Raleigh-Durham-Chapel Hill Area
I build and improve cybersecurity programs in complex, regulated environments. For more than 25 years, I have helped commercial organizations, U.S. Federal Civilian Government as well as DoD strengthen security operations, reduce risk, improve compliance, and turn fragmented security tooling into practical capability. I currently lead a team of cybersecurity engineers in support for HUD OIG, with hands-on responsibility across Splunk, Tenable, CyberArk, CrowdStrike, operations automation, vulnerability management, and infrastructure security. Previously, I supported DoD and other public sector customers at AWS Professional Services as a Senior Security Consultant and later as Engagement Security Leader. I am strongest where strategy meets execution: building repeatable processes, improving detection and response, prioritizing vulnerabilities, aligning security work to NIST and FedRAMP expectations, and removing blockers so teams can actually deliver. Certifications: CISSP-ISSAP, CCSP, AWS Security (currently pending renewal), AWS Solutions Architect Clearance: DoD Top Secret
In this role in the HUD OIG Office of the Chief Information Officer, I report directly to the CISO. I lead a team of contracted cybersecurity engineers. Together with my government counterparts, we manage and improve the day to day operational security of the agency's nationwide infrastructure, and plan out future improvements. I support ATOs, vulnerability management, and other compliance efforts. I research and implement improvements to their security posture, and do so using a diverse toolset including Splunk, Forescout, CyberArk, and Tenable Nessus.
In this role, I provide leadership through pre-delivery security reviews, and business risk analysis of opportunities in the business development pipeline. I work closely with my business owner, engagement leads, and customers to advocate for and implement security best practices throughout the Professional Services engagement lifecycle.
In my role as a AWS Professional Services consultant, I am an individual contributor to teams building cloud environments for customers. It is my responsibility to ensure that all deliverables raise the proverbial bar in terms of security, but also help our customers assess their overall security posture in the cloud. I have the tough conversations with them, and help them improve their overall organizational and infrastructure security where I can.
I re-architected and optimized the Department of Veterans Affairs PIV enrollment system. I implemented FIPS201 policy changes, and was instrumental in getting several enhancement tasks awarded, as well we one recompete of the base contract. I currently still consult for the Department of Veterans Affairs. I am the day-to-day subject matter expert and consultant to the VA on matters of system enhancements. I laid the groundwork for the Department of Defense for a migration to AWS’s FedRAMP compliant GovCloud for one of the programs run by the Army and Army National Guard (ATTRS). For Cerner Corporation’s Electronic Health Records systems (EHRM), I rewrote an internal vulnerability scan ingestion engine and contributed to building an internal vulnerability management website to help Cerner's security analysts with their daily task load. I assisted the Accenture Federal Services and the Department of Education by reviewing and cowriting their implementation documents for elevated privilege access tokens. My focus was on the overlap between the various federal standards and guidelines that govern the use of these tokens, ensuring compliance. I enabled the use of smartcard authentication for ASM Research corporate resources, and wrote the corresponding support documentation and processes for internal ASM IT support personnel. I worked with CA (now: Broadcom) Professional Services developers and HID Professional Services developers, analyzed closed source, and delivered bug fixes for inclusion in production releases of respectively CMS and CA Directory products. I worked closely with ImageWare Professional Services, a Canadian biometrics company, and their developers to update biometric fingerprint capture application code to support newer Windows platforms and Java (security) baselines. For our VA Digital GI Bill contract, I am currently engaged to implement STIG configurations using Ansible and Jenkins pipelines.
Responsibilities included the ongoing support of the Department of Veterans Affairs' HSPD-12 PIV card issuance and card management systems. This FICAM environment was comprised of 100+ virtual machines running in VMWare. It managed the card life-cycle of over 400,000 VA employees, contractors and affiliates. Among other things I managed the creation of a new PIV disaster recovery environment for VA, and was engaged to bring the ActivIdentity CMS system in-house. VA was a subscriber of Card Management System (CMS) services provided by Verizon Business. I was also the responsible party for J2EE code fixes and code enhancements for the VA PIV system.
I integrated external PIV and CAC PKI capabilities and authentication mechanisms into U.S. Treasury datacenter infrastructures, and provided ongoing support for my earlier implemented internal PKI solutions.