VCISO for mid-market organizations. I manage cybersecurity programs by identifying and mitigating risks and ensuring compliance with regulatory requirements.Conduct proactive qualitative and quantitative risk assessments based on NIST RMF, Attack Surface Monitoring, and Penetration Testing for On-Premise and Cloud Infrastructure.Manage cybersecurity strategy and execution by rolling out critical security controls, vulnerability and patch management programs, security monitoring, and incident response based on NIST CSF and CIS 18 controls.Ensuring compliance with regulatory requirements - ISO 27001, SOC2, PCI DSS, and HIPAA.

Taught Cybersecurity concepts and hands-on exercises to help aspiring students graduate as qualified cybersecurity professionals. Topics Covered included Windows and Linux Security, Infrastructure Security, Cloud Security, Application Security, Vulnerability Management, and Penetration Testing.

Spearheaded design, implementation, and oversight of the Security Operations Center, ensuring continuous visibility into security alerts and prompt response to threats.Successfully guided through PCI compliance, with meticulous gap analysis, phased implementation, and ongoing monitoring, safeguarding sensitive cardholder data.Filled critical logging gaps, enabling rapid security alert verification and reduced investigation times. Optimized log collection and consolidation processes, leading to a decrease in incident response timeImproved Security Processes: Achieved faster resolution times and enhanced system integrity by establishing processes around proactive risk management and compliance initiatives.

Spearheaded comprehensive penetration testing initiatives for forgotten online games, uncovering critical vulnerabilities and preventing potential breaches. This proactive approach significantly reduced EA Sports' attack surface and protected internal assets.Developed and implemented a centralized security architecture framework to standardize identity and resource management across all EA Sports studios. This initiative eliminated siloed security practices and streamlined maintenance efforts, boosting overall security posture.Guided secure software development lifecycle (SDLC): Advocated for and implemented a standardized, secure SDLC process for game development. This included conducting threat modeling, static code analysis, and penetration testing before deployment, leading to the early identification and remediation of security vulnerabilities.Reduced external attack surface by proactive penetration testing and meticulous vulnerability remediation, significantly minimized the potential entry points for attackers.Centralized security architecture fostered improved security across studios and simplified maintenance, increasing resource efficiency and reducing costs.

Led the implementation of robust security practices throughout the software development lifecycle, ensuring applications were built with security in mind from conception to deployment. This included secure coding practices, vulnerability assessments, penetration testing, and granular access control mechanisms.Developed a secure channel for exchanging anonymized driving data with B2B partners, enabling a personalized insurance program that rewarded safe drivers. This project involved integrating multiple systems while adhering to strict data privacy regulations, ultimately leading to increased user adoption and improved risk assessment for the company.Designed and implemented a secure environment for processing and storing sensitive health insurance data in compliance with HIPAA regulations. This involved implementing granular access controls, encryption, and continuous security monitoring to ensure data integrity and prevent unauthorized access.

Document Management Transformation: Led the successful migration of Pfizer's documentation and legacy applications to a centralized document management platform. This initiative involved identifying and evaluating solutions, designing the migration strategy, and overseeing the implementation process, ensuring seamless integration with existing systems.Implemented a single sign-on (SSO) approach by integrating the document management platform with Pfizer's identity authentication system. This streamlined user access and improved security by reducing the need for separate login credentials.Developed and implemented a robust access control system within the document management platform, ensuring authorized personnel have appropriate access to sensitive information while restricting access for unauthorized users. This enhanced data security and compliance with relevant regulations.Reduced Operational Costs: Decommissioned legacy applications and streamlined document management processes, leading to cost savings and increased operational efficiency.

Led SOX Compliance and Auditability: Led the implementation of comprehensive activity logging controls across all in-scope Linux systems, ensuring complete audit trails for user actions and compliance with Sarbanes-Oxley (SOX) regulations. This initiative significantly improved data security and streamlined the audit process.Established Secure SDLC Practices: Advocated for and implemented a standardized and secure software development lifecycle (SDLC) within Goldman Sachs. This included establishing a robust change management process with regression testing and backout plans, minimizing risks associated with production code changes, and fostering a culture of secure development. Infrastructure Modernization: Led the successful migration of critical applications from legacy mainframe servers to a modern Enterprise Linux environment. This complex project involved meticulous planning, cross-departmental collaboration, and seamless execution, ultimately enhancing scalability, agility, and cost-efficiency for the company's IT infrastructure.Impactful Achievements:Enabled comprehensive auditability and addressed identified gaps in activity logging, ensuring Goldman Sachs met regulatory requirements.Standardized and documented change management process minimized production errors and improved overall system stability and performance.Enhanced IT infrastructure: Successfully migrated to a scalable and cost-effective Linux environment, future-proofing Goldman Sachs' technology landscape.