Founded information security consultation firm to help companies improve their information security programs; significantly reducing the likelihood and impact of a breach.• Established and executed the information security strategy, structure, and programs for companies in alignment with their risk tolerance and strategic objectives, acting as their virtual Chief Information Security Officer.• Provided strategic guidance on Information Security and Privacy to executive leadership and the Board, ensuring compliance with applicable regulations and best practices.• Empowered companies to securely harness the power of the cloud by developing cloud security requirements and offering guidance on utilizing cutting-edge technology methodologies, such as infrastructure as code and serverless technologies, to strengthen the security of applications and systems, streamline development, deployment, and management processes, and effectively reduce costs.• Designed, programmed, and implemented a custom fully automated asset and vulnerability management system that integrates and leverages enterprise systems to provide an always up-to-date contextually aware view into systems and vulnerabilities across the company. This system manages the components involved in the tracking and trending of assets and vulnerabilities including custom dashboards, reports, automated logic, and notifications.• Designed, programmed, and implemented a custom Third-Party Information Security and Privacy Risk platform that automates Information Security and Privacy Reviews through the automation of dynamic questionnaires, logic flows, automated risk calculations, reports, and emails. This has enabled the expansion of the Third-Party Risk Management Program and reduced the effective costs of reviews by 65%.

Created the Security Department from the ground up including the development and implementation of Beachbody’s security governance, programs, security controls, and team. Reporting to the COO and President, responsible for global information security, physical security, and cyber fraud.• Developed and executed a three-year security roadmap targeting a “Good” level of security that aligned with the company’s risk tolerance; balancing security needs with business requirements and enabling growth.• Formalized the Threat and Vulnerability Management Program, including the establishment of sensible remediation Service Level Agreements, resulting in a 95% reduction in system, network, and application vulnerabilities.• Enabled the secure adoption of the cloud through the implementation of cloud security requirements and controls; allowing the business to securely leverage AWS’s flexibility, scalability, and features (e.g. Dev Ops and Infrastructure as Code). This enabled the global launch of Beachbody On Demand, Beachbody’s premier content streaming service; Coach Online Office, empowering over 350,000 business partners to self-service; and the creation of Beachbody’s Business Intelligence system.

Responsible for providing information security and digital forensics consultation, developing and publicly presenting new service offerings, interfacing with key customers, and directing consultants across service engagements.• Developed Guidance Software’s Cyber Security, Incident Response, and Development Programs.• Architected Bank of America’s Advanced Persistent Threat (APT) Analytics system that collects and analyzes snapshot and registry data from over 500,000 systems on a weekly basis. This solution leveraged a custom version of EnCase Cybersecurity and has identified Indicators of Compromise (IOCs) that no other information security controls have detected.• Created a new “EnCase Innovations” Professional Services portfolio leveraging developer non-billable and billable time to develop marketable products, resulting in millions of dollars of additional sales.

Recruited to be a leader on the Threat Response Team to stop hackers from breaching Symantec’s systems.• Secured Symantec’s global assets through proactive and reactive response to information security incidents.• Led incident investigations involving Advanced Persistent Threats (APTs), Insider Threats, and Data Leakage.• Conducted extensive digital forensic analysis to determine the origin, extent, and root-cause of attacks.• Trained senior analysts in digital forensics, incident response, and other facets of IT Security.

Founded information security consultation firm to provide information security and digital forensics services to the federal, state, and local government.• Created and led the Computer Incident Response and Forensics Teams for the Food and Drug Administration and the Washington Metropolitan Area Transit Authority.• Trained CIRT Analysts in digital forensics, ethical hacking, packet analysis, security hardening, application security, malware analysis, reverse engineering, and other cyber security skills.• Implemented EnCase Information Assurance, EnCase eDiscovery, and EnCase Enterprise.

• Implemented and managed Opsware Network Automation System to support Time Warner’s commercial network devices, improving national network security compliance from 12% to 70%.• Managed client’s networks and systems including vulnerability remediation, incident response, network and system administration, and technical consultation on new research and development initiatives.• Provided technical consultation services to clients including security consultation, web development, network and system engineering, database administration, data recovery, and training.