Highlights:Ellucian was hired to take over all of the IT function at WCCImplemented Anti-Malware with EDR on servers and workstationsImplemented Duo Multi-Factor Authentication on Single Sign-On, VPN, and other business applicationsUsing Spirion, with the assistance of units, deleted or redacted over 16 million instances of PIISaved the College over $35,000 by consolidating Security SystemsBegan Cloud-based backups in addition to immutable local backupsSimplified policies and procedures into easy 1-2 page documentsDeveloped needed policy (GDPR, GLBA, BYOD)Responded to over 1,800 emails per year on phishing and scam emailsImplemented the first Security Awareness and Education system

Managed Services CISO specializing in performance improvement, strategic planning, and technical implementations. Currently working at Washtenaw Community College. Previously worked at the University of Tennessee at Chattanooga.Major Accomplishments at WCC:Implemented Duo two-factor authenticationImplemented Spirion Identity FinderRewriting Security Policies/StandardsMajor Accomplishments at UTC:Ellucian was hired to take over all IT leadership roles at UTC Saved the University over $50,000 by replacing the Vulnerability Scanning SystemSimplified policies and procedures into easy 1-2-page documentsDeveloped Change Management and Vulnerability Scanning ManualsDeveloped needed policy (GDPR, GLBA, BYOD, Data Classification)Work with researchers on a grant that netted $900,000 in equipmentResponded to over 1200 emails per year on phishing and scam emailsAchieve 89% compliance on the training for employees, highest of all UT System Universities

As the University's first Chief Information Security Officer (CISO), I was responsible for overall planning, development, implementation, and oversight of the University’s campus-wide information security program. I worked collaboratively with the campus community to establish information security programs, including: information security policy, practices, and standards; information security awareness and training; information security incident response and management; risk assessment and management; and information security-related IT architecture. Additionally, I served as the primary information security liaison to federal, state, local and professional organizations.I supervised five information security staff, led cross-functional teams, and had budget authority for the Information Security Group.Major Accomplishments:I set up the Information Security Office and developed and maintain the overall vision for information security.I ratified the University’s first information security policies (Information Security Program, Data Classification, and Data Security Incident Response) by working Campus-wide interested parties such as the Senate, Union leaders, Student Judiciary, and the Office of the General Counsel. I used business cases to acquire approval and funding for a security information and event management (SIEM) system, two-factor authentication, and a security awareness and training tool.

Major Accomplishments:• Implemented a two factor authentication project to further secure systems with sensitive data.• Created and installed a vulnerability assessment and penetration testing service for internal and campus-wide units.Primary Duties:Leadership, Mentoring and Personnel Development• Leads staff of four to achieve unit and institution goals• Develops goals, conducts performance evaluations, and provides professional development opportunities for teamSecurity Awareness and Training Program• Lead the development of the SecureUGA application (used to train Faculty, Staff, and Student Workers on Information Security policies and issues such as phishing)• Provide security awareness through Office of Information Security and EITS WebsitesInformation Security Risk Management• Lead Risk Management program to evaluate security threats to the University and propose preventative and detective controls to address them• Provides Risk Management guidance to other UGA departmentsVulnerability Assessment and Penetration Testing Service• Provide vulnerability assessment and penetration testing for systems before and after they go into production• Work with clients to implement recommendations from assessments and testingInformation Security Policy and Legal Compliance• Facilitate proposal and draft guidelines, standards and policies pertaining to Information Security

AccomplishmentsCreated and implemented the IT Audit function at UGA using COBIT, NIST, FFIEC, and ISO standardsAudit PortfolioPerform IT Audits of our central computer center as well as Schools, Colleges, and DepartmentsLed campus-wide audits of data security as part of an initiative launched by the ProvostPerform PCI audits and sit on the PCI Advisory Committee (with the Bursar’s Office and The Office of Information Security)Completed a SOX review with the State AuditorsPerform Financial AuditsPerform Management RequestsReview in-house developed applications for code documentation and proper testing and stagingPerform and Manage Fraud Audits that come in from our Abuse HotlinePerform many Departmental/School/College audits including: The central IT Units at all Colleges and Schools, Finance and Administrative Units, Extended Campuses, and County Extension OfficesPerform many campus-wide audits including: Disaster Recovery, Routers, Firewalls, Vulnerability Assessment Services, Backups, Network Monitoring, and Wireless NetworkingReport findings and recommendations to the Client, Director, Senior Management, and CIOPrepare reports to inform Management of risks, regardless of their technical knowledge, and work with clients to develop action plans to address findings and recommendationsOther ActivitiesWork with External Auditors to provide access and information as well as explain the IT controls in place at UGAParticipate in University-wide committees involving Technical Staff, IT Managers, and Security StaffAssist the Office of Information Security during system compromisesDesign and maintain proper security of the Internal Auditing LAN (including our firewall)Assist Financial/Compliance Auditors in developing mainframe queries for financial dataInvited to participate in University-wide and System-wide IT projectsTrain Units who handle sensitive data (PCI, GLBA, FERPA, HIPAA) on better securing their systems and data

At the Fed I examined IT operations, security, and disaster recovery of banks, bank holding companies, data centers, and service providers. I worked with many different hardware and software platforms. I became the Security Lead for the IT Examination Team. I led IT Bank and Bank Holding Company Examinations. I provided information to banks in a consultive role to improve operations. I helped plan our Y2K strategy for bank and data center compliance. Finally, I gathered information from many sources to prepare cohesive, fluid reports and maintained knowledge of current IT trends.