Partnering with small and medium sized businesses (SMBs) as their vCISO / Fractional CISO to implement practical security and achieve their security compliance goals.

vCISO working to transform the accessability of rare disease data through a secure, privacy oriented, worldwide data-sharing network.

● Implemented SOC-as-a-Service to achieve 24/7/365 security monitoring of enterprise assets and Incident Response (IR) retainer agreements for timely and cost effective support● Lead revamp of security “way of working” to follow Agile Scrum and Kanban methodologies for enhanced visibility into common requests and maintain focus on organizational goals and priority tasks● Consolidated Endpoint Detection and Response (EDR), Network Detection and Response (NDR), and Asset Detection tooling suite to reduce operational support cycles and overall cyber spend.

● Built Operational Technology (OT) / Industrial Control Systems (ICS) / Industrial Internet of Things (IIOT) security integration team focused on hardening & configuring business critical manufacturing systems for CAPEX projects (SAT & FAT) and ongoing operations. ● Established enterprise OT monitoring & vulnerability management processes with Tenable (OT, SC, and IO) deployment to over 50k manufacturing and lab assets● Created IT & ICS/OT security policies with supporting security education & awareness campaigns and ongoing training programs for developers and manufacturing automation engineers● Established enterprise penetration testing program including: 1/ Organizational penetration testing methodologies and standards, 2/ Network of third-party penetration testing partners, and 3/ Continuous penetration testing tooling for public facing infrastructure

● Lead build-out of supply chain security function to support Information Technology (IT) and Operational Technology (OT) / Industrial Control Systems (ICS) / Industrial Internet of Things (IIOT)● Developed threat modeling procedures in third-party evaluations driving threat vector based risk mitigations and supply chain security resilience● Identified key business values (business continuity, disaster recovery, compliance requirements, etc.) need to develop of vendor tiering system capable of evaluating 350+ vendor services annually across multiple compliance domains (HIPAA, FedRAMP, Controlled Unclassified Information (CUI), ITAR and EAR)● Integrated Software Bill of Materials (SBOM) solution into Vendor Evaluation tooling to identify vulnerabilities pre-purchase and ingest into vulnerability management program post deployment

● Lead team to develop and integrate application security program supporting 3,500+ cloud and on-prem applications with enterprise CI/CD pipeline for continuous security evaluation including Security Information and Event Management (SIEM) logging, Dynamic (DAST) and Static (SAST) scanning, secure API configuration, and secrets managemento Developed and communicated CI/CD security integration roadmap to stakeholders & leadership to address latest threats and enterprise improvement opportunities● Performed comprehensive evaluations of information systems for the identification of vulnerabilities (OWASP Top 10, scanning results, secure authentication, appropriate IAM procedures, etc.) and enterprise policy non-complianceo Compiled and presented risks to Business and IT leadership for awareness and buy-in on mitigation strategyo Partnered with application engineers to develop secure, repeatable, solution(s) to resolve such risks● Supported regulatory reviews of HIPAA, SWIFT, and PCI information systems & the compilation of enterprise certifications such as SOC2,Type 2● Motivated mentor who strives to educate others on security best practices & influence secure by design information systems

● Lead merger and acquisition team integrating 150 critical supplier security contracts to achieve enterprise goal of $90M supplier rate savings● Overhauled enterprise outsourcing security model for global ITO and BPO services to align to National Institute of Standards and Technology (NIST) standards & customer requirementso Managed ongoing security compliance 50+ international delivery centerso Adapted security requirements to support constantly evolving business needs utilize cost saving technology frameworks● Performed onsite audits of supplier physical, logical, and technical security controlso Developed standardized onsite assessment model for physical and technical controls to ensure consistent enforcement

● Performed security evaluations of 3rd party security posture & cloud solutions (AWS, Azure, & Google Cloud)o Created standardized process for security evaluations during 3rd Party RFP for timely identification of security issueso Created comprehensive risk assessments and negotiate risk remediation activitieso Headed security contract negotiations of Master Service Agreements (MSA)● Developed 3rd party risk assessment process and Standard Operating Procedures (SOP) to meet evolving business needs and align with relative industry standards (NIST, FISMA, ISO, etc.)o Incorporated industry standard questionnaires (SIG) to review process to reduce average supplier assessment review time by 25%o Introduced tools such as Archer GRC & Hiperos into review process to simplify supplier security artifact management● Financial system auditor to ensure compliance with constantly changing industry regulatory requirements (PCI, SOX, SWIFT, etc.)

● Lead Identity and Access Management (IAM) system implementation across multiple international business lineso Automated onboarding procedures which reduced average resource onboarding time by 35%● Redesigned PMO intake processes to consistently prioritize strategic business and IT initiatives● Orchestrated strategic effort to deploy secure hash algorithms across critical applications

● Create and manage application business requirements under Agile methodology ensuring critical business deliverable were met● Lead cost saving effort to strategically partner with a 3rd party for production support services:o Developed resource model which supported 35% cost reduction goalso Created flexible resource access model support 500+ application while maintaining or exceeding financial regulatory requirements

• Led team to convert over 3000 physical case files to digital format. • Assisted District Attorney in day to day case preparation and supported schedule of over 30 case hearings.

Effectively used teamwork to achieve goalsCoordinated meetings and deadlines of major projectsProduced and validated software projects