Over the past seven years, I have served as the chief information security officer for a Texas state agency of higher education focused in transportation research. In this position, I am responsible for creating, communicating and ensuring compliance with security policies and procedures that align with Federal (NIST) standards, both from SP 800-53 and 800-171, and State of Texas standards. I also provide direction and guidance to senior leaders and information resource owners and custodians regarding IT governance, risk and compliance matters, oversee IT risk assessments and report to the CEO on the status of risks to the organization. In this position, I have served as the project manager for multiple cloud-first initiatives including the deployment of an enterprise file sync and share product for all 19 Texas A&M System members (152K students and 26K faulty/staff) and Office 365 + Microsoft Azure deployment for my agency, and led the maturation of the agency's information security program to achieve compliance with Federal and State cybersecurity mandates.
Over the past seven years, I have served as the chief information security officer for a Texas state agency of higher education focused in transportation research. In this position, I am responsible for creating, communicating and ensuring compliance with security policies and procedures that align with Federal (NIST) standards, both from SP 800-53 and 800-171, and State of Texas standards. I also provide direction and guidance to senior leaders and information resource owners and custodians regarding IT governance, risk and compliance matters, oversee IT risk assessments and report to the CEO on the status of risks to the organization.
In this position, I have served as the project manager for multiple cloud-first initiatives including the deployment of an enterprise file sync and share product for all 19 Texas A&M System members (152K students and 26K faulty/staff) and Office 365 + Microsoft Azure deployment for my agency, and led the maturation of the agency's information security program to achieve compliance with Federal and State cybersecurity mandates.
- Chief Information Security Officer at Texas A&M Transportation Institute
- Senior Network Analyst at Texas A&M Transportation Institute
- Police Communications Systems Manager at Northside ISD Police Department
7 years, 5 months at this Job
- Master's - Cybersecurity Studies
- Bachelor's - Emergency & Disaster Management
- Associate - Criminal Justice
EVP, Chief Information Security Officer in charge of all information risk and cybersecurity functions.
EVP, Chief Information Security Officer in charge of all information risk and cybersecurity functions.
- Chief Information Security Officer (CISO) at Banc of California
- Chief Information Security Officer (CISO) at Federal Reserve Bank
- SVP Information Security Officer at BNP Paribas USA
- President, Forbes Risk Management at TD Ameritrade
11 months at this Job
- - Licensed Insurance Agent & Broker
- Master's - Business Administration
- Bachelors of Science - General Studies
Serve as an Area Information security officer as Lead for the Hawaii and off island facilities (neighboring islands, American Samoa, Guam, and Saipan) and principal point of contact and primary authority of VA security Programs
responsible for access control of FISMA and NIST 800-53 Rev1-4 (Security and privacy controls), NIST 800-137
(Information Security Continuous Monitoring (ISCM)) for Federal information systems and Organizations, NIST - FIPS (199, 200, 201-2). Developing maintaining processing reviewing or updating (Disaster recovery/Incident
Response/System Security plans, Incident Memorandum of Understanding/Interconnection Security Agreements, Data use/Data transfer agreements- (HIPPA related, security of medical research protocol reviews, and programs or
projects that involve auditing/maintaining annual security reviews, Media Sanitizations program, Remote access, Cloud migration process.
• Served as the lead on bringing on multiple vendors through the ESCCB, ATO, VPN process, and established rapport with many key staff in the process.
• Serve as a principal point of contact and primary authority of VA security Program on program compliance, risk management, continuous readiness, contract reviews and program that involve auditing, maintaining annual security reviews. Work closely with IT department, Facility Area Manager on security related issues, like computer access breaches to resolve or mitigate all reported or discovered incidents.
• Covered as the lead ISO for various facilities in transition of obtaining a new ISO, such as Sheridan and Salt Lake City.
• Served as Lead Information security officer as a principal point of contact and primary authority of VA security Program on program compliance, risk management, continuous readiness, contract reviews and program that involve auditing, maintaining annual security reviews. Work closely with IT department, FCIO on security related issues, like computer access breaches to resolve or mitigate all reported or discovered incidents. Ensuring compliance with Federal security regulations and VA security policies;
• I've conducted systems security evaluations, audits and reviews where I evaluate our IT systems user knowledge and awareness including review of com-closets as needed in bi-weekly EOC rounds and I have participated in regional semi-annual walk-thru visits of outlaying campuses. I have worked to develop with my peers Automated Information Systems (AIS) security contingency plans and disaster recovery procedures, as part of the local business continuity team formerly using the new GRC Tool. 2509 Ala Wai Blvd Honolulu Hawaii (801) 989-1968 [email protected]
• Run reports, and evaluates, and documents the VistA system per established standards.
• Coordinate CSEM/CSUM requests and related action items.
• Coordinate the completion of MOU/ISA's for all contracts.
• Review annually all local MOU/ISA's, which include controls to ensure the security of complex information systems.
• Excellent writing skills in preparing RBD's, ISCP's, DRP's, Policies, and more ISO related documentation. I've been an ISO for the VA for over two years. I've written Incident Security Response Plans, Disaster Response Plans. I write documentation, and advice on controls required to be in place to protect sensitive information. I write Risk Based Decisions when new technology is being introduced to the VA/organization, and up load them into Risk Vision. I also use Risk Vision to upload finding, documentation, and write and run risk assessments. I also use the Technical Reference menu to submit new TRM requests, and find out what TRM's have already been approved. I initialize and approve sanctuary requests. The ISO's responsibilities are vast.
• For security related issues, works as the lead, to ensure all 6550's and 6500's for contracts in accordance with VA handbooks to ensure proper controls are in place to ensure information system risk management practices and procedures are in place.
• It is best to be proactive, and attempt to stop a problem from happening ahead of time if possible. If not, I quickly identify the problem, and then determine the accuracy and relevance of the information involved. Then come up with a solution and appropriately respond.
• Actively participate with CIO, Bio-med, IT, and other key staff in all site network and systems design to ensure implementation of viable systems security policies and procedures.
• Insure required training is completed by all staff are aware protecting VA sensitive information is a joint responsibility.
• Use effective oral communication expressing information (for example, ideas or facts) to individuals or groups effectively, taking into account the audience and nature of the information (for example, technical, sensitive, controversial); makes clear and convincing oral presentations; listens to others, attends to nonverbal cues, and responds appropriately.
• Involved in the development and implementations of all new program procedures to ensure that systems, network and data users are aware of health information system / medical device system policies and procedures.
• Reviewing, analyzing, and auditing of local information security programs and serving as the principal security advisor to system owners regarding security considerations in applications, systems, procurement or development, implementation, operation and maintenance, disposal activities.
• Strict attention to details while performing work, always being conscientious to ensure accuracy.
• Always striving to build a good working rapport with local staff, VISN staff, and all clients and customers. Listening to their needs, and finding solutions.
• Involved in the design of local IT programs to ensure controlled accessibility to the health information systems/medical devices.
• Involved with preforming and troubleshooting maintenance in accordance with approved system application support policies and change control policies.
• Involved working with teams in the conduct of comprehensive risk assessment studies and evaluations to assure efficacy and viability of medical devices and associated health information systems, as well as compliance with and adherence to establishing Federal and VA/OIT laws, regulations, policies and procedures.
• Assisting in the determination of an appropriate level of security commensurate with the impact level;
• Coordinating, advising, and participating in the development and maintenance of information system security plans and contingency plans for all systems under their responsibility;
• Ensuring risk assessments are accomplished every three years, reviewed/updated annually, and when there is a major change to the system, re-evaluating sensitivity of the system, risks, and mitigation strategies with the assistance of other VA officials with significant information and information system responsibilities;
• Verifying and validating, in conjunction with the system owners and managers, that appropriate security measures are implemented and functioning as intended;
• Working with the system owner and manager, repeating a selected sub-set of security control certification and accreditation security control assessment test procedures, as it pertains to the information systems at the site, to ensure that controls remain in place, operating correctly and producing the desired results. Controls most apt to change over time must be included and these tests and results must be documented to support the continuous monitoring program; 2509 Ala Wai Blvd Honolulu Hawaii (801) 989-1968 [email protected]
• Acts as a liaison between vendors and sites in the testing and troubleshooting of interface software and establishing the Site-2Site VPN tunnels.
• Participating in security self-assessments, external and internal audits of system safeguards and program elements, and in certification and accreditation of the systems supporting the offices and facility under their area of responsibility;
• Assisting other VA officials with significant IT responsibilities (i.e., system managers, contracting staff, human resources staff, police) in remediating and updating the POA&M identified during the certification and accreditation process, periodic compliance validation reviews and the FISMA annual assessment reporting;
• Notifying the VA NSOC and/or the OIG of any suspected incidents within one hour of identifying that an incident has occurred and assisting in the investigation of incidents, if necessary;
• Maintaining cooperative relationships with business partners or other interconnected systems;
• Monitoring compliance with the security awareness and training requirements for each employee/contractor;
• Coordinating, monitoring and conducting periodic reviews to ensure compliance with the National Rules of Behavior requirement for each system information user;
• Serving as the primary point of contact for security awareness and training within their area of responsibility;
• Coordinating with the facility Privacy Officer for the assurance of reasonable safeguards as required by the HIPAA Privacy Rule, HIPAA Security Rule, or other federal privacy statutes;
• Working with the facility Privacy Officer to assure information security and privacy policies complement and support each other; and
• Notifying OI&T staff to suspend, or revoke access privileges in a timely manner when a user under his/her supervision or oversight no longer requires access privileges or he/she fails to comply with this policy.
- Information Security Officer GS-2210-12 at VA
- Information Security Officer GS-2210-12 at
2 years, 11 months at this Job
- Bachelor of Science in Computer Science and Network Security - Computer Science and Network Security
Vons Employee Federal Credit Union Title: Information Security Officer Nov 2018-April 2019 Responsibilities: ✓ Established Enterprise Program Office, compiling all projects into a pipeline, worked with management to prioritize them, budget them, staff them and feed them into the project management team ✓ Managed the SOC and daily findings from all existing controls (Malware Detection, Network Intrusion Detection, Firewalls, Web Application Firewall Monitoring, Email, etc ). Identified missing controls and initiated projects to remediate them. Performed Threat Hunting. Organized and made operational, a data lake to capture all relevant data sources required to establish monitoring and alerting. Built metrics and analytics around the various attack vectors, prepared them for the board ✓ Established an inventory of every device on the network, what it was, its associated risk and, if applicable, whom it was assigned to. Initiated regular vulnerability scanning, remediated findings according to the appropriate change management process based on the device type and the risk severity of each device and the application it supported ✓ Reorganized the 3rd Party Management Program to include newly acquired companies (AAA Credit Union and Metropolitan Water District Credit Union). Moved all vendors and their associated due diligence to new vendor management platform. Through interviews, identified hundreds of existing relationships with no due diligence (initiated new vendor due diligence on those) ✓ Developed and maintained enterprise metrics
Vons Employee Federal Credit Union
Title: Information Security Officer Nov 2018-April 2019
✓ Established Enterprise Program Office, compiling all projects into a pipeline, worked with management to prioritize them, budget them, staff them and feed them into the project management team
✓ Managed the SOC and daily findings from all existing controls (Malware Detection, Network Intrusion Detection, Firewalls, Web Application Firewall Monitoring, Email, etc ). Identified missing controls and initiated projects to remediate them. Performed Threat Hunting. Organized and made operational, a data lake to capture all relevant data sources required to establish monitoring and alerting. Built metrics and analytics around the various attack vectors, prepared them for the board
✓ Established an inventory of every device on the network, what it was, its associated risk and, if applicable, whom it was assigned to. Initiated regular vulnerability scanning, remediated findings according to the appropriate change management process based on the device type and the risk severity of each device and the application it supported
✓ Reorganized the 3rd Party Management Program to include newly acquired companies (AAA Credit Union and Metropolitan Water District Credit Union). Moved all vendors and their associated due diligence to new vendor management platform. Through interviews, identified hundreds of existing relationships with no due diligence (initiated new vendor due diligence on those)
✓ Developed and maintained enterprise metrics
- Information Security Officer at Vons Employee Federal Credit Union
- Director of Cyber Intelligence at Securonix
- Vice President, Senior Information Security Engineer at Bank of America
- Senior Analyst at Sony
5 months at this Job
- Certification (net.Genesis) - net.Genesis Certification (User Behavior Tracking and Analysis)
- None - Architecture
Provides leadership, direction, and management oversight to team of information security professionals
supporting immediate high-risk remediation efforts after a significant data breach.
CHIEF INFORMATION SECURITY OFFICER - INTERIM (W2 CONTRACT) (10/2018 to 6/30/2019)
Effectively manages a team of security engineers and architects in providing remediation support for the university and health campus. Responsible for establishing and maintaining a corporate-wide information
security strategy and leading multiple security programs to ensure that information assets are adequately
• Implemented technical security solutions to remediate the university president's high-risk vulnerabilities, to include secure email and multi-factor authentication (MFA).
• Improved HIPAA Security Rule compliance from 51% to 80%; improved NIST Cybersecurity Framework maturity from 1.9 to 2.45 in less than six months; verified via independent risk assessment
• Developed a cyber security awareness and training road show to communicate cyber security issues as part of the university's security training and awareness program; includes hands-on training and use of MFA, secure email, and secure storage for sensitive data (HIPAA, FERPA, PII).
• Improved IT Service Management capabilities through migration to ServiceNow Universal Service Administrative Company, Washington, DC Provided leadership, direction, and management oversight to teamof information security professionals supporting
- CHIEF INFORMATION SECURITY OFFICER - INTERIM at Augusta University and Health
- DIRECTOR, INFORMATION SECURITY (TEMP) at USAC's
- CHIEF INFORMATION SECURITY OFFICER (CISO) at Baptist Health
- Adjunct Instructor at University of Phoenix
8 months at this Job
- Master of Military Operational Art & Science - Military Operational Art & Science
- Master of Arts - Space Systems Management
- Bachelor of Science - Electrical Engineering
Jersey City, NJ 2014-Present
A diversified Healthcare System with over 5000 employees providing broad Healthcare Services
Chief Information Security Officer (CISO)
Developing and maintaining an organizational or system-level cybersecurity program that includes cybersecurity architecture, requirements, objectives and policies including the direction of personnel, processes and procedures. Major Achievements:
• Increase Productivity and reduce security issues by 80% by defining the corporate information technology infrastructure and security strategies and performed hands-on Proof of Concept (POC) testing for addition and/or replacement of infrastructure and security technologies.
• Increased the development of formal processes by 70% by creating and defining Corporate Security Policies and Procedures, Best Practices and Security Training to quantify and mitigate all types of threats. Created and Implemented a Security Taskforce Team, with key executive personnel and agenda to define and modify policies and procedures to meet the company's major business objectives.
• Created the Risk Management Framework that reduced response time from 2 weeks to an average of 10 hours.
• Reduced the annual budget for IT by 30% by eliminating outdated contracts. Responsibilities:
• Led a team and preformed annual cyber risk assessments (both internal and 3rd party) and influenced business decisions as a result of cyber risk assessment reports.
• Led the firm on compliance programs (HIPPA, HITRUST and NIST), internal and external audits and enforcement of policies and procedures.
• Created a Confidential Task Force and an Incident Response task force for the adoption of NIST, CMF and CSF Security Strategy, IT, and Legal Regulatory/Compliance groups. Worked closely with the Chief Privacy Officer to certify all new employees on corporate asset use.
• Created executive security and risks reports for company executives and board members, which included security related gaps related to the organization.
• Created and developed a threat intelligence internal vulnerability management program (utilizing NESSUS, Rapid7 and Retina).
• Created an internal security program (people, process, and technology).
• Designed and implemented a application security program in partnership with application development teams.
• Created and developed companywide security IT and Security policies related to new regulatory and compliance requirements (NIST, HITRUST, HIPPA and PCI DSS).
• Engineered a cyber/cloud migration plan and monitored the internal IT manager's milestones by defining and utilizing a performance matrix.
• Managed internal and external security teams, reporting, and annual IT security expense budget.
• Defined and implemented an Identity Access Management (IAM, Caradigm) system to automate the onboarding and termination provisioning of employees system access.
• Designed an internal security awareness program and training for the company.
• Created enterprise security and risk policy and oversees the development of technology architecture to support this policy.
• Constantly monitor evolving threats/risks, industry trends and modify best practices in the organization to adapt.
• Monitor the provision of services and capabilities for the protection of organization assets.
• Acted as the leader on all audit and regulatory inquiries and external vendor activities to help represent the company from an information security, recovery and technology perspective.
• Participates in leading industry consortiums to represent business security interests (HIMS, SANS, BlackHat)
• Monitored security-related vendor relationships and product selection to provide services and capabilities for the protection of organization assets.
• Defined and implemented an effective Incident Reporting and Response System to address security incidents and outlined a respond to violations or complaints from both internal and external parties.
• As a team member defined the company's business continuity plans and procedures.
• As a team member defined the company's disaster recovery plans and procedures.
• Serves as an information security expert and trusted advisor to partners in IT and the business
- Chief Information Security Officer (CISO) at CAREPOINT HEALTH
- Director Information Technology / Chief Network Architect (Secret Clearance) at CONSTELLATION INC
- Senior Program Manager at MATRIX/ PORT AUTHORITY OF PA
- Chief Technology Officer (CTO) at ITTC, INC
5 years, 5 months at this Job
- Bachelor of Science - (BS) Computer Science/ Electrical Engineering & Computer Architecture
Developed corporate privacy program to establish and support ongoing GDPR governance and compliance
as Corporate Data Protection Officer (DPO)
• Created Risk Management program comprising enterprise-wide assessment and corporate risk register
• Created robust Incident Management program with comprehensive root cause analysis (RCA) process and regular multi-departmental desktop exercises
• Reorganized Information Security department to cultivate new skills and capabilities, realizing 40% resource cost reduction
• Expanded enterprise Vulnerability Management program providing greater coverage and function at 20% annual cost savings, year-to-year
• Managed >$1M department budget to satisfy corporate security needs, research, and staff development
• Advised business units in secure code development, PCI compliance, and industry best practices
• Created new Backup/Restore (BUR) / Disaster Recovery (DR) program for complex, hybrid environment
• Established robust security awareness training program, leveraging vendor-driven and in-house LMS
• Implemented college internship program, hiring numerous undergrad InfoSec students
• Developed security metrics / KPI reporting program based on NIST Cybersecurity framework (CSF)
- Chief Information Security Officer at Kodak Alaris
- Security Delivery Executive at International Business Machines, Inc
- Senior Managing Consultant at International Business Machines, Inc
- Managing Consultant at International Business Machines, Inc.
2 years, 10 months at this Job
- Master of Business Administration - Beta Gamma Sigma National
- Bachelor of Science - Information Technology
Build and provide a contact list of potential clients to use within the company. Identify strategic business alliances which provide additional client services. Understand and describe all security issues to all corporate and key stakeholders. Communicate and evangelize information security in terms of enterprise risk. Deliver expertise with standards, policies and procedures, and positions in an assortment of cybersecurity topics. Remain current in the knowledge of the current trends in business as well as cybersecurity. Perform as a corporate ambassador and provide marketing opportunities to the corporation. Define and facilitate the risk management process, including the reporting and remediation efforts to address findings. Determine business information security requirements and recommendations and apply proper cybersecurity standards. Assist in the creation of the corporate and client Information Security Governance, Risk and Compliance. Create corporate security policies, standards, and procedures. Ensure programs are in compliance with relevant laws, regulations, and policies to minimize or eliminate risk and audit findings. Develop continuity and disaster recovery strategies. Define privacy requirements with the knowledge of client business strategy and process. Guarantee the framework for the governance of enterprise assets through assessments. Authorization of security products and solutions based on customer and corporate requirements. Principal information security authority who collaborates with corporate, client and vendor senior management. Establish and manage service and vendor relationships related to the delivery of security solutions within the enterprise. Create partnerships and alliances with strategic vendors. CISO Advisor to clients. Security solution and product testing and evaluation. AOS (Dallas, TX) and SES-GS (McLean, VA) Communications Security (COMSEC) Manager, Information Systems Security Officer (ISSO) and Information Assurance Manager (IAM)
- Chief Information Security Officer at Secutor Consulting
- Chief Information Security Officer (CISO) for AOS at
- Principal Cyber Security Specialist at Parsons
- Senior Information Security Engineer at
5 years, 5 months at this Job
- Master of Science - Information Assurance
• Outsourced CISO for several organizations (01/11 to 07/19) - CISO for Affinity Health Plans (01/19 to Present) - vCISO for 6 organizations to meet NYS cybersecurity requirements (07/17 to 05/19) - CISO for MetroPlus Health Plans (12/16 to 06/17) - CISO for a hospital group in NJ (11/13 to 11/16) - vCISO for two medium sized law firms in NYC (11/11 to 11/13) - vCISO for three under 500 person startups (01/11 to 11/13) - Exec. Director of Information Security for a health & wellness ecommerce company
• Built the information security program for the largest municipal owned health plan in the US
• Revamped security operations at MetroPlus Health Plans to align with the NYS Department of Financial Services CyberSecurity requirements.
• Established cloud computing standards in line with the Cloud Controls Matrix
• Redesigned the policies and operations to adhere to HIPAA and HITRUST requirements
• Created and chaired the Information Security steering committee
• Designed incident response processes for several clients and maintains a SOC for smaller clients to use for their operations.
• Established requirements for GDPR compliance
• Member of CHIME
• Integrate security operations with the growing ITSM of MetroPlus
• Designing and building a threat intelligence sharing platform for joint public and private sector use in New York City and other tri-state municipalities
• Vendor management and risk assessments
• Extensive vendor risk management of Tier 1 vendors
• Updated security program to meet and maintain FedRAMP requirements
• Point person for Centers for Medicare and Medicaid Services (CMS) security inquires
• Partnered with the MetroPlus Risk Officer on breach management and breach notifications
• Establish vulnerability management standards and manage the process.
• Designed and planned a complete security operations center for MetroPlus
• Investigated and implemented security tools to report and interact with ServiceNow
• Encourage and champion implementation of cybersecurity best practices
• Built policies, procedures, and standards in line with ISO 27001 & 27002, 27799, and NIST CSF 1.1 frameworks
• Researched, planned, and authorized several security tools for monitoring environment
• Training staff on incident handling procedures
• Led creation and management of application security testing and monitoring processes
• Research, architect, and implementation of innovative technologies like SIEM (LogRhythm, AlienVault, LogLogic and SPLUNK) and DLP (Symantec and Intel/McAfee)
• Compiled a list of preferred vendors for security products and services
• Introduced Unified Security and Threat Management to small and midsized clients.
• Created policy to require all physical infrastructure (servers, storage, perimeter security, etc.) go through a security risk review
- Chief Information Security Officer at Ho'ike Technologies
- VP, Information Security at Global Incident Response
- Chief Security Consultant at Ho'ike Technologies
- Advanced Technical Trainer at IBM Learning Services
at this Job
- - Business Administration & Exercise Physiology
• Recruited by VP of IS to establish and maintain the enterprise vision, strategy, and program to ensure information assets and technologies are adequately protected
• Maximized corporate security posture and recognized as the company's cyber security expert
• Optimized expenses by seeking and selecting effective security solutions with best value, CBA, and ROI
• Achieved ISO 27001 Certification for International (Aclara EMEA) serving as ISO Security Officer
• Lead and achieved clean SOC 2 audits concurrently for five SaaS business units (three were first time audits)
• Lead and achieved first ever clean SOC 2 Type 2 audit for a previously failing SaaS business unit
• Finalized the Corporate Business Continuity and Disaster Recovery Plans and achieved successful testing
• Created and implemented new data security standards that improved corporate security posture
• Authored and implemented global and site-specific information security policies and procedures
• Authored new security awareness training program and achieved 100% end-user compliance
- Information Security Officer at Aclara Technologies LLC
- Director - Advisory Board at Clicked Studios LLC
- Executive Vice President Business Strategy at Clicked Studios LLC
- Vice President Information Systems / Chief Information Security Officer at Bakers Footwear Group
5 years, 5 months at this Job
- M.S. - Management
- B.S. - Business Administration
- A.S. - Computer Technology