Value proposition.My diverse experience, results driven approach and wide environment background will enhance your overall company risk minimization program – effectively. Based on what matters most to you, integrating and supporting your key business success objectives, innovation, etc.---In short – collectively we minimize the worry of cybersecurity risk - affordably. • vCISO providing cybersecurity program development and implementation services to a variety of clients. • Conducted an extensive, enterprise security program assessment for fortune 500 company (using ISO 27001 ISMS) • Supported multiple startup companies in their security program initiation, including SOC2, policies, risk assessments. • Provide a risk-managed framework for scalable business operations in a risk-prone business ecosystem. • Implement and oversee the enterprise cybersecurity and risk management program, focused on resilience. • Promote a culture of strong information security, from senior leadership to the shop floor – take the worry out of cyber! • I act as your "Chief Revenue Protection Officer" focused on resilience and enabling the business success factors.Background (see “about” section).Qualifications: CISSP, CISO, and Systems Engineering certifications, with senior qualifications in Program and Risk Management, and MSEE and Management MA.

ExactlyIT is a next generation managed services provider. From cloud services and cyber security to end-user support and technology solutions, we offer a wide range of managed IT capabilities. Emphasizing security, focus, and flexibility, ExactlyIT takes a scaled, right-sized approach, tailoring our service packages to fit your business needs. We provide exactly what you want, exactly when you need it.AS CISO: • Lead and manage all aspects of the IT security department operations, projects, policies, processes, and initiatives. • Provide periodic assessments for: IT security practices, processes and metrics, compliance audits, security frameworks (e.g., NIST CSF, CIS CSC, ISO27001, SOC2), penetration tests, vulnerability management, and other reviews / audits. • Continue a Risk-Based Security Strategy (RBSS) supporting both the IT/OPS environment and senior leadership in strategic planning, development, implementation, and ongoing management of global security services and products. Continually update the security portfolio roadmap aligned with the company mission. • Lead the computer security incident / data breach response plan, focused on immediate actions and effective communications. • Within the RBSS and Cyber Security roadmap, oversee several programs: Identity and Access Management (IAM), Threat and Vulnerability Management (TVM) / risk based cyber hygiene and patching, and data security / privacy protection – among others - enabling corporate success objectives. • Lead the Security Education, Training and Awareness program, with an enhanced user outreach campaign. • Update the Policy Strategy and timeline to account for the many security and privacy policies and processes required (including GRC/ERM efforts) • Provide a vCISO service to our customers – leveraging our extensive in-house expertise.• Qualifications: MS Elect Engr & MA Mgmt, Certifications in: CISSP, CISO, Pgm Mgmt, and SysEngr.

As the initial company CISO, lead the effective execution our security team’s responsibilities, which include:• Orchestrate all aspects of the IT security department operations, projects, policies, and initiatives.• Established a continuous assessment of current IT security practices, processes and systems, including security audits, risk assessments, vulnerability management, and penetration tests.• Developed and executing a risk based security strategy (RBSS), recommending the ‘best risk value’ capabilities (implementing encryption, DLP, PAM, etc) - enabling the business objectives and innovation.• Developing an overall privacy protection program supporting GDPR, CCPA, etc. and numerous other laws.• Developed, implemented and exercising an integrated computer security incident / data breach response plan along with a proactive cyber awareness and training program.• Conducted several risk assessments (for the enterprise overall and also ransomware and data breach) then updated and verified the RBBS, providing an optimized security architecture and risk mitigation budget to leadership.• Planned, executed and passed the first SSAE18 SOC2 Audit, unqualified - with no reported findings.• Developing an initial company-wide GRC / ERM program focused on corporate risk and privacy compliance.

• Developed and implemented a risk based security strategy (RBSS) supporting the cyber risk lifecycle of global security services and products. No security incidents or data breaches during my tenure.• Within the RBSS and Cyber Security roadmap, developed: Identity and Access Management (IAM), Threat and Vulnerability Management (TVM), and data security / privacy protection programs enabling the corporate strategic plan success objectives. Increased cyber maturity from adhoc (1.5) to repeatable (3+).• Developed a department wide risk management (RM) initiative – including a RM Plan executing a dynamic risk register, prioritizing mitigations based on overall “risk value.” Significantly lowering the overall threat posture.• Conducted data breach and ransomware risk minimization assessments, integrated into the RBSS. Updated and exercised our security incident response plan. • Enhanced our Security Education, Awareness and Training program and established a Policy Strategy to execute the litany of security policies and processes required.• Created an enterprise security architecture strategy, based on complying with the NIST cyber security framework and CIS top 20 critical security controls.• Developed a technical controls assessment approach for the EU’s General Data Protection Regulation (GDPR) that becomes law in May 2018.• Supported DevSecOps with a Secure SDLC process, focused on secure coding practices and testing

Leadership tour as the Chief Systems Engineer (CSE) (Senior GS-15) for SPAWAR / C4ISR / IT / networks in Navy large deck ships and aircraft integration (e.g., interoperability, architectures, interfaces, IA/security/cyber, specifications, etc). 25 years’ experience in IT/IA technical and operational leadership positions in diverse government and commercial venues; such as: program manager, IA/cyber technical authority, enterprise network operations, IT/cyber installation management, enterprise test director, and nuclear power supervisor, among others.• Command CSE / technical authority for capability development and deployment in complex platforms and aviation integration domains for critical systems supporting overall platform mission assurance – the C4ISR/IT vision, enterprise architecture and strategy therein.• Supported the Command Chief Engineer / senior leadership on wide-ranging enterprise level platform systems engineering (SE) activities centered on complex integration and interoperability issues: standards inputs & compliance, cybersecurity, quality assurance, infrastructure delivery, safety, etc.• Performed cross-platform, cross-system risk assessments. Identified issues and led cross-organization mitigation collaboration gaining enhanced integration and interoperability (I&I).•Developed integrated test and evaluation processes for C4ISR / IT systems that facilitated verification and validation methods, enhancing ‘systems of systems’ enterprise, end-to-end I&I.• Developed extensive experience in certification and accreditation, testing/verification/validation and related systems design, integrated / concurrent engineering and capability development activities.STRENGTHS / SKILLS:• Program Management • Situational Leadership • Communications & Relationships• Systems / Electrical Engr • IA / Security / Cyber • Critical Thinking / Simplification• Business Risk Reduction • Strategic Planning / Vision • Transition / Change Management

--- Information Assurance (IA) Technical Authority / Process Owner (TPO) (SPAWAR technical warrant holder)- Developed and institutionalized technical processes to ensure that IA standards and processes are accomplished and included within NSA/NIST requirements and best engineering practices, including: requirements, design reviews, certifications and metrics.- Represented and managed overall IA requirements to ensure individuals and organizations were aware of IA issues and technical decisions that affect system design and interoperability.- Provided IA technical assistance to all of TEAM SPAWAR (PEO C4I / JTRS / EIS).- Implemented effective IA guides throughout SETR phases and CCA/MDA artifacts. --- IA/Security Products DivHd / Principle APM.- Responsible for all aspects of procuring, supporting and maintaining Information Assurance (IA) products/security devices (EKMS/KMI, PKI/CAC, Crypto, Secure Voice, CND, etc) for the “fleet” (USN, USMC, USCG and MSC), overseeing 5-6 Assistant PMs. - Initiated and led the USN Cryptographic Modernization Program, which has a yearly TOA around $150M and is responsible for nearly a billion dollars over the defense budget cycle. Chaired numerous technical working groups and forums with other military services/ agencies/NSA participation. - Integrated a distributed USN CryptoMod team that led the way for all services/agencies – earned a SPAWAR lightning bolt team award and a LoA from Canada stating “ best CryptoMod team ever” where one visit with our CryptoMod team saved them $millions.- Spearheaded the IA/Cyber oversight and certification of an end-to-end network security architecture for the largest intranet in the world (NMCI) having well over 400,000 users across 300+ locations.