• PCI Practice Lead and program manager; I serve as the primary point of contact for all PCI DSS initiatives, inquiries, methodologies, templates, documentation, training, and support.• PCI Qualified Security Assessor (QSA); I currently hold and maintain my QSA certification and lead client engagements across multiple industry verticals.• HITRUST Practitioner; having obtained both the HITRUST CCSFP and CHQP certifications, I focus on Quality Control for HITRUST i1 and r2 validated assessments. • Thought Leader; I have authored multiple articles on payment card security and PCI DSS v4.0 that were published in corporate blog e-mails and on the company website.• Individual Contributor; I have contributed to projects focused on industry frameworks such as GLBA's FTC Safeguards Rule, NYDFS 23 NYCRR Part 500, NY Shield Act, GDPR, and CCPA.• Business Development; I am actively involved in the sales lifecycle for existing and prospective clients and contribute to rapid growth in our practice.

• Managed a fully remote team of information security consultants; responsible for hiring, training, and mentor-ship of staff• Assessed complex IT environments for clients across multiple industries, including, but not limited to: Retail, Healthcare, State & Local Government, Higher Education, Utility, Aviation, Petroleum, and Technology• Produced PCI DSS Report on Compliance (ROC), PCI DSS Self-Assessment Questionnaire (SAQ), ITGCR, GAP, Risk, Rogue Wireless, and HITRUST CSF Assessment reports• Assumed the lead on various governance, risk, and compliance assessments as well as independent IT security audits• Managed priorities, tasks, and hours on projects to achieve revenue and utilization targets• Performed extensive testing of client information systems to ensure integrity and effectiveness of security measures and technical controls; and verified they are aligned with corporate policies, procedures, laws, regulations, and industry best practices• Assisted in the training of other team members, developed standardized tools and methodologies, and contributed to client teams across the organization• Established and maintained positive, collaborative relationships with clients and stakeholders• Continued to develop professionally by maintaining industry specific certifications and a strong depth of knowledge in relevant practice areas

• Worked daily with client production servers, terminal servers, virtual desktop environments, and Epicor Eclipse ERP• Systems administration: Active Directory, logical access controls, security policy, group policy, and data ownership• Network administration: configuration management, troubleshooting, traffic analysis, and incident response• Operated as the technical supervisor of 8-10 employees• Assisted on all escalated technical issues, as well as major project implementations• Functioned as a Managed Service Provider conducting monitoring, remote and on-site support, maintenance, and reporting for 1-2 dozen client companies• Offered professional advisory services in security, audit, infrastructure, forensics, and ERP systems• Performed patching and vulnerability assessments using tools such as: Microsoft Baseline Security Analyzer, Kaseya, Belarc Advisor, N-able, Qualys, and Nessus• Gained basic exposure to penetration testing tools such as: Metasploit, Aircrack, Wireshark, as well as social engineering techniques• Performed in-depth security audits and risk assessments using ISO 27001/2, and NIST frameworks as guidelines• Performed enterprise, network, and terminal server incident response and malware removal• Developed post-mortem incident reports• Cisco ASA traffic filter monitoring• Served as part of a 24x7x365 incident response team • Utilized EnCase and FTK to perform forensic analysis• Managed VMware ESXi servers• Project managed, and successfully deployed, a Citrix XenServer housing 50 virtual machines• Completed a successful Exchange to Office 365 cutover migration for 150 employee-branch• Tier-2 Eclipse ERP support and report writing

• Helpdesk level 2 and 3 support• Performed troubleshooting and repair of all hardware and software related issues• Mastered Windows XP/Vista/7/8.1 Server 2003/Server 2008 and Mac OS X• Physical repair• Troubleshooting various OS and software issues• Incident response• Internal ticketing• Malware removal• Threat analysis• Technical writing of malware removal guides published to our affiliate websites• Data recovery of SATA, IDE, and USB drives• Forensic analysis