Anaheim, California, United States
As CEO of Xandu Limited, I lead a multifaceted organization with divisions spanning e-commerce, publishing, and cybersecurity. Our e-commerce operations serve a global audience through multiple online stores, while our cybersecurity division collaborates with leading firms like CrowdStrike to provide compliance consulting and remote CISO services. These efforts are supported by deep expertise in security protocols, cloud migration, and compliance frameworks. With over a decade of leadership experience in IT and cybersecurity, including recent roles at Kia America and Ferrari of Newport Beach, I specialize in enhancing cybersecurity programs, conducting vulnerability assessments, and strengthening cloud infrastructure. My mission is to drive innovation and security in rapidly evolving industries, empowering teams to deliver robust and scalable solutions.
I lead Xandu Limited in its mission to innovate across multiple sectors, driving significant growth and operational efficiency. • Developed and maintained a corporate data center, optimizing IT infrastructure and enhancing service delivery. • Successfully migrated all in-house servers to the cloud, improving scalability and reducing operational costs. • Cultivated partnerships with leading security firms, positioning our cybersecurity division for future success.
• Temporary Contract Position • Responsible for all Information Technology and cybersecurity at 3 locations: Ferrari of Newport Beach, San Diego, and Rancho Mirage. • Responsible for all networks and endpoints, including all management and security. • Implemented Cloud Security Tools for Azure and GCP • Utilized Bitdefender for A/V, Anti-Malware and VPN services • Responsible for the maintenance, procurement, and inventory of all IT and cybersecurity equipment • Responsible for the auditing and maintenance of 3rd party vendors. • Responsible for Risk and Vulnerability management of all Ferrari networks and endpoints. • Conducted security assessments of Ferrari's connected vehicles and associated APIs. • Spearheaded the effort to migrate all in-house servers to the cloud, including on-premises Active Directory servers. • Managed and administered accounts for Salesforce • Managed all GRC efforts • Implemented the use of Azure APIM and managed databases for the company • Managed 3 IT support engineers.
• Operating as CISO and IT Manager, restructured the corporate network, implemented a new security Zero Trust Network, created the IA program, and ensured total compliance with SOC2, CIS, CMMC I & II, ISO, and NIST standards. • Implemented mobile device management, an endpoint security solution, and website security for corporate websites. • Took ownership over budget and vendor management, handling a $200,000 budget and relationships with 80+ vendors. • Instituted a vulnerability management program via technological tools that reduced the attack surface by 80% and resulted in 0 security breaches. • Implemented an IT ticketing system and help desk using Atlassian JIRA. • Improved Endpoint remote management and security by implementing a Defense in Depth strategy, which includes implementing multiple security suites, including CrowdStrike, JAMF Protect, JAMF Trust, Tenable, and AutoMox. • Successfully migrated the company to Microsoft Azure for Active Directory, SSO, and Virtual networking and testing environments. • Set up and maintained a local penetration testing suite utilizing Kali Linux tools and Python programming language for exploit creation and testing. • Created a Google Workspace presence to include Google Cloud Platform; transferred development environments from AWS to GCP utilizing JSON formatting for transferring code. • Evaluated vendor solutions for improved security capabilities, ensuring alignment with business objectives. • Increased threat visibility by deploying advanced monitoring systems and threat intelligence feeds across the enterprise network. • Implemented a continuous improvement framework for ongoing assessment of security controls effectiveness. • Championed employee engagement in cybersecurity initiatives, increasing awareness and adherence to best practices. • Spearheaded the development of disaster recovery plans that enabled rapid system restoration following disruptive events. • Managed 1 IT Support Engineer
• Improved system resilience with the development and execution of disaster recovery plans. • Reduced risk of data breaches by systematically upgrading security software and hardware. • Empowered decision-making with the creation of comprehensive security reports and risk assessments. • Spearheaded cybersecurity audits, identifying gaps and recommending actionable improvements. • Ensured secure remote work environments by implementing robust VPN technologies and policies. • Customized cybersecurity solutions to meet the organization's unique needs, enhancing overall security architecture. • Championed the development of an incident response team, ready to tackle security breaches efficiently. • Collaborated with IT teams to integrate cybersecurity measures into the development lifecycle of software and applications. • Advanced organizational knowledge of emerging cybersecurity threats through targeted research and intelligence gathering. • Streamlined incident response processes, significantly reducing response time in crises. • Conducted regular audits of IT infrastructure to ensure adherence to established cybersecurity policies and best practices. • Fostered a culture of security awareness, conducting regular training sessions for staff on cybersecurity best practices. • Pioneered multi-factor authentication (MFA) deployment across all critical systems, significantly reducing unauthorized access incidents. • Optimized cybersecurity protocols, ensuring compliance with national and international security standards. for Microsoft Server-based Networks.