As a Practice Leader in the Information Security Practice, I focus on driving strategic priorities through data analysis derived from sales and account data. I collaborate across teams such as talent capabilities to cultivate a diverse talent network aligned with service growth objectives. I have developed and introduced new security service offerings, educating global account teams on how to effectively navigate security discussions.My role also involves facilitating strategic… Show more As a Practice Leader in the Information Security Practice, I focus on driving strategic priorities through data analysis derived from sales and account data. I collaborate across teams such as talent capabilities to cultivate a diverse talent network aligned with service growth objectives. I have developed and introduced new security service offerings, educating global account teams on how to effectively navigate security discussions.My role also involves facilitating strategic security discussions with clients, providing guidance on industry trends, and offering strategic direction to the marketing team for information security service. I thrive in fostering relationships with organizational leaders to facilitate cross-team collaboration in achieving strategic objectives. Show less

In this role, I built and oversaw a strategic growth program aimed at providing security careers and education opportunities to historically underrepresented minority students. From its inception, I established program goals, developed program mechanisms, and identified key internal and external stakeholders. Additionally, I forged partnerships with schools and non-profit organizations to further the program's reach and impact.As part of the program, I orchestrated a variety of student… Show more In this role, I built and oversaw a strategic growth program aimed at providing security careers and education opportunities to historically underrepresented minority students. From its inception, I established program goals, developed program mechanisms, and identified key internal and external stakeholders. Additionally, I forged partnerships with schools and non-profit organizations to further the program's reach and impact.As part of the program, I orchestrated a variety of student events, including panels, mentoring sessions, resume reviews, and one-to-one conversations. These events actively engaged over 600 students, offering them valuable insights and guidance from Amazon Security volunteers. The volunteer group of over 200 Amazon Security professionals was created as part of the program initiatives that I created and maintained.Recognizing the importance of addressing challenges within the Amazon Security internship pipeline, I brought together internal stakeholders from various departments. By fostering collaboration and open dialogue, we were able to identify and tackle obstacles impacting the effectiveness and efficiency of the internship process.Overall, my role in building and managing this strategic growth program, establishing partnerships, organizing impactful events, and addressing internship pipeline challenges highlights my ability to drive meaningful initiatives and create opportunities for underrepresented students in the field of security. Show less

In this role, I partnered with business line leaders to conduct comprehensive assessments of policies, procedures, data, and technology, enabling a deep understanding of potential risks. Based on these assessments, I presented detailed risk treatment plan reports to various stakeholders, providing strategic and tactical recommendations for risk reduction. Collaborated with Cybersecurity teams/functions to deliver on key initiatives and evaluate business-initiated risk and policy exception… Show more In this role, I partnered with business line leaders to conduct comprehensive assessments of policies, procedures, data, and technology, enabling a deep understanding of potential risks. Based on these assessments, I presented detailed risk treatment plan reports to various stakeholders, providing strategic and tactical recommendations for risk reduction. Collaborated with Cybersecurity teams/functions to deliver on key initiatives and evaluate business-initiated risk and policy exception requests in support of Cyber Risk Management processes.I have a proven track record of partnering with the business to build innovative and secure solutions, bringing transparency, and providing mitigation strategies for cyber risks and threats. Skilled in providing consultative services for strategic initiatives and advocating for top Cyber initiatives while identifying dependencies.During a significant incident, I assumed the role of risk lead. In this capacity, I collaborated with stakeholders and subject-matter experts to identify the root cause of the incident and develop a mitigation strategy. This involved close coordination with the incident response team, engineers, and senior-level business executives to ensure optimal solutions were implemented to address the issue and meet the needs of Amazon customers.Throughout these experiences, I demonstrated exceptional skills in influencing and earning the trust of security engineers, technical leads, and business leadership. By fostering effective cross-functional collaboration, I was able to drive successful outcomes and build strong working relationships across diverse teams.After completing the Amazon Making Great Hiring Decisions course, I was regularly included on interview loops to ensure we recruit, hire, and develop the best talent to create high-performing teams. Show less

As an Engagement Manager, my primary responsibility was to oversee projects and consultants, ensuring that deliverables aligned with client expectations and the statement of work. I worked closely with both consultants and clients, actively addressing any obstacles or challenges that arose during project execution, ultimately ensuring successful project delivery.To provide valuable insights into client risk posture, I utilized data from the Verizon Data Breach Investigations report… Show more As an Engagement Manager, my primary responsibility was to oversee projects and consultants, ensuring that deliverables aligned with client expectations and the statement of work. I worked closely with both consultants and clients, actively addressing any obstacles or challenges that arose during project execution, ultimately ensuring successful project delivery.To provide valuable insights into client risk posture, I utilized data from the Verizon Data Breach Investigations report. Through this analysis, I helped clients gain a better understanding of the threat landscape and provided strategic and tactical risk reduction recommendations to enhance their security posture.As a member of the GRC leadership team, I served as a subject matter expert, supporting sales and account teams. I collaborated with sales to identify client needs, customize solutions, and deliver impactful presentations to client executives. These solutions addressed security risk posture, security program maturity, and compliance, effectively aligning with client objectives.Building and maintaining strong relationships with key stakeholders played a pivotal role in fostering collaboration and enabling effective communication throughout engagements. I worked closely with cross-functional teams to identify and address cybersecurity risks and implement effective risk mitigation strategies aligned to industry standards.Recognizing the importance of knowledge transfer, I took on the role of coaching and mentoring junior consultants. Through this guidance, I shared assessment methodologies, consulting best practices, and report writing skills, ensuring the development of a skilled and knowledgeable team.My experience as an Engagement Manager encompasses project oversight, risk analysis, strategic recommendations, collaboration with sales teams, relationship building, and mentorship. These competencies have enabled me to drive successful engagements and deliver impactful solutions to clients Show less

What I doKick butt with 13-23 amazing individuals Monday, Wednesday, and Friday at 6amWhy I do itBecause they keep showing upWhy I love itIt keeps me healthy while helping others reach levels of physical endurance they never dreamed possible

In my role as a virtual CISO, I provided organizations lacking in-house security leadership with security strategies and tactical plans. Working with IT and business users without security backgrounds, I demonstrated creative thinking and flexibility to address their specific needs effectively.To ensure the implementation of appropriate security controls, I quickly immersed myself in the culture and business of each organization. This allowed me to create tailored strategies and… Show more In my role as a virtual CISO, I provided organizations lacking in-house security leadership with security strategies and tactical plans. Working with IT and business users without security backgrounds, I demonstrated creative thinking and flexibility to address their specific needs effectively.To ensure the implementation of appropriate security controls, I quickly immersed myself in the culture and business of each organization. This allowed me to create tailored strategies and security roadmaps, guiding them in mitigating risks and enhancing their overall security posture.One notable accomplishment was designing a cybersecurity program for an Insurance association to comply with the New York Department of Financial Services Cyber (NYDFS) regulations. Leveraging the NIST Cybersecurity Framework (CSF), I developed comprehensive policies, conducted a thorough risk assessment, and managed third-party vendors who performed penetration tests and secure architecture reviews.Additionally, I supported non-profit clients in understanding their security risks and exposure by conducting security posture reviews. Using frameworks such as the PCI DSS and CIS Top 20 Security Controls, I assessed their security practices and provided recommendations for improvement. Through interviews with IT staff, I gained insight into control implementation and educated groups on the significance of implementing robust security controls.My experience in serving as a virtual CISO encompasses developing security strategies, designing cybersecurity programs, conducting risk assessments, managing vendors, and educating clients on security best practices. This experience highlights my ability to adapt to diverse environments and deliver effective security solutions tailored to the specific needs of organizations. Show less

The most trusted source for C-Suite Executives

As a PCI DSS subject matter expert, I specialized in client engagements, notably working with a prominent Credit Union of over 5 million members. I played a key role in educating IT, security, business managers, and executives on PCI DSS compliance, scope, assessment processes, and the PCI standard. Through workshops, presentations, and one-on-one discussions, I effectively communicated complex technical details in simplified business language, ensuring understanding and alignment among… Show more As a PCI DSS subject matter expert, I specialized in client engagements, notably working with a prominent Credit Union of over 5 million members. I played a key role in educating IT, security, business managers, and executives on PCI DSS compliance, scope, assessment processes, and the PCI standard. Through workshops, presentations, and one-on-one discussions, I effectively communicated complex technical details in simplified business language, ensuring understanding and alignment among stakeholders.One of my achievements was overseeing the creation of a new PCI policy for the credit union, ensuring it adhered to industry standards and best practices. In collaboration with diverse groups, including business analysts, IT staff, project managers, enterprise architects, business owners, and the information security department, I addressed PCI challenges and provided valuable guidance.To help achieve PCI compliance, I guided the re-architecture of the network, including the creation of a new network segment and identification of optimal technical solutions for implementation. This required conducting thorough gap analyses of client technical environments, identifying gaps, and delivering comprehensive reports to drive effective remediation efforts.Within the Stratum PCI team, I also oversaw and guided the internal quality assurance (QA) process, ensuring the delivery of high-quality deliverables.My experience as a PCI DSS subject matter expert includes providing strategic recommendations, educating stakeholders, overseeing policy creation, collaborating with diverse groups, guiding network re-architecture, conducting gap analyses, and ensuring quality assurance. These accomplishments demonstrate my ability to navigate complex compliance landscapes and drive successful outcomes in the field of information security. Show less

In my role as a consultant in the PCI Practice at Verizon Business professional services, I specialized as a Qualified Security Assessor (QSA) and conducted PCI DSS assessments, authored complex and detailed PCI compliance reports, submitting them to Visa and MasterCard, and conducted quality assurance reviews of reports written by QSAs ensuring consistency and high-quality deliverables.By creating comprehensive data flow diagrams based on interviews, application reviews, and… Show more In my role as a consultant in the PCI Practice at Verizon Business professional services, I specialized as a Qualified Security Assessor (QSA) and conducted PCI DSS assessments, authored complex and detailed PCI compliance reports, submitting them to Visa and MasterCard, and conducted quality assurance reviews of reports written by QSAs ensuring consistency and high-quality deliverables.By creating comprehensive data flow diagrams based on interviews, application reviews, and documentation examinations, I provided clients with a clear understanding of how cardholder data flowed through their environments.I played a crucial role in reviewing security architecture, network, and system designs, contributing to the establishment of secure and compliant environments for clients of all sizes. This included conducting comprehensive reviews of security configurations and implementations of network devices, performing in-depth technical assessments of servers, workstations, database, encryption solutions, and support infrastructure. Through analyzing vulnerability reports and penetration test findings, I assessed compliance and security posture, providing valuable insights for remediation efforts.As part of my role, I offered technical remediation solutions to address compliance gaps and guided clients in achieving their security and compliance objectives. I effectively communicated strategic solutions to diverse stakeholders, including IT staff, security managers, business managers, senior management, retail employees, and military officers. This included presenting technical concepts to diverse audiences, simplifying complex information security and technical concepts for easy comprehension.In project management, I successfully managed and coordinated compliance projects, providing planning, assessments, guidance, remediation assistance, and completion of reports. Show less

In this role, I worked with a diverse range of clients, including Fortune 100 companies and small public and private organizations. My responsibilities encompassed various compliance and security initiatives, including PCI DSS, HIPAA, and internal compliance standards.I independently conducted and coordinated PCI DSS assessments, which involved planning, assessing, and completing Reports on Compliance. I reviewed clients' security architecture, network, and system designs, playing a… Show more In this role, I worked with a diverse range of clients, including Fortune 100 companies and small public and private organizations. My responsibilities encompassed various compliance and security initiatives, including PCI DSS, HIPAA, and internal compliance standards.I independently conducted and coordinated PCI DSS assessments, which involved planning, assessing, and completing Reports on Compliance. I reviewed clients' security architecture, network, and system designs, playing a crucial role in ensuring the establishment of secure and compliant environments.Additionally, I conducted HIPAA Security assessments, reviewing administrative, technical, and physical controls to ensure alignment with the HIPAA Security Rule.As part of information security audits, my team conducted the 2007 Microsoft Federal Trade Commission Audit. Collaborating with various stakeholders, including system administrators, network administrators, facilities managers, information security managers, developers, chief security and information officers, and senior management, I determined compliance and remediation needs. I also briefed senior management on compliance status, identified gaps, and recommended steps for achieving compliance with initiatives such as SOX, HIPAA, PCI DSS, and internal compliance standards.Managing remediation efforts, I worked closely with senior managers, directors, vice presidents, and chief technology and security officers, ensuring a clear understanding of current PCI DSS compliance status and facilitating remediation activities.Overall, my experience includes conducting assessments, managing remediation efforts, collaborating with stakeholders, reviewing designs, coordinating projects, and developing security awareness training content. These accomplishments demonstrate my ability to navigate complex compliance landscapes and contribute to the establishment of secure and compliant environments. Show less

In my role within the IT audit group of Internal Audit, I had diverse responsibilities related to various compliance and audit objectives.I conducted comprehensive HIPAA Security audits and regulatory testing for SOX. These audits covered areas such as access controls, application security, information security, risk management, physical security, incident response, and network security. Additionally, auditing operating systems, including Mainframe, AS/400, UNIX, and Windows, was an… Show more In my role within the IT audit group of Internal Audit, I had diverse responsibilities related to various compliance and audit objectives.I conducted comprehensive HIPAA Security audits and regulatory testing for SOX. These audits covered areas such as access controls, application security, information security, risk management, physical security, incident response, and network security. Additionally, auditing operating systems, including Mainframe, AS/400, UNIX, and Windows, was an integral part of my role.As part of my responsibilities, I created, planned, and executed audit programs aligned with corporate audit objectives. This involved addressing areas such as disaster recovery planning, access and identity management, and software development lifecycle and implementation.I meticulously documented audit results, findings, recommendations, and audit reports for management, providing clear and concise communication of the audit outcomes.I effectively conveyed audit issues and recommendations to internal clients and management, fostering collaborative relationships and facilitating necessary improvements.As part of maintaining high-quality deliverables, I conducted peer reviews of audit workpapers and audit reports, ensuring consistency and accuracy.Additionally, I actively participated in Policy and Procedure Committee meetings, contributing to the development and updating of policy and procedure documents used by the Internal Audit department.In summary, my experience in the IT audit group involved conducting HIPAA Security audits, auditing various operating systems, regulatory compliance testing for SOX, creating and executing audit programs, analyzing audit scopes, documenting audit outcomes, communicating findings, participating in peer reviews, and contributing to policy and procedure updates. These responsibilities showcase my expertise in conducting thorough audits and promoting effective internal controls. Show less

In my role, I focused on conducting regulatory assessments and management testing of IT SOX controls, ensuring compliance with regulatory requirements. I conducted comprehensive regulatory compliance testing of SOX controls, covering areas such as database security, operations security, system and security administration, access controls, and network security.I guided the creation of an IT SOX program for a large healthcare provider, aligning it with the COBIT 4.0 framework and… Show more In my role, I focused on conducting regulatory assessments and management testing of IT SOX controls, ensuring compliance with regulatory requirements. I conducted comprehensive regulatory compliance testing of SOX controls, covering areas such as database security, operations security, system and security administration, access controls, and network security.I guided the creation of an IT SOX program for a large healthcare provider, aligning it with the COBIT 4.0 framework and associated IT policies and procedures.Working internationally, I conduced SOX testing of internal IT controls on behalf of client management, ensuring compliance across diverse geographical locations.SOX testing included creating test plans and obtaining evidentiary documentation for each test, meticulously assessing whether policies and procedures were being followed, reviewing various controls, including Access Controls, Security Operations and Administration, Change Management, Windows, UNIX, and Network Security controls, and reporting findings to management.When control testing revealed deficiencies, I provided alternative solutions and recommendations that enhanced compliance and control effectiveness.I developed audit documentation templates and standards to be used by the internal SOX team, ensuring consistency and efficiency in documentation practices. Additionally, I lead the quality assurance efforts for the internal SOX team, conducting reviews of co-worker’s documentation to maintain high-quality deliverables and contributed to the creation of audit documentation templates, report templates, methodologies, and guidelines, streamlining processes and ensuring adherence to best practices. Show less

In this role, I worked as an Auditor conducting Department of Defense (DoD) audits and investigations in various areas including construction and real property, contract management, conflicts of interest, and purchase card fraud.I conducted thorough research and analysis of applicable laws and regulations related to the Department of Defense to ensure compliance and identify potential issues.Engaging in interviews with audit clients, I obtained crucial information to support… Show more In this role, I worked as an Auditor conducting Department of Defense (DoD) audits and investigations in various areas including construction and real property, contract management, conflicts of interest, and purchase card fraud.I conducted thorough research and analysis of applicable laws and regulations related to the Department of Defense to ensure compliance and identify potential issues.Engaging in interviews with audit clients, I obtained crucial information to support audit work and prepared comprehensive written reports documenting the results of these discussions.I drafted audit reports, management memorandums, and fraud referrals, detailing the findings resulting from each audit, thereby providing a clear and concise documentation of audit outcomes.Presenting and reporting audit findings to a range of stakeholders including management, audit clients, senior Department of Defense officials, senior military officers, and Congressional staff was a key part of my responsibilities.I collaborated with Special Agents of the Defense Criminal Investigative Service (DCIS) on various assignments and cases, contributing to the investigation process. This included reviewing subpoenaed documents in a high-profile case and created a detailed chronology of events, assisting in the conviction of the subject.Analyzing invoices and credit card statements of DoD cardholders, I identified discrepancies and fraud indicators, including potentially false and fraudulent invoices. Additionally, I played a role in assisting with the seizure of electronic media, such as hard drives, and imaging the drives to preserve evidence for future forensic work. Show less