• Module 5: Information Management, Hong Kong Institute of Certified Public Accountants Study Guide, John Wiley & Sons, 2019 (Content Lead and Author on initial publication plus 3 annual content updates.)• PCI Compliance for Dummies, WhiteHat Security Special Edition, John Wiley & Sons, 2016, ISBN 978-1-119-18600-7 (pbk), ISBN 978-1-119-18602-1 (ebk)• Web Session Intelligence for Dummies, RSA Special Edition, John Wiley & Sons, October 2014, ISBN 978-1-118-99430-6 (pbk), ISBN 978-1-118-99498-6 (ebk)• Cloud Essentials: CompTIA Authorized Courseware for Exam CLO-001, Sybex, June 4, 2013, ISBN 111840873X.• IT Architecture for Dummies, John Wiley & Sons, November 9, 2010, ISBN 047055423.• Educational projects include baccalaureate course development in networking and network security.

Managed the central IT department, including budgeting (up to $2M annually), procurement, project management, and strategic planning. Held the roles of Information Resources Manager, Information Security Officer, and Electronic Information Resources (EIR) Accessibility Coordinator.• Implemented operational efficiencies resulting in approximately $300K savings in operating expenses from 2015-2017.• Rebuilt damaged relationships between central IT department and other departments on campus.• Implemented ServiceNow and IT service management practices.• Established IT Steering Committee governance body and served as co-chair. • Created IT accessibility policy and raised campus awareness of accessibility requirements.• Provided security and risk-related leadership and guidance, created IT security policies, and conducted security reviews and assessments.

• Managed teams and personnel in the following functional areas: IT Policy & Practice Administration, IT Regulatory Compliance Management, and Information Security Awareness. Recruited, developed, motivated, and retained diverse staff. Implemented a continuous improvement program.• Managed IT regulatory compliance activities for the University’s ISAAC Risk Assessment Program, including development and maintenance of assessment framework and tool, executive reporting, and data analysis. • At the university level, identified and prioritized IT security risks, recommended appropriate mitigations, and monitored effectiveness of mitigation strategies. Drafted the university’s annual IT Risk Management Plan with guidance from the CISO. Provided guidance to units on risk assessment process and risk management strategies. Facilitated unit-level IT and business process improvement for compliance with information security standards. Advised various University committees on IT regulatory compliance requirements.• Provided security and risk-related leadership and guidance for the deployment of enterprise-level IT shared service solutions. Instrumental in dramatically reducing the amount of personally identifiable information retained by units. Performed in-depth reviews of unit processes and controls, recommending improvements where appropriate. Evaluated security controls, technical and business processes, and risk mitigation plans as part of security exception processing. Participated in security incident response and after-action activities as necessary. Conducted research on current and emerging threats for inclusion into the annual IT Risk Management Plan.• Identified strategic information security objectives aligning with business requirements.• Performed technical reviews of new and updated IT security policies.

* Risk Assessment Program Management: Developed and implemented 2010-present versions of the ISAAC risk assessment tool used by Texas A&M University. Developed a HIPAA Security Rule risk assessment module for versions of ISAAC used by Texas A&M University, the Texas A&M University System, and Texas State Agencies. Conducted an ISAAC training and awareness campaign, resulting in a significant participation increase from the prior year.* Risk Assessment Validation: Performed basic and in-depth reviews of unit technical and business process, security controls, and documentation to validate risk assessment results.* Risk Management: Compiled and analyzed assessment data in support of the university’s IT risk management plan.* Security: Performed physical security assessments of the university’s data centers.* IT Policy: Participated in the development and maintenance of information security policies. Developed university-wide guidelines for change management and disaster recovery planning.

Security, Risk and Compliance: Conducted yearly IT risk assessments and developed risk mitigation plans for client departments. Ensured that departmental web pages were compliant with both Texas Administrative Code (TAC) and Section 508 Web Accessibility requirements. Conducted a review of division-level web sites, developed a plan for implementing improved security features and TAC/Section 508 Accessibility compliance, and implemented the plan while reporting to Special Event Facilities in the Division of Student Affairs.Continuous Improvement: As a member of the Continuous Improvement Team, developed and implemented a continuous improvement program at the Division level.IT/LAN Administration: Performed Windows 2000/2003 network administration functions, including server installation, server maintenance, antivirus management, patch management and workstation support. Assessed user needs, researched hardware and software, and recommended products for purchase. Developed disaster recovery planning documentation. Designed and implemented dynamic web sites for client departments, which included integration with vendor and in-house SQL databases. Designed and implemented a web-based data-integrated schedule presentation system displaying real-time event data to screens throughout several buildings.2/2001-7/2007: Executive Committee Member – TAMU Information Security ForumRequired to keep abreast of IT-related security issues as they pertain to computing at the university, security best practices, relevant State legislation and A&M System policies and recommend solutions to Texas A&M System IT personnel. Lectured on security-related topics such as Securing Your Web Site from Search Engines, Microsoft Security Vulnerabilities, Spyware, Securing Microsoft IIS, SANS Top 20 Most Critical Internet Security Vulnerabilities (panel), and Common Malware Security Issues.

Webmaster and web application developer for the College of Veterinary Medicine. • Performed IT operational duties, including Microsoft Windows server administration, web site administration (150 sites), and application development. • Designed and implemented a college-wide web calendaring application.• Provided web design services for educational, administrative, and research-oriented sites.

Systems analyst for Greater East Texas Servicing Corporation (aka LoanStar Student Loans), a Federal student loan company, and then transitioned into a compliance position.• Performed network and system administration duties for Novell, Windows, and SCO Unix; desktop support; hardware maintenance; and user training. Developed an inventory control and software license management system. Designed, maintained, and developed content for the company’s Intranet and Internet sites.• Performed internal reviews on student loans to ensure compliance with company policy, guarantor policy and state and federal regulations.

Conducted background investigations, pre-employment screenings, public records research, asset searches and skip traces for insurance-related, domestic and missing person cases. Managed clerical and investigative staff. Prepared and reviewed case reports.