Information Security Swiss Army Knife
and Mentor

Dynamic service-oriented Information Security specialist with a myriad of success designing, building, auditing, managing and troubleshooting of a broad range of risk management initiatives in a multi-customer environment.

  • Deeply-certified with 18+ years of extensive hands-on experience leading all life-cycle stages of security system development
  • In-depth technical knowledge with the ability to troubleshoot and diagnose creative solutions to unique problems and customer business and technical requirements
  • Real world working experience exceeding internal security controls, industry best practices, SOX, PCI, HIPAA/HITRUST, GLBA, NIST 800-53, DoDI, ISO27000, and other privacy standards
  • Practical experience in the definition, development and direction of information security strategy, policy, and programs guiding processes and people
  • A self-starting performer with excellent written, verbal and collaborative communication skills

Specialties and Skillsets

Core Security Business Competencies

  • Audit Compliance
  • Change and Configuration Management
  • Business Continuity, Incident Response
  • Problem and Root Cause Management
  • Security Architecture
  • Security and Risk Management
  • Strategic and Tactical Planning
  • Among many other skillsets. . .

Core Security Technical Competencies

  • Access Control
  • Anti-Malware
  • Data Loss Prevention/Protection (DLP)
  • Endpoint Security
  • Encryption
  • Firewall/Unified Threat Management (UTM)
  • Intrusion Detection/Prevention System (IDS/IPS)
  • Mobile Device Management (MDM)
  • Network
  • Public/Private Cloud
  • Secure Configuration
  • Secuity Information Event Management (SIEM)
  • Vulnerability Scanning
  • Among many other technologies. . .

Career Progression

Senior Security Solutions Consultant and Auditor
July 2011 – Current

A blended pre- and post-sales role developing / delivering authentic security risk assessments, governance services, policy creation, program framework definition, and vendor agnostic security technology solutions while balancing the Customer's needs against applicable security standards, regulatory requirements, and industry best practices.

Authorized ISC2 Trainer
July 2014 – Current

Recruited to provide live and online ISC2 structured training seminars covering the CAP, CISSP-ISSAP/ISSEP/ISSMP, CCSP, HCISPP, and SSCP certification programs.

Information Security Officer / Security and Privacy Engineer
United Surgical Partners International
March 2009 – July 2011 (2 years 5 months)

Point of contact for all things Information Security and Privacy within the USPI Organization. Routinely developed, maintained and lead enhancements to the USPI Information Security program while balancing the needs of HIPAA/HITRUST, SOX, PCI, and other legislatively mandated requirements.

Security Solutions Architect (TVMR / SIEM Service Offering)
Electronic Data Systems
July 2006 – March 2009 (2 years 9 months)

Tasked with solution engineering, implementation, and ongoing support of new ESEM (SIEM) customers and sites for PCI, HIPAA, SOX and internal security control audit compliance.

Security Solutions Architect and Lead (Enterprise Firewall Risk Audit and Lockdown)
Electronic Data Systems
July 2006 – October 2007 (1 year 4 months)

Performed an 18-site enterprisewide firewall security risk audit and lockdown of a ”Billion Dollar” European Financial Customer's network perimeter.

Security Solutions Architect (DLP Service Offering)
Electronic Data Systems
July 2005 – July 2006 (1 year 1 month)

Helped architect a Data Loss Prevention (DLP) managed service offering to be sold to both internal and external customers.

Security Infrastructure Specialist and Risk Auditor (Managed Firewall Service Offering)
Electronic Data Systems
November 2000 – July 2005 (4 years 9 months)

Provided full firewall security solution consulting, engineering, enterprise risk auditing, and support for both internal and external customers. Primarily tasked with high-profile/high-risk customer solutions requiring unique attention. As Technical Lead, mentored team members and performed validations of solutions for quality control prior to implementation.

Team Lead, Systems Administrator, and Quality Assessor (Remote Desktop Support)
Electronic Data Systems
May 1998 – November 2000 (2 years 7 months)

Provided second level advanced desktop/server support for both internal and external customers. Daily troubleshooting duties included RAS/VPN service clients and security network infrastructure, as well as all user applications utilized across active connections. As Team Technical Lead, providing training and third level advanced diagnostic troubleshooting on unique customer-impacting problems whether they were RAS/VPN related or not.

Distribution Analyst and Quality Assessor (DAOPC)
Electronic Data Systems
January 1997 – May 1998 (1 year 5 months)

Ground floor opportunity. While initially providing processing of print outputs for various customers, position quickly grew to also include ISO9001 quality control and technical support responsibilities.