• Assisting Customers in establishing cybersecurity frameworks, enhancing data protection, security assessments and compliance.• Evaluating investment prospects for VCs, assessing disruptiveness, growth potential, and pricing.• Led initiatives to achieve SOC2 compliance, significantly boosting customer acquisition speed.• Partnered with clients to improve data protection and compliance, implementing GDPR, SOC2, ISO standards.

• Advise on security & privacy protocols, ensuring compliance and safeguarding data integrity with proactive solutions.

• Led security, IT, and privacy operations, reducing AWS and tool costs by $3M, enhancing budget efficiency.• Chaired Enterprise Risk Committee, developing first risk framework, improving risk management.• Automated 85% of customer security reviews, minimized follow-up to 10%, reducing days to close and customer acquisition costs.• Achieved ISO 27701 certification, cutting privacy-related customer inquiries by 65%, enhancing compliance.• Developed user experience focused IT program, 98% implementation of simplified & secure login process reducing help desk tickets.• Overhauled sales quote generation process with complete CPQ rebuild, automated 80% of the process, up from 0%• Streamlined IT operations by integrating new technologies, cutting operational costs by 25% and improving service delivery.

Global Executive Information Security and Privacy Consulting with a focus on building and improving overall corporate security programs. Worked with clients all over the world in multiple industries; e.g. Technology, Software Development, Defense & Intelligence (US and Foreign Gov't), Healthcare, Higher Ed, and Chemical- Provide Private Equity and Venture Capitalist security industry insight and market analysis on potential investments- vCISO role for companies to build out security program while helping to hire permanent CISO- Advise companies on meeting global privacy laws via practical implementation of privacy controls for GDPR, PIPEDA, CCPA, HIPAA, Pakistan PDPB, etc.- Guiding SaaS start-ups through the steps of implementing Privacy by Design and Security by Design principles into their processes early on to become a market differentiation- Compliance advisory, particularly cloud security related, for ISO 270xx, SOC2, SOX, HITRUST, HIPAA, GDPR, CCPA, and FedRAMP)- Defining security's role in Digital Transformation initiatives- Integration of security as a partner program to engineering to improve overall application security program- Built or strengthened clients current supply chain/vendor risk management programs

- Organizations that directly reported to Steve: Security, Privacy, and CorpIT spread across 5 countries- Established bi-monthly Executive Data Protection Steering Committee to educate on security and privacy issues driving up executive engagement, knowledge and buy-in- Formed Privacy Office implementing the companies first Privacy Program- Member of Women at Workfront Employee Group to foster greater diversity in technology- Implemented program to reduce customer acquisition costs (CAC) by reducing the time our prospects need to review the security program from 7-14 days to 4 hours- Customer facing CSO, assisted Sales and Customer Experience teams with customer/prosepct calls 4-5 times a week- IT, Security, Privacy and Digital Transformation speaker on behalf of Workfront's Marketing team.- Designed a common control framework compliance program allowing for the frictionless addition of new controls & frameworks (ISO 27001, 27017, ISO 27018, SOC2 type 2, GDPR, CCPA, HIPAA, and HITRUST.- Focused on automation (DevOps) reducing manual tasks by 45% which slowed headcount growth but increased large projects being completed- Implemented a model allowing for automation of security controls in the engineering CI/CD pipeline reducing manual checks by 90%

- Global Team of 20+ in 4 different countries- Threat & Vulnerability Management Service Owner - Includes Threat Management, Vulnerability Management, Server Security, Database Security, Network Security, Mobile Security, Endpoint Security and Internal Pen testing programs- Implemented platform agnostic security controls to allow support of changing business model to cloud infrastructure both public (AWS & Azure) & private reducing resource constraints 20%- Standardized connectivity at the firewalls reducing rules by more than 40k therefore speeding up change control SLAs from 4 days to being able to support 10 min SLAs in critical situations- Defined first corporate wide Database and Server Security common controls programs- Adapted quarterly goals to meet internal business objectives - Managed, within budget, annual Service Security spend across 4 global geo-specific cost centers

- Interim CISO during 9 month CSO position vacancy- Privacy head for Mozy- Customer facing role, participated in customer onsite visits and calls with Sales- Defined Strategy & Roadmap at quarterly, 6 month & 2 year increments- Defined security programs for 6 other cloud acquisitions by EMC & VMware- Drove business driven control adherence to SAS70 (SSAE16), ISO 27001, and PCI DSS compliance requirements- Provided guidance on risk mitigation & security strategy to COO- Maximized usage of small team to- Partnered with Engineering to implement Secure SDLC process without compromising development speed and innovation- Security liaison with Legal on privacy, regulatory, contract and compliance issues- Implemented standard process to handle requests from Law Enforcement Agencies (Local, National & International) on Subpoenas & other inquiries, reducing time frame from 3 days to 5 hours- Cataloged and standardized responses to customer/prospect security questionnaires

Boutique web development firm