Developing and marketing SBOM (Software Bill of Materials) and RBOM (Release Bill of Materials) with Knowledge Graph to eliminate vulnerabilities prior to production and provide continuous Authorization to Operate (cATO). Compliance with EO 14028, OMB M-22-18, SEC Cybersecurity Rule 2023-139 and CISA "Secureby Design" guidelines.

Skilled in establishing CIO and CISO organizations, risk management, operations analysis, enterprise resilience and corporate certification, business continuity management, improving the efficiency of data processing systems/services, creating entitlements based on role title (IAM), incident identification - reporting - resolution - and documenting, integrating controls and safeguards into job functional responsibilities writing,and standards and procedures,. Selected Accomplishments• Led, conducted, and performed IT Technology and Security Risk Assessments for a wide variety of firms.• Implemented Business Continuity Plans for major organizations in the Banking, Brokerage, Insurance, Service and Product Vendors, Pharmaceutical, Manufacturing, and International industries utilizing best practices and virtualization techniques.• Sales Agent for IBM Business Recovery Services, bringing Chase, Citibank, and Salomon Brothers in as clients.• Provided consulting services to established offsite recovery facilities for clients of IBM Business Recovery Services and others.• Merged ADP Proxy and IECA into new $9.3 million facility, while consulting to Brokerage Division President.• Created Five Year Business Plan for Information Technology Division of European America Bank.• Provided data center builds, migrations, consolidations, and termination services.Created a number of White Papers and Executive Presentations on "Achieving Enterprise Resiliency and Corporate Certification", Workplace Violence Prevention, Risk Management, Recovery Management, Supply Chain Management, Asset Management, and Infrastructure. Provided a range of technical and managerial consulting services to major firms in the NYC area, including: banks, brokerage firms, insurance firms, pharmaceutical firms, vendors, manufacturers, and other international industries.

Wrote a book, articles, and presentation materials on how to achieve Enterprise Resiliency and Corporate Certification to explain how Enterprise Resiliency combines recovery operations into a single discipline using a common language and tool set, while Corporate Certification insures that a company complies with the laws and regulations of countries where they conduct business.Developed Management Dashboard System that includes: Infrastructure, Systems Development Life Cycle (SDLC), Recovery Management, Risk Management, Compliance, and Charge-Back. System that can be accessed at any time and from anywhere by authorized users and will provide instant access to status, while allowing you to drill down to actual work being performed and connect you to the person performing the work so that you can aid in the resolution of problems.Developed course for DRII on The Evolving Role of the DR Professional due to the introduction of new technologies like: Virtual, Hyper-convergence, VDI, Cloud, Co-Location Service Providers, "as-a-Service", and "Software Defined". This course shows how the DR Professional has gone through a paradigm change to where their role is now to assist in the development of an "Efficient and Safeguarded IT Environment that is in Compliance with all Domestic and International Laws and Regulations".Provided consulting services to a major manufacturing firm to in-house their Information Technology organization world-wide. Project included: Inventory of all resources; creation of three production data centers; transitioning equipment, systems, and applications to new production site and verifying that end users still worked as well or better than before; creating an internal recovery site; virtualizing the production and recovery environments; validating virtual recovery of production sites; completing the implementation of Enterprise Resiliency; and, completing the implementation of Corporate Certification.

Providing strategic planning and implementation services to ensure the continued operation of the enterprise during critical times as an Enterprise Resilience service combining all recovery disciplines and ensuring the enterprise complies to all laws and regulations where it conducts business. We assist organizations create and optimized environment that is safeguarded against threats and cyber crimes, while adhering to all compliance regulations for the countries where it conducts business.

Created White Book and Executive Presentation on "Achieving Enterprise Resiliency and Corporate Certification" whose aim is to combine Emergency Management, Business Continuity Management, and Workplace Violence Prevention into a common discipline using common tools and speaking a common language that would optimize Recovery Management and minimize business interruptions.

After leaving Bank of America, I created a Whit Paper and Executive Presentation on "Achieve Enterprise Resiliency and Corporate Certification", whose aim is to combine Emergency Management, Business Continuity Management, and Workplace Violence Prevention into a common recovery discipline using a common language and common recovery tools. Achieving this goals of this endeavor will improve recovery times and minimize business interruptions.

Certified Business Continuity Professional (CBCP) from Disaster Recovery Institute International, with clients including:- Novelis Aluminum, Atlanta, GA- Manufacturers Hanover Trust;- Chemical Bank;- Computer Science Corporation (CSC);- IBM Business Recovery;- NY Stock Exchange and SIAC;- RMJ Securities;- United Nations;- Docu/Text and Automated Disaster Recovery;- European American Bank;- Midland Bank, UK, through Computer Science Corporation - 1 year Audit bank audit- American International Group (AIG);- ADP Proxy Services and Brokerage divisions;- Chase Manhattan Bank;- Citibank;- Lehman Brothers;- Security Pacific Risk Asset Management (SPRAM);- Zurich Depository Corporation (ZDC); and,- Sandoz Pharmaceutical Corporation.

Assisted company in developing, documenting, and marketing a proprietary Software Bill of Materials (SBOM), Release Bill of Materials (RBOM), and Knowledge Graph called ProCap 360. This product utilizes NEO4J and reduces time to delivery, ensures vulnerability free application code in compliance to newly introduced laws and regulations aimed at the Board of Directors, and to reduce cybercrimes and technology problems prior to their entering the production environment, therefore reducing encountered cybercrimes and technology problems and providing a continuous Authorization To Operate (cATO). The product was created in response to new laws as per the “CISA :Secure by Design” program and regulations directing the Board of Directors and IT organization to reduce encountered cybercrimes and technology problems by ensuring production applications are vulnerability free.• Error-free applications with SBOM to adhere to EO 14028, and OMB M-22-18.• Reporting any material cybercrimes within 4 business days in adherence to SEC Rule 2023-139.• CMMC, FO 13556, SP NIST 800-171, DFARS 52. 204-21, and other audit requirements for complying with security and access control requirements. As a result of our efforts, this product reduced failure rates, mean time to detection (MTTD) of potential failures, and greatly reduces the mean time to repair (MTTR) cybercrimes and technology problems.Responded to Requests For Proposals (RFPs) for US Army IT Data Center services, and the NTIA BEAD (Broadband, Equity, Access, and Deployment) project to provide Broadband services to under-served and non-served populations within the United States. Project provided services to State Counties with reporting from County Level, through State Level, to Federal Level via the NTIA. Working with E-BOSS group to define actions needed to correct existing open-source code to ensure compliance.

Part of a team of Service Reliability Engineers responsible for automating the Application Recovery process through Service Level Indicators (SLIs) feeding Service Level Objectives (SLOs) managing Service Level Agreements (SLAs) and generating Alerts and automating Actions to be taken when Alerts are activated, and target thresholds crossed (either in a positive or negative direction). Migrating applications from SILOs to the AWS Cloud utilizing AWS Services. Maintaining the healt of applications through monitoring and observability. Responding to application service variations by activating automated responses developed to reduce Toil and improve recoverability. Designed, developed, and implemented standardized recovery and resiliency procedures. Documented all processes and provided user training as needed. Implemented SRE services throughout the client company.

RSA Archer Engineering Lead for a Team responsible for implementing and supporting the Continuous Diagnostic and Mitigation (CDM) Dashboard System for the Department of Homeland Security and its Agencies, so that cyber crimes and technology threats can identified and resolved in near real-time.

• RSA Archer Team Lead and IT Service Management implementation and coordination• Led a small team of RSA Archer Engineers responsible for support the DHS CDM Dashboard System, with government feeds and Tools & Sensor Feeds through Splunk aggregation. • Compared “Desired State” to “Actual State” to recognize problems then set forward to mitigate encountered flaws. • Designed and implemented an IT Service Management system using ServiceNow, specifically relating to Configuration and Change Management, with other ServiceNow modules to follow.• Designed and implemented a Systems Engineering Life Cycle methodology for CACI.• Designed and implemented the Systems Development Life Cycle (SLC) system using Agile and Waterfall.• Performed many assignments to improve Continuous Diagnostic and Mitigation (CDM) services.• Assisted in designing and implementing Risk Management, Compliance, and Service Continuity.• Performed a Risk Assessment of the environment and identified risks, gaps, and exceptions.

DHS project to protect agains Cyber Crimes and Technology Threats throughout the Government via a Dashboard System that continuously monitors activity and provides situational awareness of anomolies and directs the mitigation of a worse threats first approach to resolving impacts posed by cyber crimes and technology threats.Working as a team member responsible for developing, testing, implementing, training, supporting, improving, and maintaining a Continuous Diagnostic and Mitigation Dashboard to oversee the operational environment and track variances to performance, capacity, incidents, disasters, and regulatory requirements related to Governance, Risk, and Compliance.Utilizing the RSA Archer product with the Continuous Monitoring (CM), Federal Enterprise Management (FEM), and Administration and Authorization (A&A) modules. Initial release was based on Out of the Box (OOTB) RSA Archer features, with additional releases tailored to adddress improvements tailored to government guidelines.

Automated Disaster Recovery guidelines. Responsible for guiding the resiliency of production systems at Fannie Mae to adhere to SRE standards and automated procedures, that included: Monitoring (Logs), Observability (Dashboards), Efficiency (SLA Adherence and Error Budget), Chaos Testing (Chaos Toolkit, Chaos Monkey, Gremlin), Resiliency (Service Continuity), Compliance (GRC / CIA), Operational Excellence (Efficiency / Performance), and Automation to reduce Toil and Manual Processes whenever possible. Additionally, we defined and implemented Infrastructure as Code (IaC), Monitoring as Code (MaC), Application Performance Monitoring (APM), and Observability as Code (OaC) to improve analysis and problem resolution. The purpose of an SRE is to aid DEV/SEC/OPS teams produce reliable products and services with improved efficiency through Dashboard Observability comprised of Key Performance Indicators (KPIs – Actual Results) expressed through SLOs (Service Level Objectives – Desired Results), and displayed via SLIs (Service Level Indicators – Difference between Desired & Actual Results), comprising and displaying and SLAs (Service Level Agreements) and Error Budgets (SLA – SLI) that comply to contractual guidelines through the interpretation of dashboard thresholds and visual displays. When thresholds are crossed, they produce “Alarms from Metrics violations,” “Alerts to notify personnel” and “Actions to be Taken.” The SRE automates the Alarms that activate personnel via Alerts and direct Actions to automate the response and mitigate anomalies to avoid violating SLA parameters and resulting in penalties through Error Budget violations when they occur.

Reviewed existing Business Resilience and Application Migration to the cloud procedures and processes. Isolated areas where improvement could be accomplished. Developed Business Resilience process and how application recovery certified could be performed for the AWS, Azure, and SaaS environments. Provided the Cloud Brokerage office with the information they required to review applications wanting to migrate to the cloud, so they could be determined to be “Cloud Ready”, “Needing Further Analysis, or “On-Hold” to migrate to the cloud and turnover to the Engineering department for cloud migration preparation and processing.Conducted Cloud Business Resiliency meetings to define management direction and submitted a proposal for processes and procedures for preparing applications for recovery certification in the AWS, Azure, or SaaS environment. Analyzing applications destined for migration to the cloud to define them by Line-Of-Business (LOC), Priority, and Dependencies and scheduled their migration through the Engineering Department. Once a Production Ready Release (PRR) product was ready for turnover to production, a Recovery Certification Test was scheduled to ensure the application bundle was capable of recovery in the cloud environment. Defined a process for establishing a common repository of application information (CMDB) containing application components, assigned personnel and SMEs, and the Artefacts used to support recovery operations.

Founded JASTGAR eVote with my partner, Alex St-Gardien Jecrois, to build an electronic voting system for the country of Haiti. We spent five years researching and designing the system to make sure it met the best standards available today for voting systems. JASTGAR eVote is based on “One Person – One Vote,” can eliminate fraud and corruption at its inception, can support electronic (remote and Polling Station Walk-In Voters) and paper (Mail-In and Absentee) ballots, and can work for Primary and General Elections. Our work led to the creation of a proprietary database design, a E-card generating system that includes vetting of individuals to ensure they are eligible to vote (outcome is a voting card or personal id for those who failed vetting), has a Blank Ballot Distribution System that takes Polling Station templates and generates paper ballots or screen displays, a Vote Capture system based on interoperability, a Vote Management System to process votes and generate tally’s, and an Audit Management System that monitors voting activity throughout elections in real-time mode. We have spent much time formulating alliances and ensuring that data integrity is incorporated into our design with technologies like Blockchain and Zero Trust Authentication. We believe we have developed the best voting system design available today and have been seeking funding to produce a prototype.The recent introduction of HR-1 and SR-1 has put our system on hold until an agreement is determined on which direction voting systems will take in the future. We continue to make improvements in our design and have developed a relationship with the Government Blockchain Association (GBA) to explore possibilities of utilizing Blockchain to build and distribute our system.

Led DR initiative related to creating three Regional Data Centers (Americas, Asia / Pacific, and Europe) and a Recovery Data Center (Munich). Recommended implementing Hyperconvergence product (i.e., VBLOCK and VPLEX) going forward.• Transformed equipment, or replaced equipment, with virtualization and transitioning the equipment to the regional production site, developing a Recovery Certification process for applications, IT, and Business Locations. • Developed Statement of Work relating to Enterprise Resiliency and Corporate Certification. • Created a DR Recovery Planning Guide and DR Exercise Booklets for use in Recovery Certification • Coordinating the fulfillment of Recovery Certification based on RTO / RPO objectives and criticality. o All Services and Applications will be Recovery Certified as to the group, or Tier, they are associated with (Continuous Availability or Active-Active utilizing a Flip / Flop approach, High Availability or Active-Passive utilizing a Failover / Failback approach, or Best Effort. 1. All locations will comply with the Laws and Regulations of the countries where business is conducted. 2. Audit and Security Controls will be integrated within the SDLC and Change Management Cycle. 3. Version and Release Management principles will be integrated along with Library Management, Vital Records Management, and Access Controls throughout the process.4. Infrastructure, Systems Development Life Cycle (SDLC), Recovery Management, and Compliance Management current and accurate information will be maintained within a Repository that can be accessed through a front-end mechanism to insure that the right documents are used in support of activities.

Responsible for developing recovery locations capable of supporting critical business units in adherence to recovery time and priority requirements. This position reviews the existing Information Technology and Infrastructure environments presently utilized for business operations, rates their ability to recover operations within RTO and Business Objectives, and Project Managing the upgrading of those environments that do not meet needs and eliminating Gaps and Exceptions that obstruct compliance and workload capacity. Then overseeing and project managing the construction of recovery facilities, testing the new environments to insure they can be recovered to successfully and that they can support the production requirements of the business unit's products and services, and mediating any obstacles interfering with successful recovery and maintenance guidelines.

Member of the Board of Directors and Director of Vendor Relations for the NYC Metro Chapter. Served for three terms and was responsible for encouraging vendors to join our association and support our meetings.

I was recently elected to the Board of Directors as the Director of Vendor Relations for the NYC Metro Chapter of the ACP with the responsibility for recruiting sponsor firms that can promote their products / services, host meetings, and generally become friends with ACP members. To achieve this goal, I crearted a Sales Management System to contain all leads and sales activity leading to a sponsorship.

Chartered to create a Disaster Recovery Planning line of service to compliment the FalconStor automated data protection and recovery operation.

FalconStor Software, Corporate Headquarters Disaster Recovery Process Lead 5/2012 – presentResponsible for establishing a line of business to create Disaster Recovery and Business Continuity plans for existing clients and prospects so that clients would be able to take advantage of the FalconStor product line to achieve automated Failover and Failback and also have accompanying plans to direct their personnel during disaster events and testing. Product line included Data Deduplication, Virtual Tape Library, Network Storage Services, Disksafe, Filesafe, Continuous Data Protection, and Single Instance Repository. Created Business Plan for the division, produced White Papers, lead the Disaster Recovery Committee to develop a company-wide disaster recovery and business continuity plan development, wrote Disaster Recovery Process Manual, brought new clients and channel partners to the table and generally improved the FalconStor reputation to the Business Continuity and Disaster Recovery industry through presentations and industry events. As a result of my efforts FalconStor can be known as a One-Stop-Shop for all your recovery needs including off-site failover locations for disaster events and the loss of an office.

I worked as the NYC lead consultant responsible for the conversion of current Bank of America Business Recovery Plans to the LDRPS Release 10 program product from Strohl / SunGard. I was responsible for the General Business and Financial Services Line of Business, where I had to: locate the latest release of the Business Continuity Plan for each of over 160 locations world-wide; develop a Baseline to judge the current plans ability to support Recovery Operations; agree upon Gaps and Exception guidelines and resolutions, develop LDRPS Plan format / content in association with the end-user; convert old recovery plans to LDRPS; publish LDRPS Plans, obtain review and approval of LDRPS Plans, and define and deliver training to end-users on the LDRPS product. After Bank of America is converted, my project is scheduled to continue with the same project objective at Merrill Lynch. The goal of this assignment is to insure that all components of Bank of America use the same Business Continuity product and are trained on similar recovery procedures.

Converted 180 recovery plans to the LDRPS automated recovery management tool.

Attended meeting and made presentations on many subjects.

Provided consulting and sales agent services to client organizations including: management and technical consulting, workflow analysis; organization structure definition; job function definition and job description writing; data center requirements definition, implementation, consolidation, migration, and termination; disaster recovery/business continuity planning; project/systems management; productivity improvements; system/business analysis; documentation; training, and recruiting / placement of personnel for permanent/consulting positions. Defined and implemented the Systems Development Life Cycle from Development through Production Acceptance, Support, Maintenance, Configuration Management, and Release Management. Defined documentation and support requirements and insured that Testing and Quality Assurance procedures guaranteed that all required documentation was included in the production acceptance turnover process. I was responsible for the implementation of Help Desks, Network Control Centers, Operation Control Centers, Incident Command Centers and Emergency Operations Centers.Responded to audits and risk assessments identifying disaster recovery/business continuity planning gaps and exceptions; upgraded and created recovery plans, testing procedures, quality assurance guidelines, production acceptance requirements, and production acceptance standards and procedures to mitigate gaps and exceptions while optimizing operations. Created data center recovery and business continuity plans for banks

Provided Technology Risk Management services to the general community, with specific concentration on the financial services arena. Services included IT Risk Analysis, Business Continuity Management, Compliance, and many other types of endeavors.

Technology Risk ManagementAs an employee I was responsible for performing IT Audits, IT Sarbanes Oxley Surveys, IT Risk Assessments, Business Continuity Planning, IT Security, overseeing Basel II audits, and many other functions devoted to selling and closing client contracts for Technology Risk Management services. Directed personnel assigned to Technology Risk Management tasks and performed Project Management over concurrent activities assigned to my staff. Contracts had to adhere to FFIEC and NIST standards and procedures when performing audits of financial institutions governed by federal and state regulators. Personally developed a new line of business for performing "Tape Vaulting Audits and the Use of Encryption" to protect files being physically moved between the customer site and remote vault. Also developed sales materials and delivered a Boot Camp to the Business Development Managers on how TRM can assist their disciplines through protecting financial and compliance data and applications. I also delivered presentations on Business Continuity Planning at the NJ ICASA meeting in May, 2006 and the IFSA meeting in February, 2006.I was responsible for the "Engagement Documentation Retention Process" at the NY Office by insuring that all projects and engagements were documented to the standards issued by Corporate Headquarters to the field. These standards included a range of forms and project deliverables that were to be documented to a specific standard and included Master Agreements, Statements of Work, Proposals, and all project supportive documents and status reports. I personally provided services to: Dun & Bradstreet; National Basketball Association; JPMorgan Chase; and The Harvard Club.

Provided IT Technology Risk Management and Business Continuity Services to ensure clients complied to regulatory and recovery time requirements. Trained co-workers and clients and provided on-going support and maintenance.

Consulted directly to the president of ADP Proxy Services and merged ADP Proxy Services with Independent Election Corporation of America into a new facility with optimized operations. Performed many high-level assignments during this process.

Sold the Docu/Text and Job/Scan products. Provided sales presentations to prospects. Assisted in product implementation and staff training to ensure that clients and their personnel were receiving optimum benefits from the program products. Assisted clients in application and system documentation, along with data center migrations and recovery operations. Provided automated turnover procedures using Job/Scan and Endevor program products to validate applications and migrate them to the production environment while adhering to proper naming and placement standards.

Sold them Docu/Text and Job/Scan program products and assisted in developing application documentation and recovery operations.

Designed and implemented a Communications Management Controller (ACF/MSNF) environment to achieve Load Balancing and Automated Recovery of Mainframe environment. Created Five Year Business Plan for the IT Division. Defined optimized Workflow, Personnel Functional Responsibilities, Job Descriptions, and Training Program to achieve Career Path Optimization. Performed many other Tier 1 projects over a 3 1/2 year period.

Responsible for the implementation of the first IT Security system to safeguard NYSE and American Stock Exchange applications, while concurrently directing the implementation of library management, backup and recovery, and vault management systems/procedures resulting in a safe and secure information technology environment.

Managed the Systems Programming Group comprised of 8 Systems Programmers responsible for supporting all mainframe computers and software for SIAC, the NYSE, and AMEX. Implemented first NYSE Security System.

Conducted client needs analysis, hardware configuration planning, and problem isolation/repair in support of 40+ sales personnel and 135 field engineering professionals. I provided clients/prospects with configuration management/systems architecture and systems management assistance to optimize data processing performance.

I conducted client needs analysis, hardware configuration planning, and problem isolation/repair in support of 40+ sales personnel and 135 field engineer professionals. Provided sales presentations and assisted in product selection, configuration, and implementation.

Supported 135 Field Personnel and 45 Sales Professionals. Designed client systems and assisted in their implementation. Made many sales presentations on our technical offering and assisted sales personnel in developing a proposal based on clients needs. Provided technical assistance to field personnel for major problems.

Performed Capacity and Performance evaluations of the data processing environment and recommended alternative methods for improving the operation and performance of the data processing environment as necessary.

Performed Capacity and Performance evaluations of the IT environment and recommended alternative methods for improving the operation and performance of the IT environment as necessary. Assisted in DR/BC planning and implementation.

Developed data processing security guidelines (physical and data) and formalized security and recovery procedures for all Manufacturers Hanover Trust Company's Data Centers. Established and supported the Trust Data Center (first MVS data center).

Designed and Implemented Trust Data Center (MP 370/158 using MVS) and provided staff training and support services.

Customer Engineer and Programming Systems RepresentativeDesigned, Implemented, Migrated, Supported, and Maintained IBM mainframe hardware and software systems contained in Banking Client environments. I was the first person cross-trained between hardware and software and recognized as a territory support specialist for NY Banking Office.

As a Customer Engineer (CE) I was responsible for the Design, Implementation, Migration, Consolidation, Termination, Support, and Maintenance of IBM mainframe hardware and peripheral devices. As a Programming Systems Representative, I was responsible for mainframe software systems contained in client bank environments. I was the first person cross-trained between hardware and software and recognized as a territory support specialist for NY Banking Office.