Established and managed security and privacy programs aligned with NIST 800-53, overseeing Security Operations Center (SOC) functions and team training. Deployed advanced endpoint tools (OSSEC, Trend Micro, CrowdStrike) and Data Loss Prevention solutions (Forcepoint, Trend Micro) to strengthen organizational defenses. Integrated Splunk for data aggregation and analysis, enhancing threat detection and incident response. Developed technical testing platforms for vulnerability management, conducting network penetration tests, vulnerability assessments, and web application security assessments. Implemented perimeter security solutions using Cisco ASA, enabling secure remote access and IPSEC VPNs. Provided quarterly executive briefings on cybersecurity program performance, supporting compliance readiness for SOC 2 Type 2, NIST 800-53a, ISO 27001, and PCI standards. Managed a cybersecurity budget of $800K.Designed and implemented physical security build requirements for new and retrofit construction projects, mitigating blended threats through advanced perimeter security, access control, and surveillance solutions (Avigilon, Verkada) compliant with national and international standards. Directed global physical security training and OSINT investigations to support strategic objectives. Conducted vulnerability assessments, target assessments, and penetration tests on high-value assets, ensuring optimal protection. Managed a $2M physical security budget and delivered executive-level reports to drive informed decision-making.

Developed and implemented a NIST 800-53-based security program ensuring HIPAA and PCI-DSS compliance, overseeing daily operations, intrusion analysis, and incident response across teams. Led a cross-functional cybersecurity team of eight to address vulnerabilities across the enterprise, including cloud environments, on-prem servers, and medical instruments. Designed and built an internal technical testing program leveraging the NIST 800-115 framework, integrating commercial and open-source tools (e.g., Tenable, Burp Suite) for vulnerability assessments and penetration testing. Delivered security training to align teams with policies and regulations and enforced internal cybersecurity policies and procedures. Deployed enterprise-wide endpoint protection, intrusion detection, and DLP tools (Cisco Umbrella, CrowdStrike, OSSEC, Forcepoint, Snort), and improved incident response times by 87% through Splunk automation. Managed over 100 Cisco ASA devices supporting secure remote access and point-to-point IPSEC VPNs. Conducted risk assessments and provided executive-level insights to guide decision-making. Directed third-party compliance assessments and managed a $750k budget with full P&L responsibility.

Pioneered the development and expansion of the red team service line, establishing it as a critical component of organizational security strategy. Orchestrated advanced threat assessments across global physical and cyber infrastructures, effectively reducing client risk exposures. Engineered and executed network penetration testing, vulnerability assessments, web application analysis, and physical security evaluations, delivering actionable insights to mitigate vulnerabilities. Presented executive and technical reports that translated complex findings into strategic solutions for diverse stakeholders. Enabled compliance readiness for NIST 800-53, PCI, and EI3PA through tailored remediation strategies and regulatory alignment. Partnered with C-suite executives and technical teams to align security initiatives with business objectives, driving measurable improvements in operational resilience and security posture.

Orchestrated compliance assessments and advanced technical testing, including network penetration testing, web application evaluations, and physical penetration testing, identifying and mitigating vulnerabilities across diverse environments. Conducted gap assessments within NIST 800-53, DoD DIACAP, PCI, and ISO 27000 frameworks, developing tailored security policies to address organizational needs and enhance compliance. Spearheaded the technical development of the DHS RVA-CAP program, a key federal initiative aimed at improving cybersecurity readiness and aligning with federal security standards. Collaborated with cross-functional teams and stakeholders to strengthen security posture and streamline regulatory adherence.

Orchestrated a seven-member information security team, managing the technical implementation of desktop and server endpoint protection, improving security coverage 60%. Engineered the design and deployment of PIV access control across desktop environments, enhancing access security and compliance. Streamlined the monitoring and management of perimeter security devices and testing protocols, reducing potential vulnerabilities by 25%. Delivered daily technical reports and environmental updates to the Deputy Chief Information Security Officer (CISO) and senior leadership, enabling informed and timely decision-making.

Spearheaded security strategies for both physical and information security across a parent company and seven subsidiaries, managing a $250K budget with full P&L accountability. Designed and implemented Cisco ASA firewalls, intrusion detection systems, and VPN connections, enhancing secure communications for corporate and vendor use. Conducted internal and external penetration tests, providing actionable executive-level reports that strengthened the organization's security posture and reduced vulnerabilities. Achieved compliance with PCI and HIPAA standards through robust policy creation, implementation, and tailored training programs that fostered a culture of security awareness. Collaborated with cross-functional teams to align security initiatives with business objectives, driving measurable improvements in operational resilience.

Developed and implemented the managed security services line of business, which included key offerings such as managed firewall and VPN services, intrusion detection and analysis, and tailored security training programs. Led the design and management of the internal information security program, ensuring robust data protection measures and compliance with industry regulations. Oversaw the development of security policies, procedures, and cross-functional collaboration, driving continuous improvement in service delivery and security incident response capabilities. Additionally, played a key role in enhancing organizational cybersecurity posture through customized training and operational resilience measures.

Managed a team of eight security officers across two high-profile client sites, overseeing hiring, training, and regular reporting to senior management. Collaborated with clients on security strategies, assessing and adjusting controls to address elevated risks from special events and regional factors. Led high-risk personnel protection for executives, coordinating closely with security teams for visiting dignitaries.