Chief Security Officer
SourceClear - Washington, DC
2017 - Present
- Lead the internal security and privacy efforts spanning product engineering, internal operations, business development, and research and development.
- Contribute to the development of security program plans, policies, and procedures in alignment with SOC-2 standards, NIST 800-53, and ISO 27001 to govern how the organization functions.
- Lead the Security Research and Development Team, focused on identifying and publishing high quality vulnerabilities to the SourceClear platform.
- Oversee the design, development, and maintenance of the Research and Development ingestion and publication pipeline.
- Work closely with business development and operations teams to ensure that security and privacy are enabling new business opportunities.
- Conduct internal audits against SourceClear infrastructure, operations, and policies against the ISO 27001, SOC-2, BSIMM, and NIST 800-53 standards.
- Manage the IT Operations team to ensure that IT infrastructure across SourceClear is scalable, secure, and reliable.
Director, Trust & Security
Nuna - San Francisco, CA and Washington, DC
2015 - 2017
- Lead the security engineering and compliance efforts of T-MSIS, the first ever centralized data warehouse for CMS through an ARS security audit and ATO certification.
- Built a security team from the ground up to cover incident response, security engineering, corporate security, governance, risk management, and compliance.
- Wrote security program plans and policies to govern how the organization behaves.
- Work closely with business development and revenue operations teams to help ensure that security and privacy are enabling teams for new business opportunities, assisting with RFPs, sales material development, and more.
- Deliver executive risk briefings on a bi-weekly basis to inform strategic business decisions and resource allocation.
- Led internal audits against Nuna operations, policy, and product infrastructure against the HIPAA, NIST 800-53, ARS Moderate, ISO 27001, SOC-2 (Security, Confidentiality, Privacy, Availability, and Data Processing Integrity), BSIMM, CSA Common Controls Matrix, and HITECH.
- Developed a global security and privacy controls matrix that cross-references controls against all applicable standards for the organization.
Cigital - Newport Beach, CA
2014 - 2015
- Worked in an advisory capacity with strategic clients across the West coast in the following industries: telecommunications, healthcare, financial services, gaming, and technology.
- Helped establish the firm’s physical presence in Southern California with the planting and recruiting for a brick and mortar office space.
- Mentored more junior security consultants through both technical and operational challenges.
- Led highly technical project teams, such as architectural risk analyses, red team assessments, and developing security programs.
- Assisted clients develop programs that met compliance and regulatory requirements such as PCI-DSS, HIPAA, HITECH, and SOC-2.
Director of Red Team Services
Cigital - Washington, DC
2013 - 2015
- Built a new set of service offerings for the firm that earned over $3M in revenue.
- Trained over 20 consultants to participate in the practice’s service offerings.
- Developed report templates, sales materials, playbooks, and other standardized materials to help scale the operational aspects of managing the service offerings.
Senior Security Consultant
Cigital - Washington, DC
2013 - 2014
- Led and worked on numerous engagements from a technical, project management, and quality control perspective to ensure high quality project output for every engagement, these projects included but weren’t limited to red team assessments to embedded system design reviews.
- Helped mentor junior security consultants, training them to conduct manual penetration tests, engage with non-security client stakeholders, and review source code for possible security issues.
- Led holistic assessment projects that encompassed architectural risk analysis, penetration testing, and manual code review focused on systems such as gaming consoles, stock market back-ends, and single-sign on implementations.
Cigital - Washington, DC
2011 - 2013
- Helped a major financial services client develop an external web application portfolio mapping and vulnerability scanning pipeline through process definition and custom tooling.
- Worked with Fortune 100 companies Worked with several Fortune 100 companies performing distributed web application and network penetration testing, manual code reviews, and binary analysis for thick client applications.
Information Security Engineer
Secure Network Technologies - Syracuse, NY
2010 - 2011
- Worked on full-scope red team assessments for customers in the financial services, defense, insurance, and healthcare industries.
- Conducted over 100 network security assessments, including external, internal, and wireless penetration tests for a variety of clients.
- Built out the mobile forensics lab and developed the firm’s mobile-specific investigative process.
- Worked on teams for digital forensic investigations and PI investigations covering both criminal and civil issues.
- Conducted audits for customers against the ISO 27001 and NIST 800-53 security control frameworks.
Industry Group Membership
- OWASP (2011 - Present)
- Infragard (2012 - Present)
- Signal Sciences Customer Advisory Board (2016 - 2017)
- Netskope Customer Advisory Board (2016 - Present)
Syracuse University - Syracuse, NY
B.S. Information Management & Technology (Magna Cum Laude Graduate)
Concentration in Information Security
- Executive Mentor - ProjectRelo (2017)
- IT and Operations Support - SF City Impact (2016)
Please refer to this dedicated page for details.