Avon Lake, Ohio, United States
Business-focused cybersecurity leader with deep experience in heavily regulated industries including life sciences, medical device manufacturing, and financial services. Skilled at aligning cyber capability with business strategy in a highly dynamic economic environment. Experienced building agile and flexible organizations that support top line growth by establishing trusted capabilities, enabling business leaders to quickly capitalize on new opportunities. Consistent track record of delivering bottom-line efficiencies through operational discipline.
Global CISO responsible for information protection and cyber resilience across IT and OT environments around the world. Key accomplishments include: • Operationalized a comprehensive cyber security program protecting IT and OT assets in alignment with NIST CSF, NIS2, ITAR, DFARS, CMMC and other requirements. • Established enterprise cyber risk governance, ensuring broad awareness and consistent treatment of risk. • Addressed critical cyber capability gaps in a high-growth market segment, addressing customer requirements to facilitate growth and enable future market expansion. • Designed and deployed a custom AI Agent reducing operational backlogs by 90% in the first 30 days of operation. • Drove substantial risk reduction through operational discipline including: • Sustained 70% reduction in Mean-Time-To-Resolve (MTTR) • 250% increase in alert handling capacity with existing resource levels • 20% increase in protection and 300% increase in detection coverage
Global responsibilities for data protection, insider risk management, cloud security operations, 24x7 detection and response, threat intelligence, vulnerability management, penetration testing, and tools engineering. • Reduced key technical debt by 60% for a critical cyber capability by migrating an on-prem solution to SaaS • Reduced tool sprawl by eliminating 25% of redundant cyber capabilities, driving improved performance through greater focus on tuning and automation • Increased detection efficiency by 10x with 300% increase in true positive detections • Achieved the highest NIST maturity scores across the organization by two independent consulting firms in 2023 and 2024 • Supported multiple incident response engagements at the direction of counsel in different legal jurisdictions, including 3rd party data breaches with the potential for organizational impact • Decreased top line OpEx spend by over 14% for the global Security Operations organization • Supported multiple business and IT teams with shared processes, third party risk assessments and audit requirements
Led a hybrid global team of employees and Managed Security Service Providers responsible for security engineering including deployment and maintenance of a broad security portfolio. Ensured that all capabilities remained fit for purpose across a complex integration of IT, Operational Technology (OT) and Cloud environments. • Contributed $3.4 million in annual synergy savings through Takeda / Shire integration • Drove efficiencies through automation program, managing fleet of cloud assets with 40% fewer staff members per environment, freeing up team members to do higher value work • Led cyber tools tuning initiative, reducing false positives 94% and enabling faster incident response
Built the Security Operations function from the ground up. Hired and Trained managers and team members. Aligned service capabilities with organizational requirements. • In 9 months, established 24x7 Security Operations Center (SOC) Monitoring, Threat Intelligence and Incident Response teams. Began with an MSSP capability and transitioned to 100% company employees. • Delivered presentations on capability, risks and compliance to senior leadership and multiple investment fund governing boards • Optimized Identity and Access Management (IAM) Program, reducing wait times for all requests • Expanded and accelerated vulnerability management program. Doubled scan coverage and significantly reduced missing patches across all infrastructure platforms • Managed penetration testing engagements, purple team adversary emulation. Aligned capabilities with MITRE ATT&CK framework techniques and NIST SP 800-61 framework requirements
Led identity management operations and run-and-maintain security engineering for the 3rd largest insurer in the US. • Established Application Security requirements, scanning processes and remediation cadence, reduced open vulnerabilities in external-facing systems by over half in the first year • Accelerated business delivery by reducing identity queue wait times from 3 days to same-day SLA