Information security executive with significant security experience, breadth of knowledge, business acumen and outstanding leadership skills.
Experienced with:
– Access Management
– Application Development and Security
– Audit and Compliance (SOX, PCI DSS, COSO, ISO 27001, NYDFS, CCPA)
– Awareness Training
– Breach Detection Services
– CERT Team Management
– Cleared Room Security Assessments
– Database Security
– DRP/BCP Best Practices
– eDiscovery & Digital Forensics
– Experian, Equifax & TransUnion Compliance
– Expert Witness Cases
– FIPS 199, FIPS 200 Assessments
– GDPR Assessments & Compliance
– GRC toolsets
– HIPAA/HiTECH Assessments
– ICS / SCADA system security
– Incident Response
– IoT Security Best Practices
– ISO 17799/2700X
– Insider Threat Management
– Network & Operational Security
– NIST 800-53 / 800-171 / CSF / CUI
– Meaningful Security Metrics, Dashboards & Executive Reports
– OWASP Top 10 Business Risks
– Penetration Testing (Network, Database & Application)
– Physical and Data Center Security audits similar to SSAE 16 & SSAE 18
– Project Management (PMP equivalent)
– Risk Management, Assessment & Mitigation
– SANS/CIS Critical Security Controls
– SaaS Contracts & Implementation
– Security Architecture
– Security Leadership
– Security Operations Center (SOC) Services
– Security Policy Creation & Management
– Security Program Development
– Security Talent Scouting
– SCIF/DCID 6/9 or ICD 705 Assessments
– U.S. Privacy Risks
– Vulnerability Assessment and Remediation
Constantly working to expand my security knowledge and skill set to provide business leaders the information they need to make solid security decision.
Specialties: Security consultant, public speaking, threat based risk management decisions, data center security audits, ISO 27002 reviews, privacy and protection of confidential and sensitive data.
Skilled at sifting resume’s, and identifying exemplary IT security and engineering talent.