Who I am

Seasoned Cybersecurity/Privacy/GRC Ambassador with a distinguished track record in spearheading comprehensive security strategies. Adept at driving organizational change through the development and implementation of robust processes and solutions. With over two decades of experience, I am recognized as a leader and Subject Matter Expert (SME) in IT Security and Privacy, adept at managing global information systems. My expertise spans program and project management, risk mitigation, and strategic planning, with a focus on integrating multiple projects into cohesive programs. I excel in remote project management, adeptly leading virtual teams to success.

Key Competencies:

Cybersecurity Architecture and Implementation:

An accomplished Cybersecurity/Privacy/GRC professional specializing in architecting and implementing cutting-edge solutions. Proficient in conducting system assessments against diverse frameworks and overseeing comprehensive risk management initiatives. I drive improvements in security posture and ensure compliance by pioneering Compliance as Code strategies for cloud environments, enabling automated compliance enforcement and rapid remediation of non-compliance incidents.

Information Security, Compliance, and Privacy Management:

With over two decades of experience in information technology and security, I bring expertise in safeguarding information assets and systems. My comprehensive approach to cybersecurity encompasses defense against cyber attacks while ensuring the confidentiality, integrity, and availability of information. Currently serving as Associate Director of the Global Information Security Group (GISG) at KPMG International.

Project Portfolio Management (PPM) and Tactical Operations:

A seasoned professional with a proven track record in project portfolio management and tactical operations spanning diverse industries. Proficient in various project management methodologies, including PMBOK, SDLC Waterfall, and Agile. My journey in project management began as a Tool Design Engineer in 1986, and since then, I have held leadership positions including CEO, CIO, and CISO, among others. My multifaceted background equips me to drive success across complex initiatives.

Experience Highlights:

  • Extensive experience in managing programs and projects across diverse industries.
  • Proficient in project management methodologies such as PMBOK, SDLC Waterfall, and Agile.
  • Versatile leadership roles including CEO, CIO, CISO, Program Manager, and Project Manager.

    With a proven track record of success, I am poised to deliver impactful cybersecurity solutions and drive organizational excellence.

KPMG International (KPMGI)

Associate Director – Senior AppSec & Cloud Security Architect - GISG Security Architecture and Enablement - October 2023 - Present

As a Senior Security Architect, I specialize in offering comprehensive security consultation to Solution Teams across our global organization, ensuring all proposed solutions meet stringent security standards. I prioritize design reviews guided by Zero Trust principles, security best practices, and organizational mandates.
My role includes leading the Global Security Solution Review program and reviewing and approving third-party reviews, encompassing alignment with security requirements, design scrutiny, and threat modeling, crucial for guiding solutions through the security assessment review phase.
I am deeply involved in developing and enhancing service deliverables, particularly focusing on the security aspects of IaaS, PaaS, and SaaS services, with a strong emphasis on cloud technologies and Artificial Intelligence. Collaboration with organizational solution owners and project teams is integral to delivering robust and scalable security strategies.
I actively promote cybersecurity awareness by developing and delivering training materials that include a security-focused perspective, thereby bolstering solution-building efforts.

Associate Director – GISG Assessment Manager - GISG Security Management - October 2022 - October 2023

As a Senior Security Engineer, I oversaw the framework for conducting and monitoring security and compliance assessments. I played a key role in developing strategies and roadmaps for assessments, including architecting, building, and managing the organization's Information Security Boundaries Assessment Program. I also contributed to the implementation, maintenance, and enhancement of relevant technology solutions, as well as overseeing support resources. Additionally, I managed the maintenance and improvement of the framework, materials, processes, and procedures for the organization's information security boundaries assessments.

Associate Director – Global Cloud Security Guardrails (GCSG) Assessments Manager - GISG Security Management - June 2022 - October 2022

As a Senior Security Engineer, I spearheaded the design and administration of a framework for automating monitoring and executing assessments of cloud platforms against the organization’s Global Cloud Security Guardrails (GCSG) and overseeing the monitoring of the overall risk treatment plan. I implemented automated monitoring utilizing the organization’s ServiceNow IRM for GCSG alongside cloud-native tools of organizational Cloud Platforms (Azure, AWS, or GCP). I oversaw the maintenance and improvement of the GCSG program framework, materials, processes, and procedures, including managing the GCSG Code Repository for disseminating automation code across the organization and providing final approval for code releases. Additionally, I contributed subject matter expertise to overarching efforts for GCSG automation, encompassing deployment, monitoring, and assessment.

SynoTek, LLC

Chief Information Officer (CIO) / Principal Consultant, 10/13 – 6/22

As a principal consultant, I contributed to the development of solutions for GRC implementation. I oversaw and monitored the execution of assessments of information systems against various GRC frameworks and facilitated overall risk management. I conducted gap analyses and assessments across multiple frameworks. Additionally, I provided guidance for GRC Automation for Cloud Platforms (Azure, AWS, and GCP) using cloud-native tools.

During my tenure, the GRC frameworks I worked with included:
Federal Risk and Authorization Management Program (FedRAMP)
Federal Information Systems Management Act (FISMA)
National Institute of Standards and Technology (NIST) Risk Management Framework (NIST RMF)
National Institute of Standards and Technology (NIST) Cybersecurity Framework (NIST CSF)
Center for Medicare & Medicaid Services (CMS) Minimum Acceptable Risk Standards for Exchanges (MARS-E)
Health Information Portability and Accountability Act (HIPAA) Security Rule (HSR)
Department of Commerce Privacy Shield
Cloud Security Alliance (CSA)
International Organization for Standardization (ISO) 27000 Series
General Data Protection Regulation (GDPR)
Center for Internet Security (CIS) Benchmarks
Center for Internet Security (CIS) Critical Security Controls
Defense Information Systems Agency (DISA) Security Technical Implementation Guide (STIGS)
Information Technology Infrastructure Library (ITIL)
Control Objectives for Information and Related Technologies (COBIT)
Payment Card Industry Data Security Standards (PCI-DSS)

IBM Watson Health

Compliance and Security Manager, 12/20 – 2/22

In my role as a senior security and compliance manager, I delivered customer-facing technical leadership within a data warehouse implementation team. My responsibilities included overseeing the security (RBAC, LDAP, DBMS, networking) and compliance (NIST, HIPAA, SSAE16, MITA) components of the solution. I effectively communicated these aspects to both technical and non-technical stakeholders. Additionally, I collaborated on new opportunities organization-wide to ensure adherence to security and compliance requirements.
Key Responsibilities:
Participated in requirements and design sessions to ensure compliance with applicable State and Federal regulations in solution architecture.
Supported and maintained security policies/configuration for DBMS, applications, systems, etc., in both on-premise and cloud-hosted solutions, including encryption keys, access controls, and database audit logging.
Configured, tuned, and reviewed security logs (e.g., central systems logging, database logging) to enhance anomaly detection and reduce false positives.
Conducted vulnerability security scans of systems to identify and rectify infrastructure security issues in servers and databases.
Developed and maintained security plans, procedures, and other necessary documentation.
Evaluated new platforms and tools in the industry, providing recommendations for their incorporation into current and future projects.
Advised management by creating scorecards and reports displaying our risk profile, facilitating informed decision-making.
Offered proactive analysis and options for implementing regulatory requirements from CMS regarding the system's operations.
Maintained communication with customers regarding new CMS rules, organizing meetings to present findings and facilitate feedback for CMS, while proposing solutions for implementing the rules (controls) in the system.

Collab9

Chief Information Security Officer (CISO), 10/16 – 9/20

As a senior-level executive at Collab9, LLC, a FedRAMP Authorized Unified Communications as a Service (UCaaS) solution provider, I spearheaded the delivery of a secure cloud-based communication solution integrating voice, video, web conferencing, messaging, mobility, and customer care. My mission was to align business objectives with security initiatives, ensuring the adequate protection of information assets and technologies. I managed all aspects of the CISO role, leveraging various information security frameworks and the globally accepted project management framework of PMI. Additionally, I fulfilled the role of Collab9 Privacy Officer.

In my capacity within the Collab9 Secure UC environment, FedRAMP Authorization Boundary, and HIPAA environment, I assumed the following additional roles:
Senior Information Security Officer (SISO): I was responsible for executing the Chief Information Officer’s security duties and served as the primary liaison between the Chief Information Officer and Federal Agency’s Authorizing Officials, Information System Owners (ISO), and Information System Security Officers.
Information System Security Officer (ISSO): I ensured the maintenance of appropriate operational security posture for information systems, closely collaborating with the ISO. I acted as a principal advisor on all security matters, technical and otherwise, pertaining to information systems.
Additionally, I served as an alternate Information System Security Engineer, conducting vulnerability scans, monitoring alerts from IPS and SIEM, and performing audit log reviews.
Information Security Architect (ISA): I ensured that information security requirements essential for protecting the organization’s core missions and business processes were adequately addressed across enterprise architecture, including reference models, segment and solution architectures, and resulting information systems supporting those missions and processes.

Accomplishments:

Successfully conducted FedRAMP Continuous Monitoring Annual Assessments for the years 2017, 2018, and 2019.
Completed HIPAA Security Rule Assessment in 2018.
Led Gap Analysis from FedRAMP Moderate to FedRAMP High, CJIS, DoD IL5, and IRS 1075 compliance.

Digital Management Incorporated (DMI)

Information System Security Manager, 5/15 - 10/16

Contractor for the U.S. Department of the Interior (DOI) Office of Chief Information Officer (OCIO)

Information System Security Officer (ISSO) for Department of Commerce (DoC), 6/16 - 10/16

Develop and maintain Continuous Monitoring Plan (CMP), perform activities as identified in the CMP.

Information System Security Line of Business (ISSLoB) Operations Manager, 7/15 - 10/16

As an Information System Security Manager, I effectively managed a Federal government security program, ensuring compliance with the NIST Risk Management Framework (RMF). I implemented the Project Management Institute, Inc. (PMI) Project Management Body of Knowledge (PMBOK) project management framework to ensure consistent and comprehensive engagement deliverables.
Key responsibilities included:
Overseeing Security Assessment and Authorization (SA&A) activities.
Developing and reviewing security documentation to ensure compliance with NIST and FISMA directives from OMB.
Reviewing FedRAMP packages for Cloud Service Providers (CSP) and presenting findings during briefings to the Authorizing Official (AO).
Providing support for the Cyber Security Assessment and Management System (CSAM), the client’s official FISMA reporting tool, including generating reports and ensuring compliance and consistency of federal government information systems.

IT Security Risk Management Lead, 5/15 - 7/15

As a Security Engineer I was the IT Security Risk Management Lead, I oversaw a team of risk management and compliance personnel, guiding them in various tasks including System Authorization and Accreditation (SA&A), Security Program Management, Security Metrics and Reporting, development and tracking of Plans of Action and Milestones (POA&M), as well as the development and tracking of Interconnection Security Agreements (ISA). Additionally, I coordinated Continuous Monitoring activities to ensure ongoing security effectiveness.

SAIC

Program/Senior Project Manager, Cyber, Cloud and Data Science, 3/11 - 5/15

Team Lead Policy and Governance / Risk Management Framework (RMF) and Team Lead Security Operations
As a Senior Security Architect and Senior Project Manager, I have leveraged my expertise to serve as the IT Security Subject Matter Expert (SME) and Task Lead, aligning project activities with key regulatory frameworks including OMB, DHS, NIST, FISMA, RMF, and Continuous Monitoring. I provided comprehensive briefings on potential impacts to agency operations, driving enterprise-wide planning and implementation efforts.
In my capacity, I effectively managed virtual teams, ensuring adherence to federal standards and agency requirements such as OMB, DHS, and US-CERT. I was dedicated to problem resolution and maintaining high levels of customer satisfaction for individual delivery orders. Additionally, I provided supervisory, technical, and administrative guidance to personnel to ensure task completion.
Recognizing the importance of ongoing training, I conducted comprehensive sessions on security program policies and procedures, fostering a culture of awareness and compliance. To streamline documentation and project management, I implemented SharePoint for documentation purposes and utilized Project Server with OLAP for efficient management of multiple projects.
One notable achievement includes leading a virtual team in the review, update, and delivery of over 3,400 pages of security documentation, along with training materials, within a tight 6-month project timeframe. This initiative underscored my ability to coordinate diverse resources towards achieving project objectives efficiently and effectively.

Program Manager - Federal Civilian Customer Group, 11/12 - 2/14

Department of the Interior / Interior Business Center

IT Data Center, Systems Operation and Administration (SOA), Data Center Operations, Network Services, Database, Storage and Backup, System Software Administration, Applications Development and Administration and Enterprise Services
Department of Defense (DoD), Chemical Weapons Depot IT Support
GSA Accounting Office, Accounting and Financial Support
As a seasoned Program Manager, I spearheaded the successful implementation of targeted government contracts, orchestrating seamless planning, coordination, and execution of organizational efforts to competitively acquire and execute specific business ventures. I adeptly integrated diverse functions and activities essential for program performance, ensuring alignment with client requirements. I led program teams in defining and implementing technical baselines while upholding stringent quality standards for service delivery. My responsibilities extended to directing project team members, meticulously managing costs and schedules, ensuring contract adherence, and serving as the primary liaison with clients, project managers, task leaders, subcontractors, and other stakeholders. My role demanded effective communication and collaboration across all levels to drive program success.

G&B Solutions, Inc.

IT Security Analyst, 7/08 – 3/11

Information Technology Security Analyst for United States Department of the Interior (DOI), National Business Center (NBC) Seasoned Senior Security Analyst with a proven track record of success in ensuring the efficacy and compliance of the DOI Certification & Accreditation (C&A) program with departmental standards and NIST Special Publication (SP) 800 series guidance. Proficient in managing IT security projects, conducting thorough assessments, and implementing robust security measures to safeguard systems and data. Adept at stakeholder engagement, project management, and driving significant reductions in security vulnerabilities.

  • Orchestrated comprehensive IT security projects to enhance the security posture of systems, employing interviews, document validation, and security control testing methodologies.
  • Developed and maintained project plans, schedules, and status reports, alongside managing project tracking spreadsheets to facilitate efficient project oversight.
  • Conducted gap analysis of existing policies, practices, and procedures, aligning them with federal standards and regulations, including Security Technical Implementation Guides (STIG) and NIST SP 800-53.
  • Executed crosswalk analysis of NIST SP 800-53, Rev 3, and the HIPAA Security Rule, facilitating compliance assessments and adherence to regulatory requirements.
  • Spearheaded annual Internal Control Reviews (ICR) and Security Impact Assessments (SIA), as well as security walk-through assessments and penetration testing activities.
  • Acted as the Security Point of Contact (SPOC) for the entire DOI/NBC Enterprise during United States Computer Emergency Readiness Team (USCert) briefings, providing expert guidance on vulnerability management and mitigation strategies.
  • Designated Security Compliance Coordinator and Audit Liaison for a federal financial system with over 8,000 users, achieving 100% on-time deliverables and reducing audit/testing findings by 45%.
  • Managed the Plan of Action & Milestones (POA&M) process, resulting in an 85% reduction of identified security vulnerabilities within a six-month timeframe.

Certifications (Current)

  • Certified Chief Information Security Officer (C|CISO), EC-Council
  • Project Management Professional (PMP), PMI
  • Information Systems Security Management Professional (CISSP-ISSMP), (ISC)2
  • Certified Information Systems Security Professional (CISSP), (ISC)2
  • Certified Governance, Risk, and Compliance (CGRC), (ISC)2
    Formerly - Certified Authorization Professional (CAP), (ISC)2
  • Certified Information Systems Auditor (CISA), ISACA
  • ITIL Foundation (2011), ITIL
  • Certified Ethical Hacker (C|EH), EC-Council
  • Microsoft Azure Administrator Associate, AZ-104
  • Microsoft Certified Technology Specialist (MCTS) - MS Project Professional 2010

Federal Government Clearance

Prior: Public Trust (Department of Interior 2008-2012, US Forest Service 2011-2012, Federal Communications Commission 2016-2020, Department of Homeland Security / Customs and Border Patrol 2020)

Education

  • Bellevue University
    Bachelor of Science, Project Management
  • Southeast Community College
    Associate of Applied Science Degree, Machine Design with Tool & Die Design
    Associate of Applied Science Degree, Manufacturing Engineering
Contact Information

Cookies are not used on this site. You can continue to access this website and there will be no placement of cookies on your device.

Web Hosting provided by SynoTek LLC Cloud Services

Hosted by SynoYek, LLC