Dallas-Fort Worth Metroplex
With 20 years as a Chief Information Security Officer (CISO) for some of the nation’s most notable commercial companies and in critical government roles, I help fast-growth oriented companies that require a strong focus on the protection of their cyber and physical security resources – especially if security is be used as a competitive differentiator or revenue stream. I can help you with growing your cyber security program, whether it is to ensure regulatory compliance (e.g. PCI, HIPAA, GLBA, CCPA, GDPR, etc.), responding to or avoiding a security incident/breach, providing thorough protection for the company’s “crown jewels”, or even having security services as a possible revenue stream. Regardless, I can deliver you a security program in a heavily regulated environment that supports company goals while providing top-notch protection.
Provided information security and risk management consulting/contracting services for companies (both large and small). Contract services have included: • Information security strategic planning and development for large financial institution; • Incident/Breach response (including plan development, training, etc.) • Board member advisory support for information security; • Public and Sales Teams educational lectures around security awareness, threats, and overall program management; • Technology and project execution for security controls – e.g. Data Loss Prevention (DLP), Intrusion Prevention System (IPS), incident response, Security Operations Center (SOC) development, and more; • Compliance audit (FFIEC Cyber Exam, Sarbanes-Oxley) and risk management support; • Security product evaluation and venture capital support; and • Identity and Access Management design and operations (provisioning, deprovisioning, self-password reset, user attestation, federation, etc).
Brought in to lead efforts for remediating multiple Sarbanes-Oxley material weaknesses and ensure comprehensive cyber and physical security protection for employees and customers alike. Developed first formal cyber and physical security for heavily regulated publicly traded services company (over $5B revenue) responsible for all client HR services including payroll and health benefits to 16,000+ companies and 340,000+ employees. • Created company’s first integrated NIST-based cyber risk framework (including GDPR, CCPA, HIPAA, Cobit, and AICPA) including the formal company review of key risks by company stakeholders. • Adopted a tiered risk model and formal risk register for tracking and reporting risks through C-level executives and Audit/Board Committee members. • Created zero trust model with a focus on administrative, technical and risk management to ensure a comprehensive security program for protecting sensitive customer information. • Provided monthly in-person C-level and quarterly Audit/Board Committee program updates. • Oversaw initial company-wide COVID-19 preparations as well as ongoing and “return to work” employee safety response actions. • Established first formal business continuity and crisis management program. • Developed formal Incident Response plan, operational playbooks and crisis communications plan while facilitating monthly training exercises for team members. • Led numerous company-sensitive cyber, privacy, physical security, and life safety incident response actions including coordination with pre-established relationships through external law enforcement (e.g. FBI).
Provide enterprise security strategy development, interim CISO services, and executive security advisory to Chief Information Security Officers & business leaders for large corporate enterprises - including many of the Fortune 100 companies today. By leveraging past experiences and an extensive team of prior CISOs, Optiv Advisory Services are helping to extend our customers' capabilities in defining and achieving success through strategic direction setting, planning, execution and programmatic oversight. Let me know how we can help you reach your security and compliance goals today!
Recruited to develop formal global Information Security program after major 2011 company security breach and while still supporting company revenue growth of $800 million in 2011 to over $1.5 billion in 2014. • Created first ever security strategic company plan for over 60 global locations (acquired 3 companies since 2011), over 7,000 employees, and responsible for sensitive marketing and loyalty brand data for many of the top global financial (banking and credit card), retail, pharmaceutical, and hospitality companies. Data was in-scope for PCI, SSAE-16 SOC1 and SOC2, Sarbanes-Oxley (SOX), FISMA and ISO 27001:2013 annual audits and certification. • Oversaw development and start-up of Security Operations, Compliance, and Identity Management teams (employees and contractors) with a budget of over $6 million annually. • Led team in architecting and implementing a multi-layered security controls offering that was fed into a state-of-the-art 24x7 Security Operations Center (SOC) co-managed by internal and contractor personnel. • Managed development and deployment of new identity management solution for flagship customer product and corporate employees.