results while generating significant cost savings by eliminating 99% of data breach notices over a 3-year period by Implementing industry-leading fraud detection system. In addition, reduced fraud-detection time from 5 days to less than 4 hours by streamlining and automating related reporting procedures, and established efficient security operations at 50% of estimated costs, completing 6 months ahead of schedule. Successfully lowered security policy violations 45% after boosting security awareness 67%.▪. Provided the vision and introduced new governance model to all levels, developing cohesive policies and procedures to stabilize security risk decisions without negative impact on the company. ▪. Identified cost drivers and saved $15 million in operational costs through strategic and tactical efforts, neutralizing federal regulator investigation. ▪. Increased information/intelligence sharing substantially at the company and industry levels, establishing an inter-company threat-information-sharing capability to strengthen security.