Greater Chicago Area
As the Head of Information Security at Octus, I lead a holistic security organization that covers IT and Application Engineering, with a focus on code security, cloud security, and compliance. With over 20 years of experience in cybersecurity and information technology, I have a proven track record of delivering secure and innovative solutions for industry-leading organizations across various domains, such as SaaS, IoT, and AR. My mission is to enable business growth and customer trust by aligning security strategy with organizational goals, applying best practices and standards, and building a strong security culture. I have successfully built and led teams of security and compliance professionals, implemented cutting-edge security tools and processes, and enabled sales and marketing through effective communication and education. I am passionate about staying ahead of the curve and exploring new technologies and opportunities in the rapidly evolving cybersecurity and cloud landscape.
• Established a holistic security organization encompassing GoodLeap’s IT and Application Engineering organizations • Analyzed current state and developed a roadmap for our journey to a more secure state using three focus areas: code security, cloud security, and compliance (SOC2, privacy regulations, industry requirements) • Built team of 5 security and compliance resources in 7 months • Redesigned Identity and Access Management to provide strong baseline controls • Worked with legal to develop a vendor-centric Data Protection Agreement, perform contract reviews, and provide vendor security input • Revitalized security awareness program for different levels of the organization • Provided endpoint, email and perimeter security controls and technologies • Reviewed and remediated PCI compliance requirements • Managing budget of $1M, led review and selection of vendor solutions for Secure Software Repository, Software Composition Analysis (SCA), Static Application Security Testing (SAST), Developer Education, Cloud Security Posture Management (CSPM), Endpoint Management, Managed SOC Services, Governance/Risk/Compliance, and Vendor Management
• Recruited to chart a course for PTC’s SaaS Business Unit to improve security and achieve progressive certifications for their SaaS and mobile Augmented Reality Suite of products • Enabled sales through development of standardized questionnaire responses, whitepapers, and sales decks resulting in less time spent up-front in the security process, freeing valuable Product Management time and expediting sales • Developed cyber education program covering design, product management, leadership, and engineering • Built a suite of security services and a team to deliver, enabling CI/CD security through Software Composition Analysis (SCA), Static Application Security Testing (SAST), Dynamic Application Security Testing (DAST) • Activated security telemetry from AWS, Azure, and PTC Applications into common platform with curated alerts and behavioral analysis • Mapped compliance trajectory from SOC2 to GxP and then FedRAMP, reducing customer objections in the sales cycle
• Hired to measure and reduce cyber security risk in Stanley’s portfolio of commercial technology products, ranging from SaaS solutions to connected doors, tools and industrial robotics and representing over $2B in revenues • Implemented vulnerability scanning, dynamic application security testing, static application security testing, static code analysis, and real-time application security protection solutions resulting in cyber maturity increases of 400%+ • Enabled sales through development of security whitepapers and other collaborative marketing materials, reducing sales cycles by as much as 20% • Activated product teams to securely navigate groundbreaking products from ideation to creation, resulting in the addition of $40M in one-time 2019 revenues and $20M in annually recurring revenue • Developed a cyber education program that increased cyber awareness, driving faster time to market with mitigated risks through a 60% reduction in engineering security bugs • Invented a method of measuring risk as an “Attack Profile Valuation”, providing a method of determining where to apply limited resources to achieve the most reduction in organizational risk • Advanced a cyber maturity model to enable board-level progress reporting toward a more secure cyber posture • Built a team to operationalize security technologies and methodologies, enabling scale-out deployment of critical
• Recruited to the Enterprise Content Division to rescue Managed Services business from loss of contractually-required compliance certifications and invent a platform for the next generation SaaS offering • Completed projects to re-implement information security, update cloud architecture, improve data protection, and solve DevOps challenges, reducing incidents by 400% • Enabled sales team to win key prospects by instilling confidence in our platform, services, and security posture, thus securing new high-value customers and over $30M in recurring annual revenues • Re-engineered security controls and processes across all corporate cloud operations using NIST & ISO frameworks to position the organization to pass SSAE16 SOC2 audits, removing sales cycle hurdles due to expired attestations • Advanced development of next generation SaaS solution through architectural designs incorporating security, resiliency, and recovery, resulting in launch of this new revenue stream 3 months ahead of schedule
• Recruited by executive leadership to design and launch a secure multi-tenant cloud consolidation technology program to control risk and cost around hosted/SaaS solutions throughout EMC • Activated product teams by inventing methods of delivering innovative hosted solutions to EMC customers, creating new SaaS revenue streams in excess of $100M in recurring annual revenues • Established secure cloud platforms across 3-data center pairs in the US, EU, and Asia, resulting in an immediate improvement in the architecture and security posture of solutions as they onboarded into the platform
• Co-founded a new cloud services business unit within the Enterprise Content Division (Documentum), navigating from concept to product launch, rallying executive support, securing capital funding, and building the organization • Grew the business globally to encompass 4 shared data centers and 10 dedicated data centers, with recurring annual revenues of $60M with 25% margins by the end of the fourth year • Activated solutions that reduced customer implementation time to weeks vs. months with a 70% reduction in support costs • Developed SLAs, monitoring strategies, disaster recovery approach, and business continuity plan to address customer concerns and reduce sales friction • Secured 4 patents for innovations in the management of virtual data centers, thus strengthening the company’s competitive advantage and positioning the business as an industry leader • Inspired team of over 100 to continuously deliver automated approached to routine tasks, enabling scale out growth of our service without commensurate scale out of headcount cost