CISO Advisor for the Dassana team. Dassana provides analytics, metrics, and scorecards built on top of security data from multiple toolsets.

Following acquisition of VisibleRisk by BitSight, I led integration of the VisibleRisk platform, product, and services into BitSight.

• Security Program FormationBuilt a best-in-class startup security team and program from the ground up. Designed streamlined & cost-effective policies, procedures, architectures, technical controls, and third-party solutions.• Customer TrustRepresented the company’s security and privacy posture to potential & current clients. Enabled sales by supporting customer third-party risk management processes. Passed inspection by multiple Fortune-500 financial firms.

• Cyber Risk QuantificationDesigned quantitative approaches to measure entities’ security governance, fortitude, and overall ability to prevent, detect, and respond to cyber attacks. Core contributor to the VisibleRisk assessment and risk quantification methodology.• Product StrategyLed a successful pivot from a services company to a SaaS product company, defining the product & technology vision and execution strategy, resulting in successful acquisition by BitSight. Managed a global team of 30+ members across Product, R&D, Engineering, and Delivery.

• Security StrategyMatured the organization’s approach to cyber defense by driving programmatic prioritization. Leveraged the NIST Cybersecurity Framework, formal risk assessment with NIST SP 800-30, and red team engagements to identify and mitigate unmanaged risk.• Executive LeadershipLed a cross-functional team including security engineering, security tooling, and incident management. Drove alignment with business stakeholders and engineering teams.• Media Distribution Platform SecurityLeveraged deep technical expertise to secure the platform, from content ingestion through cataloging, encoding, distribution, and playback. Managed security at scale for hundreds of services, thousands of AWS accounts, and legacy infrastructure.• Cloud-Native DevSecOpsDrove automated and orchestrated security through a streamlined SDLC with security integrated into the CI/CD pipeline. Provided enablement tools and guardrails to make it simple to develop secure software. Used big data analytics and machine learning with auto-remediation to rapidly mitigate identified risks.

• Acquisition Integration & OperationsLed successful integration of the FusionX acquisition into Accenture Security, retaining all key personnel for at least two years and beating revenue targets.• Cloud SecurityResponsible for Accenture Security’s alliance with Microsoft and Avanade, to develop and bring to market new multi-cloud managed security services. Led a matrixed global team of 30+ people, managing a multi-million dollar offering development budget and driving significant new revenue.• Industry InfluencerClient-facing executive and board consultant with a focus on strategy & cyber defense effectiveness. Spokesperson for Accenture Security, representing the firm to the media and at events.

FusionX helps customers manage cyber risk through a variety of services geared towards minimizing exposure and maximizing ROI. FusionX has a unique approach to providing holistic security solutions in complex environments to counter the most advanced and persistent cybersecurity threats. FusionX was acquired by Accenture in August 2015.• Business Development & Solution EngineeringDesigned solutions to meet client needs for adversary simulation and strategic advisory services, with a reputation for closing deals through demonstration of technical excellence and understanding of the client’s security program. Consistently achieved 50% year-over-year revenue growth.• Security Vision & StrategyConsulted on baseline assessments, strategic vision, and gap analyses for complex enterprise information security programs. Produced executive roadmaps for continual improvement in teams, technology and processes. Implementation of these security strategies resulted in increased ability to withstand cyber attacks, as measured by annual sophisticated attack simulations.• C-Suite CollaborationWorked directly with members of the executive team and board, including the CIO, CTO, CISO, and legal counsel of multiple organizations. Translated complex technical security issues into the language of business risk and provided guidance on security assessments, governance and incident response. Trusted member of informal security steering committees.

• Service Delivery ManagementManaged service delivery for FusionX accounts with a total annual contract value over two million dollars. Responsible for project scoping, burn rates, scheduling, resource assignment, execution, report delivery and executive debriefing on key accounts. Achieved 100% renewal rate for these accounts and grew them year-over-year by expanding existing services and adding new services.• IT Operations ManagementResponsible for delivery capabilities including internal IT infrastructure, exploit and tool development and build versus buy decisions. Designed dedicated assessment environments to meet client security requirements, resulting in account growth and renewal.

• Advisory Services Practice LeadLead the advisory services practice within FusionX and defined the service offering in this area. Assisted in the sale of advisory services to new clients and as an add-on to existing clients.• Sophisticated Attack SimulationsExecuted advanced scenario-based red team assessments designed to evaluate the organization’s ability to prevent, detect, and respond to sophisticated adversaries. Consistently identified critical technical and procedural issues with the potential to expose millions of payment cards and customer PII records, with possibly catastrophic impact to the client’s bottom line.• Created Engagement Management ApplicationDesigned, architected, prototyped, and managed the development of an internal web application for engagement management. Increased delivery team efficiency by using this application to facilitate collaboration and communication across local and distributed teams.

Coalfire is an IT Governance, Risk and Compliance (IT GRC) firm, serving as a trusted advisor and IT GRC tools-provider to security-conscious leaders in Retail, Financial Services, Healthcare, Hospitality, Higher Education, Government and Utilities. • Security Assessments and ConsultingConducted network & application penetration testing, web application security reviews, mobile application reviews, and source code security analysis for Fortune-500 clients across all verticals. Consistently excellent performance led to a high rate of repeat business and being requested by name.• Team LeadershipLed the Seattle division of Coalfire Labs, responsible for project execution and team performance. Resolved schedule, project, and personnel conflicts resulting in on-time service delivery and satisfied clients.• Business DevelopmentServed as the public face of Coalfire Labs in the Northwest region through research, trainings, and presentations designed both to educate and to attract potential clients and team members to Coalfire Systems. Received consistently positive feedback and strong leads as a result of this activity.• Pre-Sales SupportSupported the sales team in the northwest region and across the country by providing a deep level of pre-sales technical expertise to give the buyer a familiarity and comfort level with services and capabilities. Developed a reputation as the go-to guy when technical expertise was needed to close a sale.

Sears Holdings Corporation is a leading integrated retailer focused on connecting the digital and physical shopping experiences. The company operates through its subsidiaries, including Sears, Roebuck and Co. and Kmart Corporation.• Penetration Testing / Web Application SecurityConducted network and application penetration testing, web application security reviews, and source code security analysis for internal clients. Identified vulnerabilities posing a high risk to the business and communicated them to the appropriate stakeholders for remediation, resulting in improved security posture and increased attack resiliency.• Secure Code TrainingProvided secure code training for developers and instructed developers and system administrators on remediation of identified vulnerabilities. Repeated testing demonstrated improved defenses and lower likelihood of successful attacks.• Security Controls and ArchitectureReviewed security architecture specifications and modeled real-world threats against the architecture. Recommended improvements and additional security controls to protect critical data, applications, and systems.

IOActive offers comprehensive computer security services with specializations in smart grid technologies, software assurance, and compliance.• Web Security AssessmentsConducted manual security assessments web applications, perimeter networks, and internal networks. Identified critical vulnerabilities and developed proof-of-concept exploits that allowed the business to understand the risk, resulting in speedy remediation.