Waymark is a public benefit corporation providing community-based, tech-enabled healthcare services for Medicaid beneficiaries, in partnership with primary care providers and health plans.

Mimoto offers a unique security compliance solution that matches a verified profile with a specific person. This allows customers to identify and address situations where employees aren’t following security protocols, such as sharing credentials, using root access, acting out of the norm, etc. The Mimoto technology closes a critical gap with today’s security solutions.

MSB Associates affords me the opportunity to work with a variety of companies in a consulting or advisory role. Working with former colleagues who have extremely in-depth experience that is adjacent to mine, further enhances my ability to deliver value to my clients.My goal is to assist organizations which are at an inflection point -- they may have no security or compliance program and need one, or they may have one and need to take it to the next level. In either case, my value is to use my experience, knowledge and connections as a catalyst to enable my clients to better achieve their own goals.

Built the Engineering Compliance team at Google.* Led implementation of the first ISMS at Google, leading to certifications of hundreds of products for ISO-27001, ISO-27017, and ISO-27018. * Led first ATO of Google products under FISMA, and later FedRAMP.* Consolidated third-part audit programs delivering SOC 1, SOC 2, ISO-27xxx, PCI and many more using a common control set and a "test once, attest many" approach* Served as first HIPAA Security Officer for Google.* Hired, coached and mentored multiple compliance program managers, developing a world class staff and supporting career development for dozens of compliance practitioners. * Served as Lab Director for a NIST Accredited lab performing testing and validation of Google implementations of cryptographic algorithms.* Served on Security Policy Advisory team, ensuring alignment between internal security policies, external compliance obligations and engineering culture.

Head of Security Consulting Team, Data Governance Competency, EMC Consulting Services. Assembled andlead a team ofsecurity consultants, specializing in security policy, risk assessment, data classification, securityprogram development, authentication and crypto strategy, and othersecurity related services. Hired staff frominternal and external sources, led development of collateral and methodology, support business developmentefforts as SME during qualification and sales including scoping, creating SOW and RFP responses.

Built a consulting group within RSA focused on delivering non-product oriented consulting services, with emphasis on Risk Management and Information Security.

Head of World Wide Professional Services, Consumer Solutions Group, RSA Security Managed team of engineerswho delivered anti­fraud and enhanced authentication products and services to over 8,000 financial institutionsand protecting more than 100 million on­line accounts. Consolidated 25 field engineers from 5 locations and 2acquired companies into a single coherent global team.

Outside consultant providing process improvements in field implementation operations.

Principal. Member of security practice, specializing in security policy, risk assessment, security architecture,vendor management, and other security related services. Significant client engagements include:Security Consultant, Visible Path, Inc. Provide security architecture, policy and procedures, and on-­goingconsultation to senior management of ASP model startup, member of security and privacy advisory board.Product Management, Reconnex, Inc. Provided guidance on regulatory and other market drivers, analyzedcustomer requirements to determine product enhancements, and provided security industry training to sales force.Risk Assessment, Multi­national corporation. Member of two person team which performed risk assessment of12,000 user enterprise network. Assessment included reviews of policies and procedures, organizational roles andresponsibilities, logical and physical controls, system management, and other aspects of entire security program.Performed analysis of controls based on ISO­17799 framework vs. matrix of capabilities maturity model.Security Consultant, Yahoo, Inc. Provided advice, assessment and recommendations to the Yahoo CorporateSecurity Council regarding all aspects of information security.Vice President of Product Development, WebEver, Inc. In four month contract role, led small team of developersand QA personnel. Assisted turn ­around management team in assessing market opportunity, product maturity, andfeature set of an existing product which was already late to market in terms of commitments which had been madeto customers and investors. Improved software release processes, reduced post ­QA bug reports, successfullyachieved initial customer conversions to production status.

Joined startup when we were building a boutique security consultancy. Later changed to managed services delivery.

Developed security policy practice as part of Kroll's Information Security Group after Securify got acquired. Later we got spun out again, and once again became Securify.

Provided security consulting services to end user and vendor companies. Security architecture, policy, assessment and design review services especially.

Wound up at NAI for a few months, via acquisition of TIS.

Managed product strategy initially, then led product development of authentication server and and security system management software.

Created and managed engineering lab where we tested new product designs prior to release into manufacturing.

Supported secure communications for ASW community, as well as for Commander Fleet Activities Okinawa.