Charlotte Metro
As Global Head of Cyber Defense, I lead the design, build, and operation of enterprise‑scale cyber defense capabilities focused on prevention, detection, response, and recovery. My role centers on establishing and maturing global Security Operations Centers (SOCs), incident response and digital forensics programs, threat intelligence functions, and detection engineering pipelines to defend against advanced threats across complex, regulated environments. I guide organizations through high‑impact security incidents by developing disciplined incident response playbooks, improving operational readiness, and integrating intelligence‑driven defense with hands‑on forensic investigation. These efforts strengthened mean‑time‑to‑detect and respond, improved adversary visibility, and increased resilience of critical digital assets. Governance, risk, and compliance were embedded into daily operations through a strong security governance framework aligned to enterprise risk management and industry standards. My experience also includes advancing zero‑trust maturity and secure access strategies, including Secure Access Service Edge (SASE), as an operational enabler for modern SOC workflows, identity‑centric defense, endpoint visibility, and network telemetry. Partnering closely with security architects and engineering teams, I translated strategic security vision into scalable, operational capabilities—repeatable detections, response automation, and measurable security outcomes. Recognized as a trusted subject‑matter expert, I regularly advised executive leadership on cyber risk, operational readiness, and threat trends. My ability to clearly communicate complex technical and operational concepts ensured alignment across engineering, governance, compliance, and business stakeholders, driving effective cyber defense execution at global scale.
Provided enterprise cybersecurity leadership by defining strategic direction and technology roadmaps aligned to business objectives across multiple lines of business. Led delivery of large‑scale security initiatives to enhance capabilities, mature security processes, and advance zero‑trust adoption, including championing Secure Access Service Edge (SASE) implementations. Partnered closely with security architecture teams to translate strategic vision into scalable, repeatable architectural patterns. Served as a trusted subject‑matter expert and thought leader, advising senior leadership on complex security architectures, solutions, and cross‑organizational initiatives. Coordinated cybersecurity efforts across disparate business units to streamline portfolios, reduce duplication, and drive enterprise consistency, while presenting functional and strategic roadmaps to executive leadership for alignment and decision‑making.
As Chief Information Security Officer for UNC Charlotte, I led the strategic, tactical, and operational direction of the University’s enterprise information security program, overseeing multiple teams responsible for cyber defense, risk management, and regulatory compliance across a large academic and research environment. I defined and executed the University’s cybersecurity roadmap, aligning security strategy with institutional objectives, regulatory obligations, and evolving threat landscapes. As the University’s senior authority on cybersecurity risk and compliance, I led risk assessments and governance initiatives aligned with ISO 27005 and ISO 27002, while ensuring compliance with HIPAA, FERPA, PCI‑DSS, and GDPR. I developed and enforced security policies, standards, and guidelines to ensure secure operations and consistent regulatory adherence across academic, administrative, and research systems. I also guided the design and implementation of modern security architectures, including zero‑trust principles, multi‑cloud security controls for Azure and AWS, and redesigned network and endpoint security programs leveraging Palo Alto, Cisco, EDR, configuration management, and vulnerability management technologies. These efforts improved security posture while optimizing technology utilization, reducing duplication, and maximizing return on investment. Serving as a trusted advisor to the CIO and University leadership, I regularly briefed executive management and governance bodies on cyber threats, institutional risk, and program maturity. I chaired the University Information Assurance Committee as well as the Public Safety and Security Committee, fostering cross‑functional collaboration and ensuring cybersecurity was embedded into broader safety, risk, and governance discussions across the institution.
As Information Security Manager, I provided tactical and operational leadership for the development, implementation, and ongoing management of the University’s information security program. I led a multidisciplinary team of information security engineers and analysts responsible for security administration, security engineering, network defense, penetration testing, and day‑to‑day security operations, while working closely with central IT service teams to integrate security into enterprise technology solutions. I played a key role in building and maturing the University’s security capabilities by developing and enhancing information security policies, standards, architectures, processes, and procedures to ensure the confidentiality, integrity, and availability of institutional information systems and data assets. My work ensured security requirements were embedded across academic, administrative, and research environments. Specializing in cybersecurity threat management and regulatory compliance, I conducted enterprise risk assessments and control evaluations aligned with HIPAA, PCI DSS, and ISO 27001 standards. These efforts strengthened the University’s risk posture, improved audit readiness, and supported compliance across regulated systems handling sensitive student, research, and healthcare data. Through close collaboration with IT leadership and technical teams, I translated security strategy into actionable operational controls, helping the University balance risk, usability, and compliance while supporting its broader mission of education and research.
In my role, I focused primarily on cybersecurity architecture, risk governance, and enterprise security design, serving as a subject‑matter expert for Lowe’s internal information technology initiatives. I spent the majority of my time analyzing and quantifying cyber risk, overseeing vulnerability management programs, and ensuring security architectures aligned with regulatory and framework requirements. I led and supported the design and operational integration of governance, risk, and compliance (GRC) and vulnerability management platforms, with deep expertise in RSA Archer eGRC, Tenable Nessus, Rapid7, and RedSeal for network segmentation validation. These capabilities enabled consistent risk assessments, vulnerability prioritization, and validation of network segmentation controls across complex enterprise environments. My work specialized in maintaining and operationalizing PCI DSS compliance and aligning security architecture decisions to NIST cybersecurity frameworks. I advised senior security architects and engineering teams on secure design patterns, risk‑based decision making, and compliance automation, ensuring that security controls were embedded early in the architecture lifecycle and measurable at scale.