Senior Information, Technology, Security and Intelligence Executive
Leader with extensive experience across intelligence, technology, security, policies, standards, and solutions
Results oriented leader with the vision and talent for developing and executing business strategies as well as inspiring teams to embrace change and achieve a mission. Extensive success across a broad category of businesses. Adept at building teams and programs from the ground up and making current programs more efficient. Skilled in providing adaptive and flexible modern solutions to all elements of the business world. both corporate and government, with specific focus on intelligence, information technology and security. A trusted strategic advisor with excellent communication skills able to build collaborative relationships and influence a diverse set of stakeholders in order to achieve business objectives. Dynamic innovative leader who consistently achieves outstanding results in challenging environments, while building and fostering strategic business relationships with stakeholders, and senior leadership.
Highlights of Expertise
Ultimate Software DBA UKG, Weston, Florida
SENIOR DIRECTOR SECURITY OPERATIONS (Feb 2018 to Present)
Structure and coordinate global security operations capability, comprising introducing concepts of application rationalization in the cloud security stack (supporting SaaS), streamlining security and business such as initiating GCP/AWS/Azure cloud enabled security tools and strengthening SIEM and log collection activities across the enterprise. Supervise, motivate, and empower highly skilled staff of over 65 FTE security composed of teams in infrastructure and engineering support, global security operations center (SOC), (cyber) threat intelligence (TI), identity and access management (IAM), and physical security. Lead and manage operations team transition from publicly traded company to private equity and then through the largest tech merger in recent history ($22 billion valuation).
- Drove results in security operations processes by building data centric decision processes aligned with ISO, and the NIST Cyber Risk Management Framework.
- Led change and developed, used, and applied the MITRE ATT&CK framework, government, and industry strategies to align security operations processes across business units.
- Enhanced strategic resource understanding and busines alignment through the creation of the policy, plans, procedures, playbooks, governance and reporting structures for enterprise-wide security program.
- Enhanced security by identifying and aligning operational security requirements across the enterprise as per business needs, while containing costs and maintaining PCI, SOC, FISMA, FedRAMP, HIPAA, GDPR and various other compliance frameworks.
Department of Homeland Security, Intelligence & Analysis, Washington, DC
SPECIAL ADVISOR CYBER DIVISION & ACTING DIRECTOR (Nov 2015 to Feb 2018)
Mentored and led over 2 dozen direct reporting full time all source cyber analysts to ensure the seamless success of activities. Matrix organization consisted of several hundred collection and analysts’ employees/contractors. Consistently delivered production above goals, with award winning quality, and supported implementation of innovative analytical tools within I&A Cyber Division. Acted as preeminent professional to proactively engage with highest level of the American government. Piloted the successful integration of the intelligence lifecycle into the cyber security operations lifecycle across government and security operations users. Communicated defensive and responsive strategies for SaaS, PaaS, IaaS (public/private) environments. Pioneer in designing cyber threats and vulnerability management services to mitigate vulnerabilities across the DHS portfolio. Cultivated and sustained strong relations and partnership with FS-ISAC, FS-ARC, and ES-ISAC. Collaborated as SME for CIFIUS activities, information technology acquisition, Team Telecom, National Security Council, and various acquisition programs.
- Recognized as an integral senior intelligence leader representing DHS and the US Intelligence Community during televised (as well as classified) US Congressional hearings/briefings on the topics of critical infrastructure threats and alleged compromises of information networks supporting the 2016 presidential elections.
- Built coalitions by leading in policy, planning and documents that were briefed to the President, cabinet-level leaders, National Security Council staff, and industry leaders regarding cyber threats on highly contentious issues.
- Results realized as intelligence enterprise created, strengthened, and adapted the complete intelligence lifecycle, resulting in securing and closing an 18% production gap in FY16 and FY17 between Q2 and Q4.
- Focused on busines processes and effectively achieved results with an integral role in increasing IIR reporting evaluations by 70 percent.
- Spearheaded significant production improvements resulting in recognition by the Secretary of DHS and ODNI, for best analytical production within the US Intelligence Community.
United States Army Corps of Engineers, Washington, DC
CYBER ADVISOR & CISO (Jan 2015 to Oct 2015)
Established and led strategic operations of a matrixed worldwide enterprise cybersecurity solution. Administered a wide range of defensive cyber operations and certified the adequate coordination of cybersecurity program of record at USACE (DIACAP, RMF). Led activities with USCC, ARCYBER, and other military, intelligence, and inter-agency partners regarding ICS/IOT defensive cyber operations. Implemented and supported public cloud (SaaS) adoption and retirements of IaaS (private cloud). Built collaborative rapport and professional communication with senior USACE and Department of Army leader’s in the implementation of FISMA, DoD versions of FedRamp, NIST RMF, MITRE ATT&CK, Clinger-Cohen, OMB circular A-11/A-26, and FITARA via whitepapers, briefings and decision documents. Directed strategic policy development of security activities, incident response, and integrated intelligence practices across the enterprise.
- Led enterprise-wide change by setting strategy and operational capability for security event and incident response activity of matrixed organization with over 50FTEs.
- Actively engaged the business, implemented the policy, plans, and organizational structures for effective governance and compliance of the USACE infrastructure.
- Led diverse organization as the strategic and operational leader of the Governance and Compliance programs for the CIO with approximately 20 FTEs
- Set high level for results, managed and controlled all the aspects of cybersecurity operations practice within the OCIO at USACE, a DoD entity, serving 33K users, with worldwide operations leveraging over $20B in operations.
- Delivered business-oriented results with active functional support and assistance in the effective management of over $700M information enterprise investment, supporting critical infrastructure, financial, and engineering business lines.
Associate Professor – 2012-2015 – Purdue University, West Lafayette, Indiana
- Led, mentored, and coached on the core tactical principles and advanced strategic principles of information security in world class academic environment.
- Research focused on Digital Forensics/Incident Response, Cyber Warfare, Security Operations
- Efficiently drove results as a subject matter expert (book chapters, journal articles, interviews, etc.) on strategic and tactical information technology, information security, and national security issues.
Associate Professor – 2011-2012 – National Defense University, Washington, DC
- Led, mentored, and taught the Department of Defense, US Federal Government, and various foreign governments Chief Information (and Security) Officer Courses used to set strategy across the US enterprise.
- Research focused on Cyber Warfare, Government Cloud Adoption, Risk Management Framework
- Effectively drove results as a subject matter expert (book chapters, journal articles, conference proceedings, etc.) representing US Government strategic and operational information technology adaption, innovation, and security principles both domestically and to foreign governments.
Associate Professor – 2003-2011 – Purdue University Calumet, West Lafayette, Indiana
- Focused on results as a subject matter expert (book chapters, journal articles, conference proceedings, etc) leading the nascent discipline of information technology across the worldwide stage as founding members of ACM/IEEE governance of education and discipline
- Research focused on Digital Forensics/Incident Response, Cloud Forensics (SaaS/IaaS) and Information Technology Education
- Built coalitions and understanding of national policy while serving as the defining expert of cyber warfare as a discipline and consultant to all of Department of Defense and various specific stakeholders on non-conventional considerations of the activity of cyber warfare.
Senior Consultant 1 – 2000-2003- NCR Corporation, Denver, Colorado
- Led large highly diverse team as senior information technology consultant to chief information officers for network, application, and security primarily serving the financial and international corporation environments.
- Delivered SaaS incident response capability based on Sun Microsystems private cloud capability.
Senior Member Technical Staff – 1999-2000 – Litton/TASC (Now just TASC), Colorado Springs, CO
- Strategic/operational consultant and subject matter expert determining allocation of information technology resources for a large defense program and cooperative business minded leader driving solutions and security of those solutions
- Set aggressive results oriented agenda serving in the role of chief information officer to the program office designing and maintaining project applications and infrastructure.
Senior Program Manager – 1999 – MCIWorldcom, Colorado Springs, CO
- Led adaption and change of highly critical infrastructure as a senior leader of the architecture, application, and infrastructure Y2K updates to the MCIWorldcom customer premise equipment worldwide.
- Led, built, and managed a diverse team of over 135 program and project managers with 9 direct reports, and matrixed organization with over 6000 field service personnel.
- Focused on results, with 9 months to finish, remediated 270K customer locations, finished early, finished under budget, and finished with near zero failures.
Education & Credentials
Senior Intelligence Leadership Course, Washington DC, sponsored by ODNI
Purdue University, West Lafayette, Indiana
PhD College of Technology (Information Security/Digital Forensics)
Colorado Technical University, Colorado Springs, Colorado
MS Computer Science Software Systems Engineering
Huron University, Huron, South Dakota
Bachelors of Science, Computer Science
Certifications: Certified Information Systems Security Professional (CISSP #367558), Present | US Intelligence Community Top Secret/SCI Clearance (2016), DHS Suitability, CI Polygraph (2016)
Committees, Commissions, Directorships, Memberships, Volunteer
2020 to Present Board of Directors Gamayun a 501c3
2008 to 2017 Committee Member, NATO Cooperative Cyber Defence Centre of Excellence, Conference, Tallinn, Estonia
2014 to 2017 Member of the IT/Multimedia Scientific Area Committee within the Organization of Scientific Area Committees (OSAC)
2012 to 2016 Member of USACM (required to stop while in a policy position at DHS)
- Digital Government Committee
- Privacy and Security Committee (2015 split into separate committees)
2008 to 2016 – Committee Member, International Conference on Information Warfare and Security
2003 to 2014 – Member of SIGITE (Special Interest Group Information Technology Education)
2013 Reviewer for “The Dutch National Science Foundation (NWO)”
2011 to 2012 Member of US Government Special Workgroup on Risk Management Framework
2012 Reviewer updated 4011 standards on information security hiring, morphed into NICE initiative.
2013 Reviewer for “Workshop on research for insider threat (WRIT)”, San Francisco, CA
2012 – Track Chair, Small Scale and Digital Devices, International Conference on Digital Forensics & Cyber Crime
2007 to 2010 – ISO/ANSI TAG TC 223 “Societal Security” subject matter expert technology representing the United States