Strategic Leadership: Steer the company's vision, mission, and strategic direction, ensuring alignment with the evolving cybersecurity landscape and regulatory compliance demands. Lead a team of cybersecurity professionals, fostering a culture of excellence, innovation, and continuous learning.Client Relationships & Partnerships: Cultivate and nurture strategic partnerships, including our collaboration as a Microsoft Partner, to deliver cutting-edge cybersecurity solutions. Engage directly with clients, from federal contractors and aerospace firms to healthcare entities, ensuring tailored solutions that address unique challenges.Regulatory Compliance Oversight: Oversee the implementation and management of compliance frameworks including ITAR, CMMC, NIST SP 800-171, DFARS 252.204-7012, ISO 27001, and CUI. Ensure that all services offered adhere to industry standards and best practices.Business Development: Direct business growth initiatives, identifying opportunities within high-regulatory sectors. Drive marketing and outreach efforts to position the company as a leading choice for cybersecurity and compliance services.Operational Excellence: Ensure seamless internal operations, optimizing processes for efficiency, and ensuring a high level of service delivery. Manage risk assessments, cybersecurity initiatives, and technology adoption across the organization.Continuous Learning & Development: Stay abreast of industry trends, threats, and emerging technologies. Facilitate continuous training and development programs for the team, ensuring our expertise remains unparalleled in the industry.Stakeholder Communication: Act as the primary spokesperson for the company, liaising with stakeholders, media, and industry forums. Ensure transparent communication regarding company achievements, challenges, and strategic decisions.

Founder and podcast host for InfoSec Battlefield.

At HIPAA Certify, a leader in HIPAA compliance consulting, I spearhead the development and implementation of comprehensive information security policies, procedures, and controls to ensure the confidentiality, integrity, and availability of electronic protected health information (ePHI). Key achievements and responsibilities include:Compliance Leadership: Directed the alignment of our information security practices with HIPAA requirements, significantly reducing risks and safeguarding patient data across all platforms and interactions.Risk Management: Conducted thorough risk assessments and audits to identify vulnerabilities, leading to the development of strategic risk mitigation plans and enhancing our overall security posture.Policy Development: Crafted and implemented robust information security policies and procedures, ensuring they are in full compliance with HIPAA regulations and effectively communicated to all stakeholders.Incident Response: Developed and led a responsive incident management program, minimizing the impact of security incidents on patient privacy and company operations.Training and Awareness: Spearheaded comprehensive training programs to increase security awareness among employees, promoting a culture of security and compliance throughout the organization.Cross-Functional Collaboration: Worked closely with healthcare providers, IT, and legal teams to ensure seamless integration of security measures with clinical operations and compliance objectives.In this role, I leverage my expertise in information security and compliance to champion HIPAA Certify’s mission of delivering top-tier HIPAA compliance solutions, ensuring our clients and their patients' data are protected against evolving cyber threats.

Responsible for advising public and private sector customers on information governance and compliance for SharePoint and Office 365 using AvePoint products.• Conduct In person and virtual Information Governance Workshops• Assist companies with rolling Microsoft Teams in response to Coronavirus• Setup and configure DocAve, Governance Automation and SharePoint & Office 365 Migration • Assist customers with developing and actionable governance plan• Groomed governance use cases to be used with AvePoint products• Expert in Governance Automation policy and service creation

In my role, I drive security innovation within Microsoft 365 environments, focusing on Microsoft Commercial and GCC High sectors. My approach integrates advanced Microsoft Purview applications, including Azure Information Protection (AIP) and Data Loss Prevention (DLP), with a solid foundation in cybersecurity and compliance frameworks.Microsoft Purview Implementation: Spearheading the deployment of AIP and DLP to safeguard sensitive data, my work emphasizes creating resilient data protection strategies tailored for the unique needs of Microsoft Commercial and GCC High environments. This initiative significantly mitigates data breach risks and aligns with privacy regulations.Strategic Risk and Compliance Leadership: By crafting and executing comprehensive security strategies, I ensure alignment with NIST SP 800-53, RMF, and FISMA standards, particularly tailored for the stringent requirements of GCC High. My leadership in this area has been pivotal in elevating our cybersecurity posture and ensuring regulatory compliance.Governance, Risk, and Compliance (GRC) Expertise: My experience extends to leveraging top GRC frameworks/tools - Tenable and Archer enhancing our organization's ability to meet and exceed the rigorous compliance demands of both Microsoft Commercial and GCC High sectors.Proactive IT Audit Engagement: I lead by example in conducting IT audits using FISCAM processes, applying my deep understanding of NIST Risk Management and Cybersecurity Frameworks to fortify our IT controls and processes, ensuring a secure and compliant IT environment across all operational levels.My role is instrumental in not only securing our Microsoft 365 deployments but also in ensuring they thrive within the demanding compliance landscapes of Microsoft Commercial and GCC High environments. Through strategic application of Microsoft Purview tools and adherence to comprehensive cybersecurity frameworks, I foster a secure, compliant, and resilient digital ecosystem.

Throughout my time at LongView International, I assumed a crucial role in successfully managing complex projects aimed at obtaining the coveted Authority to Operate (ATO) and ensuring full FedRamp compliance. I reinforced our defenses with critical security measures and conducted thorough system audits to meet the demanding standards of NIST 800-171 and industry-specific regulations.One of my significant contributions was leading cross-functional teams in the deployment and maintenance of secure Office 365 environments. This involved the implementation of crucial security features such as Data Loss Prevention (DLP), Multi-Factor Authentication (MFA), and encryption, all of which significantly enhanced our overall data protection.I was responsible for the design and implementation of information security policies, standards, and procedures, aligning them meticulously with industry best practices and regulatory requirements. This alignment ensured that our security measures were in line with the highest standards.The continuous identification of potential vulnerabilities was an integral part of my role, and I regularly conducted security assessments and audits. Subsequently, I developed and implemented remediation plans to mitigate the identified risks, thereby strengthening our overall security posture.In addition to my technical responsibilities, I was deeply committed to enhancing security awareness throughout the organization. I accomplished this through the design and delivery of tailored training programs, fostering employee compliance with security policies and procedures.I proactively cultivated valuable external partnerships with auditors, vendors, and law enforcement agencies, facilitating collaborative efforts to bolster our security framework. Furthermore, I spearheaded the integration of robust security principles into the design and deployment of new systems and applications, strengthening our online ecosystem against emerging threats.