We specialize in delivering professionally-written cybersecurity documentation that enables businesses to expedite the process of getting & staying compliant with cybersecurity requirements. Quite simply, we are a business accelerator - we take care of the tedious and time-consuming work that is associated with writing comprehensive cybersecurity documentation. By doing this, we offer a unique service to businesses - we can provide you with semi-customized cybersecurity documentation, based on industry-recognized leading practices that include ISO, NIST, OWASP, CSA and others. This allows you to quickly obtain professionally-written cybersecurity documentation and you have the ability to edit this documentation for your specific needs, since it comes in Microsoft Office formats. This is beyond buying an "IT security policy template" online - these products allow you to have the same level of professional quality documentation that you would expect from hiring a cybersecurity consultant to write it for you.Our comprehensive cybersecurity solutions enable companies to meet common information security requirements, such as EU GDPR, PCI DSS, HIPAA, FACTA, GLBA, as well as unique requirements like FedRAMP and NIST 800-171 compliance. Everything we do centers around providing your company a solid set of cybersecurity documentation to use as a foundation to build from!

Architected the Developing Security & Privacy by Design (DSPD) initiative that is a conformity assessment methodology designed to issue individual-level certifications, specific to Secure Software Development Practices (SSDP).

Hackers share information on attack methods with other hackers, so why shouldn’t the good guys share information on how to best protect an organization? We decided to take action and make a difference. Our mission is to provide a powerful catalyst that will advance how cybersecurity and privacy controls are utilized at the strategic, operational and tactical layers of an organization, regardless of its size or industry. ​We have the ambitious goal of providing cybersecurity and privacy control guidance to cover the strategic, operational and tactical needs of organizations, regardless of its size, industry or country of origin. The end state is to help companies become and stay compliant with cybersecurity and privacy requirements. The glue that ties Governance, Risk and Compliance (GRC) together is a uniform set of controls. Unfortunately, in most organizations, there is no set of shared controls and that leads to poor governance practices and an overall weaker state of security and privacy.​Like it or not, cybersecurity is a protracted war on an asymmetric battlefield - the threats are everywhere and as defenders we have to make the effort to work together to help improve cybersecurity and privacy practices, since we all suffer when massive data breaches occur or when cyber attacks have physical impacts.

Focus on process improvement within the Corporate Security department under Architecture & Engineering. - Designed the Cognizant Controls Framework (CCF) to build a scalable and comprehensive cybersecurity and privacy controls catalog. - Developed next generation cybersecurity policies and standards with a focus on digital security requirements. - Developed Cybersecurity for Privacy by Design (C4P) processes for EU GDPR compliance.

Worked across multiple business units to enable the implementation of cybersecurity best practices for Governance, Risk & Compliance (GRC) through process improvement and documentation. Focused alignment with ISO 27001 and ISO 27002 frameworks. Led the development of the Nike Controls Framework (NCF).Founder and co-executive of the Nike Military Veterans (NMV) network, which was Nike's second largest Employee Resource Group (ERG). The NMV socially connects military veterans and helps promote Nike’s initiatives that support veterans.

Led the development, implementation and governance of Nike's global information security compliance program. Partnered with multiple business units to generate a vision, establish direction and motivate stakeholders to accomplish the goals that included addressing compliance with applicable statutory, regulatory and legal information security requirements for Nike, Converse & Hurley. Leveraged industry and technical expertise to assist stakeholders to more effectively address risks associated with their business units.

Used industry-recognized best practices and good judgment to select methods and techniques for properly implementing and executing cybersecurity operations at Nike. Worked with other Corporate Information Security (CIS) engineers and analysts to ensure projects were fully integrated into the operations environment, as well as constantly improve security processes for:- Incident response- Compliance (PCI DSS)- Endpoint protection- Vulnerability & patch management- Intrusion detection and security event correlation- Change & access control

Operational supervisor for IT Security Operations (ITSECOPS). Performed Security Test & Evaluation (ST&E) to validate management, operational and technical controls to identify threats and mitigate vulnerabilities to PGE’s IT infrastructure. Led incident response teams to perform technical forensic analysis to identify corporate and regulatory compliance violations, including working closely with HR and with corporate management to present the findings. Conducted vulnerability assessments and led mitigation operations to meet compliance requirements for SOX, NERC, FERC and PCI DSS. Developed and briefed position papers on security-related topics for presentations to management and clients. Led systems integration projects to provide hands-on security engineering services. Represented IT Security at the Change Control Board (CCB).

Directed the IT and Information Security operations of the enterprise, which included two data centers, statutory, regulatory & legal compliance, Network Operations Center (NOC) management, help desk, and communication networks (voice and data). Coordinated physical and technical security efforts across the enterprise, including IT, HR, legal, facilities management, and other groups, to identify security initiatives and implement standards. Interacted with the executive management team to monitor and validate the company’s compliance with its regulatory requirements for the Oregon Identity Theft Protection Act (OITPA) and the DoD IA Certification & Assurance Process (DIACAP), as well as PCI DSS. Served as chair of the Change Control Board (CCB).

Served as a senior consultant and adviser to clients’ senior management on their technology and security requirements. Performed formal risk assessments and developed risk mitigation strategies, with a focus on statutory, regulatory and legal compliance. Provided project management for client network migrations and systems integration. Responsible for the 24x7 monitoring, patch management, log analysis, and off-site backups for client networks.

Conducted Computer Network Defense (CND) operations at the United States Joint Forces Command (USJFCOM) military headquarters’ Security Operations Center (SOC). Provided subject matter expertise for sensor monitoring, incident detection, threat analysis and incident response for both unclassified (NIPRNET) and classified (SIPRNET) military networks. Directed and coordinate security investigations with other departments. Monitored firewall and Intrusion Detection System (IDS) logs in support of 24x7 operations. Implemented operational training for IT personnel in support of DoD 8570 certification requirements.

Commissioned officer in the Aviation branch of the U.S. Army. Assignments:- Company Commander. Fort Eustis, VA- Logistics Officer. Fort Hood, TX- Operations Officer. Fort Hood, TX- Platoon Leader. Soto Cano Airbase, Honduras- Platoon Leader. Camp Stanley, Korea- Logistics Officer. Camp Stanely, KoreaSchools:- Combined Arms and Services Staff School- Aviation Offcers Advanced Course- Aviation Officers Basic Course- UH-60 "BlackHawk" Qualification Course- Advanced Rotary Wing Training (Flight School)- Rappel Master Course- Air Assault Course