Responsible for training and consulting practice.* Created Effective Security Leader 8-hour training by compiling practical guidance and personal experience.* Delivered leadership training to 45+ professionals by conducting 5 Effective Security Leader trainings (NPS 58, n=12).* Delivered guidance to peers by contributing to "Tribe of Hackers: Security Leaders" book and presenting at 17 regional conferences.

Direct global team. Report to executives and Board. Responsible for information security program including protection, detection, response, application security, public bug bounty, privacy and compliance engineering, governance, and vendor reviews. Manage budget. Advise stakeholders on enterprise risk, regulations (PCI DSS, GDPR/CCPA), and fraud mitigation. Contribute to acquisition diligence.* Aligned team to strategic priorities in first 90 days by preparing communications plan and restructuring organization.* Created baseline program metrics in first 150 days by completing capability maturity assessment.* Assumed accountability for cyber-risk management by reporting quarterly to Board of Directors (alternating full & Audit).* Developed 18-month strategic vision by conducting listening sessions, engaging external consultant, and setting ambitious goals.* Delivered cyber diligence for 2 simultaneous acquisitions by interviewing SMEs, engaging consultants, and quantifying findings.* Enabled payments compliance with EBA regulations by designing and implementing program for EU entity with SLAs.* Led engineering culture shift to PR-based flow enabling efficient code inspection and risk oversight by advocating with leadership.* Built AppSec team to address known gaps by promoting from within, training manager, and aggressively hiring.* Initiated transition to enterprise-wide program by identifying opportunity, developing risk-based case, and presenting proposal.* Increased cyber-risk awareness for the Board and Executive Team by conducting tabletop exercise with outside counsel.* Resolved management concerns over acquisition SOX compliance by implementing solution in 2 months.* Reduced endpoint security risk by proposing evaluation, tool consolidation, and deploying EDR to endpoints.* Acted as commander for potential major incidents by facilitating communication and coordination across departments and segments.

Directed global team. Reported to risk committees and executives. Responsible for information security protection program including requirements, implementation, and operation, aligned with NIST CSF. Served as CISO for consumer segment (Netspend). Managed budget. Supported SOC, DFIR, GRC, IAM, assurance, and audit. Advised stakeholders on regulations (PCI DSS, FFIEC), audit responses, and client requirements. Served as Supplier Manager for critical vendor. Contributed to acquisition diligence.* Unified 3 distinct engineering teams by hiring/coaching managers, building functional teams, and incorporating offshore resources.* Built cloud security competency for engineering team in 6 months by obtaining funding and directing training/certification effort.* Remediated cybersecurity gaps over multi-year Board initiative by completing projects, consolidating tools, standardizing processes.* Reduced cloud security risk by proposing, designing, and implementing CASB protection of SaaS applications.* Reduced endpoint security risk by proposing project with consolidation and deploying EDR to endpoints.* Reduced endpoint security risk by proposing and deploying selective browser isolation to employees.* Expanded third-party risk oversight to comply with NYDFS regulation (23 NYCRR 500) by streamlining entire process.* Improved network protection by consolidating tools and replacing IPS and sandbox with NGFW across all data centers.* Improved data protection by expanding DLP globally, increasing endpoint coverage 150%, and completing major software upgrade.* Enabled enterprise email migration by partnering to implement conditional access, event monitoring, and cloud DLP.* Realized annual savings after 2 corporate acquisitions by directing security engineering integration and rationalizing tools.* Reduced [projected] annual expense 50% by replacing on-premises WAF with managed solution.

Responsible for strategy, planning, and facilitating meetings and working sessions. Promoted collaboration and information sharing among 40+ security leaders.* Published Information Security Program Essentials Guide with Texas CISO Council by editing contributions from 12 experts.* Led Council by planning and facilitating 40 meetings and working sessions (as of Sep 2019).

Directed global team. Responsible for information security engineering and operations program including protection, detection, response, and application security, aligned with HITRUST CSF. Managed budget. Contributed to executive reporting. Supported sales on customer calls. Advised stakeholders in legal negotiations. Contributed to acquisition diligence.* Built global team and increased 500% in 3 years by training managers, recruiting from community, and expanding offshore.* Reduced cloud security risk for health care product transition to cloud by providing architecture and HIPAA regulatory guidance.* Reduced cloud security risk by designing and implementing continuous configuration assurance.* Reduced network and endpoint security risk by designing and implementing secure web gateway.* Reduced endpoint security risk by deploying SSO and MFA to employees.* Promoted application security awareness for developers by creating and deploying mandatory instructor-led training program.* Improved software assurance practice by creating and fostering global network of security-conscious developers (champions).* Improved incident response practice by planning and facilitating technical and executive-level simulations.* Enabled communication and partnership for 4 acquisitions by directing security technology integration.* Participated in firm-wide strategic planning by developing 3-year security technology strategy.* Delivered 3 major purchase evaluations by developing requirements, test plans and directing POC activities.* Promoted security awareness for customers by contributing to 2 Daily Briefing articles.

Managed distributed team. Responsible for information security engineering and operations program including protection, detection, response, and application security, aligned with HITRUST CSF. Managed budget. Contributed to executive reporting. Advised stakeholders in legal negotiations. Contributed to acquisition diligence.* Improved software assurance practice by directing third-party BSIMM assessment and developing 18-month maturity roadmap.* Improved network protection, increased efficiency, and reduced false positives by replacing legacy IPS with MSSP platform.* Improved IT relationship and increased efficiency 60% by optimizing vulnerability scans.* Improved network, endpoint, and application visibility by expanding and optimizing log collection and aggregation.* Built incident response plan, process, and team by creating documentation, designating members, and directing activities.

Elected officer (re-elected December 2012) responsible for membership growth and financial health. Led the Chapter by establishing vision, coordinating efforts of 9 elected officers and other volunteer leaders, directing monthly Board meetings, presiding at monthly Chapter meetings, partnering with related organizations (InfraGard, OWASP, HIMSS). Represented the Chapter.* Achieved recognition as Chapter of the Year in 2013.* Organized and coordinated 40% more events in 2012 for a total of 20 and maintained the level in 2013.* Led multiple teams in support of 14 Austin-area security conferences over 2 years.* Began the Career Development and Mentoring program.* Expanded leadership role of the President to include quarterly strategic planning and annual reporting responsibility.* Increased event attendance by 100% over 2 years to an average of 84 attendees (+65% in 2012, +20% in 2013).* Increased Chapter reach by 160% over 2 years to more than 1250 professionals (+125% in 2012, +15% in 2013).* Increased Chapter membership by 72% over 2 years to more than 230 members (+35% in 2012, +28% in 2013).

Elected officer responsible for managing monthly educational events. Coordinated topics, speakers, and logistics. Participated with Board members in planning and coordinating larger quarterly training events.

Managed team. Responsible for information security program including governance, operations, access control, and compliance. Responsible for IAM platform. Managed budget. Reported to agency leaders. Advised Permanent School Fund executives. Represented agency on Statewide Advisory Committee.* Reduced application security risk for 9 applications by directing migration from legacy access control to IAM platform.* Enabled educator identity migration to IAM platform by directing, staffing, and training temporary call center.* Created software assurance program based on OpenSAMM by developing maturity roadmap.* Promoted security awareness for employees and contractors by creating and deploying instructor-led training program.* Promoted collaboration and information sharing among state agency security leaders by co-founding the Texas ISO Roundtable.* Achieved Certified FAIR Risk Analyst certification.

Served as lead on risk assessments, penetration testing, and incident response. Responsible for engagement scoping, delivery, and briefing executive and technical audiences. Advised clients on GRC, architecture, access control, vulnerability management, monitoring, incident response, and disaster recovery.* Delivered risk reduction guidance to 10 enterprise clients in financial services, retail, and defense by performing assessments.* Conducted incident detection and response for 5 clients by leading teams of up to 15.* Validated firewall configuration and covert channel detection for defense contractor by performing blind penetration testing.* Improved methodology for risk assessments and aligned with ISO 27002 by leveraging Shared Assessments SIG questionnaire.* Improved methodology for application security assessments by leveraging OpenSAMM approach and OWASP resources.* Improved employee morale and professional development by creating and directing mentoring program and mentoring 5 employees.* Delivered 10 results briefings to enterprise client executives by preparing report summary presentations.

Responsible for development and delivery of information security services. Responsible for engagement scoping, delivery, and briefing executive and technical audiences. Advised clients on GRC, architecture, access control, vulnerability management, monitoring, incident response, and disaster recovery.* Delivered risk reduction guidance to 5 clients in health care, financial services, and education by performing assessments.* Delivered intranet/extranet collaboration to 5 clients by designing and implementing MS Office Sharepoint Server 2007 portals.* Delivered secure file sharing to clients by designing and implementing MS Active Directory, PKI, and RMS solutions.* Achieved MCP certification.

Responsible for development and delivery of network security services. Responsible for assessment planning, execution, and reporting. Performed troubleshooting on systems and networks.* Provided comprehensive hosting (domain, web, email, database, application) to SMB clients with custom-built infrastructure.* Delivered affordable security to SMB clients by performing assessments using toolset of free and open source software.* Delivered affordable remote management and technical support to SMB clients by developing OpenBSD multi-node IPsec VPN.* Delivered affordable network access and file sharing to SMB clients by introducing OpenBSD appliances running Samba.* Achieved CISSP certification.

Responsible for client network setup, support, and maintenance. Installed, tested, and repaired hardware (routers, switches, wireless), software (hosting, groupware, storage), and wiring.* Preserved customers for regional ISP during leadership transition by acting as tier 3 escalation for support staff.