Internal Cybersecurity | Compliance | IT Operations | Security Services Delivery (SOC/vCISO)

- Led internal audit and gap assessment against NIST 800-53 and CSF 1.1, reprioritizing of over 35% of the department’s existing budget toward effective, immediate program improvements in less than 6 months- Negotiated data-driven annual budget and staffing increases of 25% and 40% respectively, improving Information Security capabilities and team resiliency across functional disciplines- Reduced contracting expense by 60%, and improved operational support for the team, by consolidating resources to key areas in Compliance and Product Security- Shifted Information Security from a primarily tool and compliance administration team to an Engineering organization partner with mature vulnerability management, threat modeling, architecture design, and secure coding training- Deployed new engaging monthly security awareness training leading to a 70% improvement in phishing metrics- Established and driving a renewed security culture across the entire organization via a careful combination of effective tooling, communications strategy, and proactive services offered by Information Security

(Respond Software, acquired by FireEye/Mandiant, Inc. in November 2020)- Led product and infrastructure security integration for Mandiant Defense, formerly Respond Software, fully onboarding the engineering team and product into Mandiant in less than six months- Designed, championed, and ultimately drove adoption of multiple technologies and engineering best-practices from acquisition across Mandiant’s comprehensive Engineering organization- Organically improved and expanded product security and traditional compliance services within Mandiant adjacent to the incumbent Information Security organization- Established, championed, and led an agile team in accomplishing FedRAMP Ready High / IL-5 for Mandiant Advantage Services in less than half the time, and staff, of Mandiant’s existing FedRAMP Moderate offering- Partnered with senior leadership to enable the successful acquisition of Mandiant by Google Cloud throughout extensive infrastructure and code review, risk assessment, and operational team alignment

FedRAMP ISSO and Privacy Officer- Designed and led ground-up Security Program initiative, culminating in successful Merger and Acquisition due diligence activities for Fireeye, Inc (Dec. 2020). - Initiated and directed FedRAMP High, Impact Level 5 preparation before, during, and post-acquisition

- Pen test and bug bounty community events, training, and tools

Security and Privacy Officer- Implemented product and infrastructure best-practice security testing, third party pen test, and policy - Led succcessful, unqualified SOC 2 Type 1 and Type 2 audits- Designed and led on-premises Respond Analyst architecture, DevOps tooling, operational support, and Information Security and Compliance functions- Established formal security training program, including custom development of capture the flag and secure coding training support for Engineering

- Designed and led optimization efforts resulting in 2.5x delivery capacity, 75% reduction in vulnerability triage time, and 312% increase in Net Promoter Score year-over-year- Provided servant leadership direction to a diverse, globally distributed team of information security professionals- Planned, implemented, and drove growth strategy for crowdsourced penetration testing offerings for multiple Fortune 50 organizations- Architected, developed, and supported internal tooling for service monitoring and program operations- Primary application security subject matter expert for customer program support

Consistently drove technical initiatives by providing extensive subject matter expertise as technical team lead for a diverse range of software security and static software testing. Created, implemented, directed and supported technical innovation and application of best-in-class HP Enterprise testing products. Streamlined and enhanced technical procedures by serving as liaison between Sales, Account Management, and Delivery personnel for high profile clientele. Directly supported junior staff through the provisioning of effective training and mentoring.

Served as Fortify on Demand software security subject matter expert and operational team lead for static software testing. Developed, implemented and championed team-wide best practices for accelerated SaaS application security assessments while simultaneously maintaining high contractual SLA compliance with 24/7 delivery operation.Led a successful 400% worldwide team expansion of over 20 analysts supporting 75% year-over-year SaaS market growth.

Utilized source code analysis with proprietary automated testing tools and manual inspection. Directly contributed to practice-level policy development and process improvements. Routinely improved testing methods by designing and delivering customized tools and practices.

Collected and retained log data while ensuring data integrity for all critical or PCI-relevant network hosts. Coordinated technical security incidents with human resources inquiries to assist in event investigation. Conceptualized, administered and directed secure file transfers for both internal and external business matters.Created, executed and supported custom reports for technical teams while also managing all system issues. Acted as primary information security contact for OS X, mobile devices and other technical concerns. Provided support as backup administrator for mobile encryption, antivirus, NISKUN and ad hoc file transfers.

Served as subject matter expert for Aflac’s iOS devices and OS X systems, including driving deployment planning, infrastructure evaluation, training, system administration of end user machines and OS X production servers. Configured and tested all third party and vendor software for roll-out while also conducting quality testing.Effectively managed multiple projects by serving as liaison between non-technical C-level executive customers and IT department representatives to ensure initial technology adoption and ongoing capability enhancements. Supported C-level executive customers daily IT support needs with regard to functionality and adaptability.Continuously researched, implemented and directed best practice solutions to enhance corporate objectives.

Directly supported business functions through the development and maintenance of repair services that boosted services, decreased duplicate client calls, increased company consulting hours and budgeted for IT outsourcing. Maintained on-site email hosting for 10 small businesses and multiple individual consumers using Roundcube. Led the creation, management and daily activities of the largest volume Apple Authorized Repair Center in Alabama, with service metric scores consistently exceeding goals by 125%.Created a proprietary reverse VNC solution for a maintenance client, thereby decreasing issue response time to 30 minutes from 2 hours. Secured a partnership with Hiwaay DSL Internet Services to create Homewood’s first public hotspot portal.