Kemah, Texas, United States
I am the 2025 Who's Who in America, a Certified Information Systems Security Professional with 15 years experience in managerial cybersecurity including compliance, incident response, penetration testing, auditing, and data loss prevention. I have worked in the federal and private sector utilizing NIST, ISO, PCI DSS, Zero Trust Architecture, Identity and Access Managemen, Sarbanes Oxley, and the Graham Leach Bliley Act. I am a great fit for this role as I have worked in Security Operations, Compliance, and Architecture which will give me the ability to make the contract thrive. Furthermore, I am experienced in Crowdstrike Cortex XDR, Palo Alto, Okta, CloudFlare, and Wireless Access Firewalls. In tandem with Cortex XDR, I also am an expert with Firelake to manage client cloud infrastructure [oAuth, O365, Saas, PaaS, IaaS and DBaaS]. Lastly, I have used Okta with mobile application feature distribution and enhancement to strengthen client environment attributes.
• Within the Vehicle Access Division, supported the Zero Trust (ZTA) Security Operations for all (foreign and domestic). • Performed and initiated ZTA technical assessments and planning to include the 5-Pillars (Network Infrastructure, Data, Identity Credentialing & Access Management (ICAM), Data, and Application Workload) • Reviewed and developed security architectural design documents, artifacts and provided recommendations for improvements based on the Cybersecurity & Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST 800-53) security controls and best practices. • Participated in the development of the cybersecurity strategy for Stellantis Connected Car Consortium. • Supported the Risk Management Framework (RMF) lifecycle process implementing network vulnerability mitigation. • Supported all Penetration Testing with best practice solutions for Threat Assessment and Remediation Analysis (TARA) findings. • Supported all mobile application proof-of-concept scenarios for system and application testing. • Performed vendor management and selection activities to include testing of security tools and concepts for implementation. • Participated in all staff and vendor meetings regarding the application and implementation of all Zero Trust (ZTA) architectural improvements and recommendations. • Lead cybersecurity initiatives for all current and future vehicle systems and complex security models. • Architected certificate management and PKI infrastructure improvements. • Trained employees in cybersecurity standards and practices. • Determined risk posture of Stellantis Vehicle Access to include risk determination and risk scoring.
Within the Vehicle Access Division, supported the Zero Trust (ZTA) Security Operations for all (foreign and domestic) utilizing CloudFare. Performed and initiated ZTA technical assessments and planning to include the 5-Pillars (Network Infrastructure, Data, Identity Credentialing & Access Management (ICAM), Data, and Application Workload) Reviewed and developed security architectural design documents, artifacts and provided recommendations for improvements based on the Cybersecurity & Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST 800-53) security controls and best practices. Participated in the development of the cybersecurity strategy for Stellantis Connected Car Consortium. Supported the Risk Management Framework (RMF) lifecycle process implementing network vulnerability mitigation.
Within the Vehicle Access Division, supported the Zero Trust (ZTA) Security Operations for all (foreign and domestic). Performed and initiated ZTA technical assessments and planning to include the 5-Pillars (Network Infrastructure, Data, Identity Credentialing & Access Management (ICAM), Data, and Application Workload). Reviewed and developed security architectural design documents, artifacts and provided recommendations for improvements based on the Cybersecurity & Infrastructure Security Agency (CISA) and the National Institute of Standards and Technology (NIST 800-53) security controls and best practices. Participated in the development of the cybersecurity strategy for Stellantis Connected Car Consortium. Supported the Risk Management Framework (RMF) lifecycle process implementing network vulnerability mitigation. Supported all Penetration Testing with best practice solutions for Threat Assessment and Remediation Analysis (TARA) findings. Supported all mobile application proof-of-concept scenarios for system and application testing. Performed vendor management and selection activities to include testing of security tools and concepts for implementation. Participated in all staff and vendor meetings regarding the application and implementation of all Zero Trust (ZTA) architectural improvements and recommendations. Lead cybersecurity initiatives for all current and future vehicle systems and complex security models. Architected certificate management and PKI infrastructure improvements. Trained employees in cybersecurity standards and practices. Determined risk posture of Stellantis Vehicle Access to include risk determination and risk scoring.
Lead technical pre-sales activities, driving business opportunities from opportunity identification through booking. Worked collaboratively in a dynamic team environment to achieve outcomes and revenue targets. Demonstrated excellent customer service skills, build credibility and rapport with client technical teams. Established productive relationships with our clients, serving as a trusted advisor and consultant to optimize their cybersecurity strategy. Identified, qualified, and closed new opportunities through the application of technical expertise, account management skills, sales ability, and exceptional client focus. Demonstrated the ability in a pre-sales capacity to identify our clients’ business problems and effectively design, communicate and evangelize cybersecurity solutions to solve those problems. Quickly grasped new technologies and developed solutions integrating new technologies with existing cybersecurity tools and services. Delivered technical presentations and/or cybersecurity solution demos to clients and partners. Built and maintained relationships with technical resources at all levels of the client organization. Created strategic business relationships and become a trusted advisor within assigned client agencies to identify opportunities for cybersecurity solutions and services. Leveraged and maximized partner alliance relationships to increase opportunity identification. Identified opportunities where existing client products/tools could be leveraged to develop solutions that provided additional features and capabilities, thus delivering greater value. Developed white papers and knowledge base articles as needed. Provided thought leadership in the areas of governance, security requirements, methodologies, techniques and tools used to reduce the client’s cyber security risk posture.
In cooperation with the U.S. Department of Veteran Affairs (VA) and the Defense Health Agency DHA Information System Security Manager (ISSM) and Information System Security Officer (ISSO), provided Risk Management Framework (RMF) and Zero Trust (ZTA) Cyber Security Architecture support in the development of the VA Joint Operations and Integration Center (JCOIC), and the Electronic Health Record (EHR) systems and applications targeted for approved Authority-To-Operate (ATO’s) and Authority-To-Connect (ATC’s) accreditations. Supported the 6-month Zero Trust Technical Assessment & Planning activities across 4-technical workstreams to include (Network, Data, Devices, Identity and Applications) while scoping CloudFlare implementation.
●Evaluating Client budget allocation for AWS Risk Management of CloudFront and expanding CloudTrail for securing and auditing cloud based assets Architected framework to move client into Microsoft Azure cloud infrastructure • Managed utilization of ELK Stack (Elastic Search, LogRhythm, and Kibana) into client cloud environment • Successfully instantiated client framework into AWS cloud solution • Managed selection of client cloud security software collection ●Delivering scalability of web applications to the client with the goal to increase web application capabilities and IT budget cost saving ●Architecting cloud solutions with Amazon Web Services (AWS) to mimic and migrate on-premises storage utilizing cloud native applications ●Lead technical pre-sales activities, driving business opportunities from opportunity identification through booking ●Worked collaboratively in a dynamic team environment to achieve outcomes and revenue targets ●Demonstrated excellent customer service skills, build credibility and rapport with client technical teams ●Established productive relationships with our clients, serving as a trusted advisor and consultant to optmize their cybersecurity strategy ●Identified, qualified, and closed new opportunities through the application of technical expertise, account management skills, sales ability, and exceptional client focus ●Demonstrated the ability in a pre-sales capacity to identify our clients!"business problems and effectively design, communicate and evangelize cybersecurity solutions to solve those problems ●Quickly grasped new technologies and developed solutions integrating new technologies with existing cybersecurity tools and services ●Delivered technical presentations and/or cybersecurity solution demos to clients and partners ●Built and maintained relationships with technical resources at all levels of the client organization
● Threat Modeling to reveal the client!s cyber landscape ● Threat Hunting for new and undiscovered threats affecting the client environment utilizing OWASP sofware, Microsoft Threat Modeling and Cairis ● Automation of Threat Management, Threat Modeling, and Threat Hunting for the client architecture to reduce costs ● Threat risk analysis of potential threats for the client ● Delivering Threat Management techniques to client for remediation tactics ● Threat remediation via Penetration Testing, Application, Network, and Database scanning software ● PCI DSS Auditing of client infrastructure ● Configured client firewall utilizing Palo Alto and Akamai ● Assisted client with obtaining PCI DSS Compliance ● Implemented Identity and Access Management methodology for client systems storing Payment Card data ● Architected encryption schemes for client PCI DSS database and data transmission ● Developed client information security policies regarding storage and access to Payment Card data ● Reviewed client audit logs associated with network resources containing Payment Card data ● Leveraged Crowd Strike Falcon for end-point detection and response as well as Threat Hunting ● Client Perimeter Security HIDS/HIPS via Solar Winds Security Event Manager, Splunk, Snort, and Carbon Black ● Conducted Threat Management evaluations with Tenable Nessus, Security Center, Nexpose, and Qualys then presented client with remediation techniques ● Integrated Tripwire for client software integrity and benchmark evaluation to ultimately phase out Windows Policy Checker and Unix Policy Checker ● Collaborated with client security stakeholders to mitigate threats and achieved client Approval To Operate (ATO) ● Architected solutions for locating personal identifiable information (PII) within information systems ● Traveled to 300 Defense Health client Medical Centers throughout United States to lead medical device migration effort and mitigate NIST Privacy Control Threat Vectors