Helping leadership teams understand the "So what?" of cyber risk in order to make better business decisions.On any given day, I might be:- Tailoring inherent risk rating methodologies for deployment across investment portfolios and funds; - Reviewing technical documentation, network diagrams, and environments to quantify attack surface;- Interviewing Chief Information Security Officers, Chief Technology Officers, Chief Information Officers, General Counsel, and Security Architects and Engineers;- Integrating findings from threat intelligence teams, open-source intelligence tools, and closed-source intelligence capabilities for acquisition targets;- Developing and prioritizing remediation plans, costs, and time estimates to address risks post-transaction (Immediate Action, 90 Day Plan, Year 1, etc.); Ensuring clients fully understand, contextualize, and manage down cyber risk across their entire footprint. Helping investment leaders and management teams navigate complicated cybersecurity and risk management challenges in their own specific contexts.Always looking to grow the skills and capabilities of those on my team, on my client's teams, and anyone else who asks (nicely). Always willing to make an intro or take a question - cyber is a team sport, and our world is very small. Be helpful, add value, and do the right thing.

Lead North American Cyber Due Diligence Practice. Focused on buy-side, with deal sizes from $100 Million - $5+ Billion. Targets ranged from strategic acquisitions to large take-privates. Responsible for ensuring that cyber risk was properly identified and accounted for during the transaction, with mitigations planned for post-transaction.Partnered closely with Transaction Advisory Services, Valuation Advisory Services, Internal and External Technical Due Diligence teams, and Outside Counsel.

Application Security and Product lead for CyberClarity360, a cloud-native assessment platform purpose built to help our Fortune 100 clients understand and navigate complex cyber risk decisions at scale.Leading application security and product efforts, including:- Internal vulnerability and web application security testing;- Third-party / external penetration testing findings remediation;- Business Continuity and Incident Response Plan Creation and Testing;- Static and Dynamic Code Analysis Integrations Within CI/CD Pipeline;- Integration with SEIM platform for 24x7 monitoring;- Security Architecture Design and Review responsibilities; - Coordination of ticketing, alerting, and response processes;- Ensuring application compliance with multiple security frameworks, including the NIST Cybersecurity Framework, CIS Critical Security Controls, New York DFS Cybersecurity Regulation, EU General Data Protection Regulation (GDPR), California Consumer Privacy Act (CCPA), and custom, client-specific internal control sets and requirements.

Working directly with customers and development teams to achieve alignment and deliver value through a SaaS application.Leading Client Service Delivery, including:- Creating inherent risk models for Fortune 100 clients;- Reviewing third party cyber risk data and control maturity;- Reconciling vendor control implementation against various cybersecurity frameworks and regulations against custom control sets or requirements.- Developing automated remediation plan generation capabilities. Supporting Cyber Risk practice areas including advanced multi-evolutionary tabletop exercises and corporate counter-intelligence capabilities.

Owning information security efforts for a HIPAA/HITECH regulated Health Information Exchange. Handling all security incidents, reporting directly to the Executive Director.Leading strategic risk assessment and remediation activities. Coordinating Network and IT teams in daily operations, and creating a sustainable security taxonomy designed to scale.Managing outside penetration tests and security evaluations, performing internal risk assessments, prioritizing remediation activities, and deploying a proactive SIEM platform.

Making security work.Responsible for security architecture and security control reviews for deployments of new technology platforms (COTS, SaaS, and custom-developed) on AWS GovCloud. Working directly with business units across the enterprise to identify and mitigate vulnerabilities and risks on new technology projects. Creating risk management and mitigation strategies, while still achieving business goals and requirements. Reconciling business needs and time/budget scope with current laws and regulations, including FISMA, NIST SP-800 53, internal policies and guidance, and security industry best practices.

Tailoring current Cloud Control Matrix (CCM v 3.0) to State and Local Government needs.Reconciling FedRAMP, NIST 800-53, and other security controls and best practices, as well direct interviews with State CISOs to understand their challenges and provide guidance.

Building relationships and solving problems. Innovation Prototyping + Lean Product DevelopmentBlockchain + Dynamic Equity OrganizationsDistributed Collaboration PlatformsClimate Impact

Community manager for all West Coast-based constituent groups, from high school seniors to CEOs.Worked to engage in meaningful interactions, sustain relationships, create partnerships, identify opportunities, and take actionable steps to grow the Syracuse University and Syracuse iSchool community, reputation, and capabilities.In this role, I worked with companies including Google, Twitter, Facebook, eBay, Tesla, Dropbox, Box.net, Airbnb, Accel Partners, Amazon, Microsoft, Shasta Ventures, Stanford University, LinkedIn, Evernote, IDEO, and more. I have engaged hundreds of alumni in this role, generated hundreds of thousands of dollars in donations and support to the iSchool, including identifying and developing multiple new members to our Board of Advisors.

Finding, evaluating, and engaging meaningful opportunities for Rounded to make a real and tangible difference using technology.Solving problems using technology, with an emphasis on design, user experience, and quality of work.Web development, mobile web, web applications, iOS apps, Android apps, Wordpress, custom software, custom hardware.

Supporting in-person graduate classes for the Department of Communication's Master of Communication, including COM 546: "Narratives And Networks In Digital Media," and COM 529: "Research Strategy And Business Practice."Delivering in-person undergraduate courses for the Information School (INFO 498: "Risk Management").

• Design and build systems that streamline and simplify business processes.• User-Based Designer: Cultivate user narratives to identify and resolve system inefficiencies.• New product development and refinement.• Business development, customer acquisition, product management, project management.

• Conducted 90-day Comprehensive Review of United States Senate Information Security practices for Senate Select Committee on Intelligence and Senate Committee on Rules and Administration. • Responsible for creation of information security training modules for presentation to new and existing Senate Committee and Office staff. • Assisted Network Operations Center, Security Operations Center, and Security Watchstander with daily information security operations and vulnerability assessments.

• Special Narcotics Enforcement Unit.• Handled more than 150 felony drug cases in court each week.