Greater Houston
Certified Chief Information Security Officer (CCISO)- Sept. 2025) Certified Information Systems Security Professional (CISSP)- April 2025 Certified Information Security Manager (CISM)- March 2025 Leadership training- situational awareness- 2024 CCIE Security #35355- 2013, 2014, 2017, 2019, 2022 CCIE Route/Switch #35355- 2012, 2014, 2016, 2019, 2022 Microsoft Azure Fundamentals (AZ-900)- 2023 Palo Alto PCNSA- 2022 Juniper JNCIA-JUNOS- 2022 CompTIA Project+- 2020 SilverPeak SD-WAN- 2020 Fortinet NSE 7, Network Security Architect- 2021 Cisco FireJumper- Network Security- 2019 Cisco FireJumper- Advanced Threat- 2019 Cisco Identity Services Engine (ISE) Specialist- 2015 Cisco Meraki Network Associate, CMNA- 2015 Cisco Advanced Security Architecture Field Engineer Representative (ASAFER)- 2015 Cisco SourceFire IPS Certified (SSFIPS)- 2015 Lancope Technical Certified Expert, LCTE- 2014 Brocade BCNE- 2013 Cisco CCNP Design- 2010 Cisco CCDA- 2010, 2019 Cisco CCNP Security- 2010 Cisco IPS Specialist- 2010 Cisco ASA Specialist- 2009 Cisco CCNA Security- 2009 Cisco CCNP Routing- 2009 Cisco CCENT- 2008 CompTIA Network+- 2003 Citrix CCA- 2003 Checkpoint CCSA- 2001 Cisco CCNA- 2000, 2003, 2008 Microsoft MCSE- 1999 Microsoft MCP- 1999 CompTIA A+- 1997, 2018
• Built and led a team of 7 Sr. Architects, achieving 100% retention • Reported directly to the Global CISO, ensuring strategic alignment of security architecture with company objectives • Implemented standardized security architecture for ERP, cloud, and OT, reducing audit findings by 35% and cutting time-to-deploy for new applications by 20% • Led quarterly risk assessments and compliance reviews, achieving a 40% reduction in policy violations and full alignment with NIST CSF 2.0 standards • Delivered 12 major security projects on time and under budget, saving $1.2M in operational costs through cross-functional collaboration • Assessed and mitigated third-party risks, integrating findings into the enterprise risk register for contractual compliance • Executed a three-year enterprise security strategy, aligning IT and OT security architecture with NIST CSF 2.0 and Zero Trust frameworks (800-207) • Participated in Cybersecurity Incident Response Team (CSIRT) investigations, translating lessons learned into actionable control recommendations and policy updates • Integrated threat modeling into the GRC risk assessment program, providing actionable insights for security posture and business solution evaluation • Enabled Artificial Intelligence (AI) initiatives while implementing AI and Data Governance controls to support secure business transformation • Participate in multiple simultaneous Merger & Acquisitions (M&A) for application and network migration support, aligning to security standards • Led audit remediation efforts for 600+ SaaS applications in one quarter, aligning with audit teams to evaluate controls and gather evidence, resulting in a stronger security posture and successful audit closure following ITIL best practices
Sr. Consultant duties in addition to: • Led a team of 21 engineers, maintaining a 100% project delivery rate and achieving a 95%+ customer satisfaction score across multi-million-dollar network and security engagements. • Provided vCISO services for Operational Technology (OT) clients, ensuring compliance with NERC CIP v5 and industry best practices. • Designed and implemented enterprise security solutions for Fortune 500 clients, including multi-factor authentication in Azure, advanced firewall deployments, and cloud migration strategies, resulting in a 30% reduction in security incidents and 99.99% uptime for client environments. • Oversight of technical training and mentorship, driving a 30% increase in team certifications and technical proficiency. • Led Fortinet technical training programs and cross-practice development, fostering a culture of continuous learning and collaboration. • Managed complex cloud initiatives, including configuration and migration of ASA/FTD within AWS and Azure environments. • Implementation of Cisco Catalyst/Nexus switches, Cisco ISR/ASR routers, Cisco Meraki switches, firewalls and wireless, as well as Cisco ASA with FirePOWER/FTD • Assisted engineers with technical challenges and project fatigue, ensuring positive customer feedback and team resilience. • Maintained project cadence and resource allocation, collaborating closely with Project Managers to meet budget and timeline goals. • Supported pre-sales efforts by evaluating project risks and providing accurate time estimates for large-scale opportunities. • Delivered live-streaming security awareness presentations to the Oil and Gas industry, enhancing client engagement and industry reputation.
• Led security and network teams, focusing on the Cisco Security and LAN/WAN portfolios, and guided junior consultants through technical training and certifications. • Conducted pre-sales meetings to gather business requirements and design scalable, future-ready network and security solutions. • Architected and implemented resilient network designs, including Internet and MPLS multicarrier redundancy, GRE over IPSEC, L2L VPN tunnels, and advanced routing protocols (EIGRP, BGP). • Deployed and managed Cisco FirePOWER with URL/AMP/IPS, Cisco ASA, Fortigate, and Meraki firewalls, ensuring robust security and high availability. • Guided public IP block and ASN acquisition for multi-homed ISPs, optimizing failover and uptime. • Re-architected Juniper and Cisco environments to meet stringent failover and uptime requirements, achieving 99.99% network availability. • Maintained over 95% billing utilization and was recognized as the top “1st responder” for customer emergencies among 90 engineers. • Provided mentorship and technical guidance to junior consultants, fostering a culture of continuous learning and professional growth. • Supported project delivery and customer satisfaction through effective resource allocation, technical troubleshooting, and proactive client engagement.
• Managed a team of 7 architects, delivering security solutions for applications, endpoints, and identity management, resulting in a 25% reduction in audit findings and improved compliance with NIST 800-53 and ISA/IEC 62443 standards • Developed and implemented IT security policies and guidance documents, increasing policy adoption rates by 35% across global business units • Meet with business units to gather business needs, define, testing, documenting, and implementing complex solutions to set an ongoing standard moving forward
• Directed a global team responsible for firewall, IPS, and threat mitigation, maintaining a 96-hour SLA for security requests and reducing incident response times by 30% • Team responsible for Management of Firewalls, IPS, Cisco Security Manager (CSM), as well as syslog and threat mitigation due to alerts from the Security Operations Center (SOC) • Oversight of security architecture refreshes and vendor evaluations, ensuring alignment with evolving threat landscapes and compliance requirements • IT and OT Security Architecture duties within risk assessments to ensure Purdue model/62443 are applied during project implementations as well as NIST 800-53 framework overlap
• Built and managed a team of 7 contract engineers, supporting routing and security projects for a global Cisco infrastructure spanning 2,200 sites and 66,000+ users • Technical Lead for Core Route/Switch team and Security team comprised of 30 global team members supporting a pure Cisco Network Infrastructure • Meet with Business Group owners to gather requirements, architect a solution, perform proof of concepts, implement, document, and train staff to support the solution • Design, deploy, and maintain multiple POP’s with multiple ISP’s with utilization of eBGP and EIGRP • Work with the SOC to design and deploy FireEye appliances and Gigamon SmartVue taps • Day to Day management and escalations for Extranet L2L VPN for 3rd party connectivity • Conducted annual security audits for 100+ global firewalls, reducing vulnerabilities and improving audit scores year-over-year • Participated in datacenter transition to reduce the number of datacenters from 90 to 12 globally • Annual meetings to work closely with CISO office to ensure business and security alignment with company vision • Management of Cisco 7600/7200/3900/3800 routers, Cisco 6500/4500/3750(x)/3560(x) switches, Cisco ASA 5500/5500CX/PIX5xx, Cisco IPS SSM40/4270 IPS appliances, while fully utilizing the CLI • Migration from DMVPN phase 2 to phase 3 dual-hub with EIGRP stub topology • Day to day management of ACS 4.x/5.x ACS for device administration and VPN Auth-proxy • Led network integration to migrate 15,000 employees while maintaining business continuity • Worked to implement Cisco ISE 1.4 for a small subset of offices that also included Prime Security Manager (PRSM), ASA CX Firewalls, and AnyConnect premium as part of the solution • Deployed Cisco WSA as part of a BYOD Web filtering solution for wired and wireless protection • Deployment of Nexus 5548UP, 6248FI, UCS 300 series, 1000V through vendor supported project • Management of F5 BigIP 1600/3900/6900 LTM’s for load balancing
• Daily responsibilities included monitor, support, and troubleshoot LAN/WAN Network infrastructure involving Cisco routers, switches, firewalls, VPN endpoints, Wireless, and Voice solutions • Management of Call Manager 4.2/5.x/7.x, Unity, IPCC, ACD, Auto-attendant • Assisted server team with Exchange 2003 to 2007 migration for US and UK • Designed and supported (2) remote data centers and one DR site consisting of Cisco layer 3 switches using HSRP, F5 LTM 4.x and 9.x load balancers, Active/Standby ASA 5550's to deliver a 99.99% uptime • Implemented and management of Polycom Video conferencing solution • Migrated existing VPN solution using Cisco firewalls, rolled out VPN clients, and provided support • Installation and network monitoring performed with SolarWinds and Netflow • Implemented Cisco ACS for VPN authentication and central administration for Cisco devices • Engineered Dynamic VPN solution using 871 series routers with layer 2 security for controlled access • Implemented MPLS cloud WAN connectivity with BGP to EIGRP redistribution for all sites