Bethlehem, Pennsylvania, United States
I am a seasoned Chief Information Security Officer with 20+ years of experience. Recognized for demonstrating a natural aptitude for developing and implementing comprehensive security strategies, mitigating cyber threats, and ensuring compliance with global security frameworks and data protection standards, I have a verifiable history of contributing directly to company well-being and success throughout my career. As such, I have consistently exceeded performance goals and I am adept at achieving consistent, quality results. Professional focal points include security policies, procedures, and controls, cyber incident response, risk management and mitigation, governance, disaster recovery, and business continuity. Delivering superior administration on the latter areas of expertise requires utilization of effective communication skills, analytical skills, as well as technology acumen, leadership, team building, and public speaking to support efficiency and maximum returns. Currently, I am the Chief Information Security Officer with The Investment Center, Inc. Under my leadership, I design and implement comprehensive security strategies that effectively identify, prioritize, and mitigate security risks. I also develop and deploy advanced systems and processes to detect, prevent, and recover from cyberattacks to strengthen the company’s defense posture. In addition, I liaise with senior leadership, teams, and stakeholders to ensure the company’s cybersecurity support structure is driving the business forward to achieve established objectives. Colleagues describe me as an innovative, dedicated, driven, cybersecurity expert who can be relied on to offer superior solutions that deliver quality and timely results. I am interested in connecting with former colleagues and managers, as well as other professionals in my field. Feel free to contact me through this profile if you wish to connect. I am pursuing new opportunities and can be reached through this profile.
Helping organizations stop treating cybersecurity like an IT problem and start treating it like a business risk, leadership, and resilience challenge. Work directly with executives, business leaders, IT teams, and clients to build practical, real-world cybersecurity programs that actually improve security posture instead of just checking compliance boxes. Focused on bridging the gap between technical teams and leadership by translating complex security issues into business conversations organizations can understand and act on. Areas of focus include: • Virtual CISO (vCISO) leadership and strategic security advisory • Cybersecurity governance, risk management, and executive reporting • Security program development and maturity improvement • Incident response planning, ransomware preparedness, and tabletop exercises • Cyber resilience and business continuity strategy • Security assessments, third-party risk, and security questionnaire guidance • Zero Trust, identity security, cloud security, and modern security architecture • Cyber insurance readiness and risk validation • Executive workshops, public speaking, and cybersecurity leadership education Known for bringing a straight-forward, business-first approach to cybersecurity, helping organizations cut through noise, fear-based messaging, and checkbox security to focus on what actually matters.
•Establish a consultancy specializing in developing and delivering tailored cybersecurity strategies to safeguard client businesses against threats and align their security practices with broader regulatory requirements. •Provide comprehensive virtual Chief Information Security Officer (vCISO) services to small and mid-sized businesses by offering expert guidance on risk management, security governance, and compliance frameworks. •Design and deploy comprehensive security programs encompassing data protection, incident response, and disaster recovery protocols, minimizing downtime and safeguarding business continuity for clients. •Advise organizations on mitigating cybersecurity risks, conducting vulnerability assessments, and implementing industry best practices to enhance their security posture. •Deliver security awareness training and strategic consulting services to foster a proactive security culture within organizations as well as help clients comply with NIST and GDPR frameworks as well as ISO standards.
As an Expert, I provide strategic advice and guidance to the investment team and founders within the Primary portfolio and broader network. Experts enjoy access to early-stage businesses, emerging trends and technology, and an expanded network of exceptional leaders and resources through a top-tier seed-stage firm. Primary is New York City’s premier early-stage venture firm working alongside founders to build unicorns like Alloy, Alma, Chief, Dandy Electric, Latch, K Health, Stellar Health, Slice, and many more.
•Chart successful course of developing and executing a comprehensive security strategy that effectively identifies, prioritizes, and mitigates security risks while ensuring alignment with organizational goals and regulatory requirements. •Developed and deployed advanced systems and processes to detect, prevent, and recover from cyberattacks, significantly enhancing the company's cybersecurity posture. Key implementations included introducing Darktrace for anomaly detection in 2014 and transitioning from Microsoft Active Directory to a password-less environment using Okta and Zero Trust architecture with zScaler and Beyond Trust. •Identity Access Management (IAM) & SSO Implementation: Led the integration of Okta for seamless SSO and implemented federation standards including SAML, OIDC, and MFA to secure user authentication and improve access management across the enterprise. •Ensured best practice configuration standards for both Windows and Linux operating systems, as well as core network devices (Active Directory, DNS, DHCP) to mitigate risk. •Incident Response & Business Continuity: Designed and implemented incident response and business continuity plans, including creating playbooks and conducting table-top exercises. •Enforced ongoing compliance with frameworks such as NIST CSF, CSA, CIS, GDPR, and 23 NYCRR 500. Spearheaded risk management initiatives to ensure cybersecurity risks were well-documented, assessed, and remediated within the organization's risk appetite. •Conducted threat exposure monitoring using Open Source Intelligence (OSINT) techniques to identify actionable information on the dark web, hacker forums, Telegram groups, AWS buckets, pastebins, and Git repositories. •Cross-Functional Collaboration & Communication: Partnered with cross-functional teams to integrate security initiatives into business and legal objectives, and effectively communicated network security issues to peers and senior management.