Recent work:- Computer aided threat modeling, monitoring, and tool design. Primarily use Python in conjunction with OpenAI to facilitate natural language to cybersecurity logic.- Cyberrange training using Windows based laboratories to simulate all stages of threat actor behavior to train students in containment, eradication, & recovery.- Expert consulting for vendors on positioning their offerings. Produced white papers involving in-depth statistics, case studies, and calls-to-action.

I led the North American cybersecurity consulting practice, overseeing a team of 25 focused on sectors including healthcare, manufacturing, government, banks, insurance, and credit unions. My duties involved developing the staffing strategy, forming a team structure with former CISOs and CTOs at the top, mid-career professionals in the middle, and recent graduates, new cybersecurity entrants, and interns at the entry level. I consistently met or surpassed utilization and project margin goals, except when strategic opportunities justified otherwise. I contributed to or led the creation of new consulting services like cloud security, Zero Trust, and baseline security assessments, which included technical and marketing strategy development, creating sales materials, conducting speaking engagements, and training sales staff, resulting in new business. Globally, I implemented a talent management program for cloud computing, monitoring and training our cloud talent worldwide and supporting US cloud engagements. Before becoming head of consulting, I successfully completed consulting projects in compliance, infrastructure-as-code security, microsegmentation, cloud migration readiness, and system integrity monitoring, earning promotions, bonuses, awards, and recognition as a senior cloud computing expert.

I served as the staff technology expert, offering technical guidance on cybersecurity to government and private sector clients. For the Department of Homeland Security (DHS), I was instrumental in developing the security architecture for the US Government's cloud program, FedRAMP. This involved analyzing the security of commercial cloud providers (Google, AWS, Azure), identifying gaps with government security requirements, and advising on FedRAMP cloud security procurement and federal data protection. I collaborated with the National Laboratories, aligning research and development with government CTOs and federal cloud security policies, including directives from the White House. I contributed to writing security architecture documentation, including diagrams and guidelines for cloud security, email gateway security, and data flows. In the private sector, I consulted for Washington DC-based organizations with significant data protection needs, including securing data transmission and storage for a high-profile advisory firm and identifying and mitigating threats for another client's virtualization system and network, including shadow IT issues, and enhancing their security posture through policy, procedural controls, and deployment of security tools with ongoing support.

As the principal security engineer, I was tasked with ensuring the health records system for US military enlistees was secure and ready for its pilot launch, meeting the Department of Defense (DoD) cybersecurity standards (DIARMF). My responsibilities spanned all security domains: compliance, code scanning (SAST), application testing (DAST), result analysis, reporting to management and technical teams, security planning, and vulnerability tracking. A key challenge I addressed was digital identity and access management, where I developed an architecture accommodating both public access for initial personal and healthcare information entry and secure DoD system interaction requiring smart-card access. I collaborated with business analysts to define roles and responsibilities, ensuring proper separation of duties and need-to-know access, and validated these measures through testing. Additionally, I ensured encryption met FIPS 140-2 standards, working closely with vendors to verify certifications, use of certified modules, or inclusion of FIPS 140-2 certification in their development roadmap.

Continuation of consulting work to IRS.

As a consultant for the US Internal Revenue Service, I optimized the security engineering guidelines, aligning them with US Treasury Department standards, IRS Manuals, and NIST 800-53. I developed job aids, publications, and conducted training for IRS staff on creating and documenting secure systems.

As a Governance, Risk, and Compliance (GRC) consultant, I implemented eGRC strategies for Veterans Affairs and the University of Maryland University College. This involved documenting each organization's policies, risks, and compliance measures, creating questionnaires, mapping controls, and conducting training and deployment. I spearheaded working groups that included leaders, risk management, and audit staff to achieve comprehensive deployment. Additionally, I customized databases, views, and reports for each organization.

As the principal information security engineer at CACI, I offered consulting services to DARPA’s chief security officer, covering incident response, compliance, risk management, forensics, policy development, and situational awareness. Additionally, I delivered threat-sharing consultancy to the Defense Counterintelligence and Security Agency and application security consulting, including SAST and DAST testing, for a major DoD personnel service project. I also provided identity and access management consulting for a large credit union, enhancing their customer-facing website's security, and assisted a medical imaging startup in preparing for their market launch with the US DoD.