Philadelphia, Pennsylvania, United States
🔹 Cybersecurity & Compliance Executive | CISO & Board Advisor | Cloud, Risk & Governance Leader I build and lead security programs that don’t just defend — they withstand regulatory scrutiny, support complex stakeholder environments, and enable resilient, mission-critical operations at scale. Whether serving as a CISO or advising boards and executive teams, I help organizations align cybersecurity with institutional objectives, risk tolerance, and regulatory demands. With over 20 years of experience, my background spans infrastructure, application development, security leadership, and compliance — a combination that bridges technical depth with executive and boardroom credibility. I’ve guided Fortune 500 companies, regulated enterprises, healthcare organizations, and growth-stage environments through cloud transformation, audit readiness, and security governance under continuous oversight from Big Four firms (Deloitte, PwC, KPMG, and RSM). 🔐 Selected Highlights • Led 24/7 SOC operations with global MSSP partners, reducing detection times by 25% while maintaining 99.99% service availability. • Directed a zero-downtime SaaS migration across 1,300 facilities, strengthening resilience during enterprise modernization. • Built and scaled lean AWS Security & DevSecOps teams, embedding governance into cloud-native environments. • Achieved and sustained compliance across SOC 2, PCI, HIPAA, GDPR, ISO, and related frameworks under public-company scrutiny. • Regularly advise boards and executive leadership on cyber risk, resilience, and regulatory alignment in highly visible environments. I also contribute to the broader cybersecurity community through industry advisory and education initiatives, including serving on advisory panels for Verizon and Rubrik, and as a speaker and advisory board member for SecureWorld Philadelphia, where I focus on practitioner education, leadership development, and applied security strategy. ORCID iD: https://orcid.org/0000-0001-5085-4280
Executive Security Advisors is a security advisory practice focused on governance, risk management, and executive decision support in regulated and mission-driven environments. As Principal and Chief Security Advisor, I focus on building and refining board-level security governance approaches, cybersecurity policy frameworks, and incident response decision models aligned with CIS CSC, ISO 27000, NIST CSF, NIST RMF, and public-sector expectations. This role emphasizes translating technical and operational risks into clear, defensible guidance for senior leadership, with a particular focus on research, higher education, healthcare-adjacent environments, and the responsible adoption of emerging technologies such as AI. ● Developed reusable executive-level governance, risk, and policy frameworks aligned with NIST CSF, NIST RMF, and higher-education and public-sector operating models. ● Designed incident response governance materials, including executive escalation paths, decision frameworks, and tabletop exercise scenarios. ● Built AI governance and AI risk management advisory frameworks informed by NIST AI RMF and executive AI strategy considerations. ● Advanced professional depth through graduate-level coursework in cybersecurity risk management and governance, and completion of the (ISC)² Building AI Strategy certificate.
Directed enterprise-wide cybersecurity, compliance, and IT infrastructure for a $1.4B public REIT with 1,300+ facilities. Functioned as de facto CISO, building security and infrastructure teams, leading multi-cloud modernization, and ensuring regulatory audit readiness under public-company scrutiny. ● Orchestrated 24/7 SOC operations with global MSSP partner eSentire, achieving 99.99% uptime and reducing incident detection times by 25%. ● Directed zero-downtime SaaS migration for property management platform, strengthening enterprise resilience across all facilities. ● Built and led AWS Infrastructure & Security teams (7 FTE), embedding DevSecOps practices into CubeSmart’s cloud environment. ● Coordinated SOC2, PCI, ISO 27001, and ITGC audits with Deloitte and KPMG, ensuring continuous financial controls maturity. ● Deployed Tenable IO and Snyk, reducing critical vulnerabilities by 40% in the first year. Owned Azure security & compliance posture across Entra ID (Azure AD) and M365; implemented NIST/CIS-aligned controls, access reviews, and audit-ready logging. ● Rolled out MFA for corporate identities within 6 months using Conditional Access, advancing Zero Trust and cutting credential-abuse risk. ● Automated server patching via SCCM/MECM with SLA-based cadence and compliance reporting; initiated Intune migration for modern endpoint management.
Led information security, data privacy, and risk management for a nationally recognized nonprofit serving 300,000+ physicians. Directed HIPAA, GDPR, and CCPA programs, strengthened incident readiness, and ensured compliance under audit scrutiny. ● Directed privacy and compliance initiatives safeguarding PHI and physician certification data, eliminating recurring audit findings. ● Enhanced organizational readiness by 30% through semi-annual IR tabletop exercises and continuous playbook updates. ● Advanced IT governance maturity through risk discovery, remediation, and reporting across enterprise systems.
Co-founded and grew a boutique IT consulting firm, delivering technology solutions to small and mid-sized businesses. Directed networking, server infrastructure, and desktop deployments while providing security, database, and application consulting. ● Designed and implemented end-to-end IT solutions for small business clients, including networking, server infrastructure, and desktop deployments. ● Provided consulting expertise in Oracle, MS SQL, Unix/Windows operating systems, web development, and security, ensuring scalable and reliable environments. ● Built and managed IT infrastructure for a rapidly growing medical practice, including network, servers, desktops, and endpoint/application support. ● Acted as a trusted advisor to business owners, aligning IT investments with business growth, compliance, and operational needs.