• Provides strategic analysis to leadership around core security metrics• Architects large-scale cost-effective security solutions• Implements DevOps / Agile mindset to security initiatives

Lead and Developed Cyber Security Initiatives C-level leadership • Provided updates and reports on Cyber Security events, providing education and in-depth analysis of the event. • Demonstrations on major security initiatives deliverables and capabilities • Provided training and guidance on an array of cyber security questionsDevelopment Department • Provided training and guidance on how to utilize CI/CD as effectively as possible. • Worked with many managers/ developers to help understand challenges to build out forged paths so their cognitive load was reduced and shared the learning with the department.• Worked with Product Managers to understand challenges and build out analysis and procedures to help support their Key Performance MarkersDevelopment Operations DevOps • Built hosting container hosting environment to replace our standard server-based solution. • Ensured everything was built to tight regulatory standards and implemented as infrastructure-as-code to allow rapid spin up of cloud-based hosting environment in and out of the US. • Maintained high availability and low mean-time-to-recovery to align to business SLA goals Security Operations SecOps • Advanced automation to ensure compliance to HIPAA, HITRUST, regulations / corporate policy. • Implemented a comprehensive application security program to support CI/CD • Implemented Secure Software Development Lifecycle in alignment to OWASP’s SAMEnhanced Data loss prevention controls • Worked extensively with IT Support to implement host-based Intrusion detection/prevention • Advanced Access to business assets by implementing Nex-Gen firewalls with device compliance standards, MFA, VPN, and packet inspection. • Implemented a Zero-production access policy with advanced auditing and permission controls. • Improved Authentication through Conditional Access, SSO and “Just in time” access PIM.

• Coached, mentored, and developed staff, including overseeing new employee onboarding.• Developed and trained a team specializing in Cyber Security • Leads efforts to assess, evaluate, and make recommendations to Security Officer regarding the adequacy of the security controls for technology systems.• Reduced regulation burden by security focused implementations of core business systems that support the development of automated regulation compliances (Hitrust, HIPPA, …)• Drive security and compliance best practices through education and culture.• Collaborated closely with the Chief Legal Officer, Security Officer, and Chief Executive Officer to establish alignment and implementation of a sustainable security program.• Empowered employees to take responsibility for their jobs and set responsibility and expectations around accountability requiring regular feedback.Core areas of advancement: o Identity (Azure AD, MDM, Access Control, MFA) o Regulatory compliance (HIPPA, HITRUST…) o Application Security (Threat Modeling, SAST, DAST SIEM, SSDLC) o Infrastructure / corporate system (VPN, Firewalls, Zero Trust Networking) o Securing Development environments (CI/CD, infrastructure as code, Change management, desired state configuration, Audits)Key accomplishments: I was able to lead the Cyber Security team to… • Stop multiple security events before any incident. • Able to increase our HITRUST compliancy rating into high 95th percentile. • Reduce the burden of regulation compliance by leveraging change management and automation techniques. • Increase application development while maintaining a high security posture by providing tooling, documentation, and templets.

• Worked closely with the Information Security Officer to develop and execute security initiatives (WAF, SIEM, Identity management, Risk Analysis )• Establish and maintain effective working relationships with end-user, vendors, and managers• Routinely conducts security risk assessments and provides recommendations to improve the security of the environments ( Azure Security Center, Qualys, Advanced Threat Protection, SIEM)• Supported CI/CD ( GoCD, CHEF, Bitbucket, Git)• Monitoring and capacity planning to ensure hosted applications meet SLAs (99.9%) (NewRelic, Splunk)• Worked with CIO and auditors to gain compliance certifications (HiTrust, HIPAA)

• Created a High-Availability corporate network (DataCenter, Client Access, Wireless)• Integrated and maintained security devices (Firewall, VPN, IDS, IPS)• Refreshed Data Center (Windows Clusters, Dell Blades, NetApp, PureArray, Powervault)• Implemented Software-Defined Virtualization stack (Storage Spaces Direct) • Migrated on-prem services to the cloud to reduce cost and improve security (Office365, Skype)• Implemented disaster recovery (warm site, Veeam)

• Install, configure, maintain, and support a wide variety of Hardware and Software• Automated team system administration processes (Python, PowerShell)• Automated lab machine deployments (Git, Python, PowerShell, Bash, Linux) • Implemented configuration as code • Supported virtualization (VMware)

• Worked with government agencies to ensure regulatory compliance (Clean Seas, BSEE, Coast Guard)• Modernized IT infrastructure (Wireless WAN, RDS)• Implemented a multi-layered security architecture (Firewalls, IDS, IPS, VLAN ACL)• Leveraged Cloud-based Services to lower operating costs and increase security• Set up real-time 24/7 monitoring of all devices (Nagios)• Actively participated in disaster response planning