Securing your assets and the data you are obligated to protect is a critical responsibility of the chief information security officer (CISO). In today’s landscape of cybersecurity threats, effective information security and risk management practices are essential to safeguard sensitive information.
My most recent engagements have involved providing insight into client and customer supply chains and conducting third-party risk assessments as a chief information security officer (CISO). This work includes identifying gaps in the Software Development Lifecycle (SDLC), offering best practices for cybersecurity and DevSecOps, as well as the creation of Software Bill of Materials (SBOMs) to enhance information security and risk management.
I am an accomplished, strategic leader in information security and risk management, well-prepared to develop, implement, and oversee all aspects of protecting information assets and technologies as a chief information security officer (CISO). I excel at identifying gaps in cybersecurity and implementing innovative, scalable solutions. My proven ability to optimize operations is demonstrated through establishing best practices and implementing process improvements. I have a track record of driving focused, high-performance teams to consistently deliver high-quality project outcomes while prioritizing resources based on risk, impact, and cost. I possess a demonstrated talent for translating and clarifying complex technical issues into impact statements easily understood by C-suite decision-makers. Organizational leaders and colleagues recognize me as an analytical and decisive problem-solver with exceptional relationship-building and communication skills. I have earned a Master of Science in IT.
Security Architect / Secure Architectures play a crucial role in the realm of cybersecurity, particularly in Supply Chain Risk Management. Conducting thorough Third Party Risk Assessments is essential for any Chief Information Security Officer (CISO) to ensure robust threat detection, identification, and remediation. Utilizing log management tools such as Splunk, LogRhythm, and AlienVault is vital for effective information security practices in a DevOps / DevSecOps environment. Implementing Software Assurance (SwA) through dynamic and static code analysis enhances security measures in Agile Software Development projects. Additionally, Cloud Computing and Security across platforms like AWS, Azure, and Google is a critical aspect of modern risk management. Networking components including routers, switches, and firewalls must be managed alongside change management and process improvement strategies. Supplier and contract management are also key in maintaining security standards. Prototyping and pathfinders are useful for developing critical infrastructure while ensuring privacy data protection. Physical security and risk management practices, along with disaster recovery and business continuity planning, are crucial for organizational resilience. Moreover, Mergers & Acquisitions Due Diligence requires specific focus on information security. Promoting security awareness and education is essential for all employees, and effective Group Policy Management and Deployment via Microsoft / Azure Active Directory helps in maintaining compliance. Finally, managing costs associated with information security projects is imperative, especially in sectors like aviation, space, and energy where security demands are heightened.
Experienced in the following frameworks and standards crucial for a Chief Information Security Officer (CISO) role: CMMC, ISO 27000 series, NIST, COBIT, PCI DSS, SOX, NERC, ITIL, GDPR, and CCPA. Additionally, I have expertise in ITAR and EAR Export Control Compliance, which is vital for information security and risk management. For financial reporting, I utilize tools like Tableau and Packaged Business Capabilities (PBCs). My background in security architecture encompasses TOGAF, DODAF, firewalls, IDS/IPS, NAC, SIEM, and wireless technologies, all essential components of a robust cybersecurity strategy.
Sign up to hear from me, your chief information security officer (CISO), about the latest trends in cybersecurity and information security, along with essential insights on risk management.
I understand the value of an executive leader’s soft skills, particularly in fostering teamwork among internal and external business partners. My experience includes building relationships with personnel working in labs, on manufacturing and operations floors, as well as engaging with senior government officials and those within the contractor community. I strongly believe in the philosophy of “Management by walking around.”
Before joining The Aerospace Corporation, I was employed at Booz Allen Hamilton, where I consulted in various areas of systems engineering and process improvement. I audited critical capabilities across different maturity dimensions, including processes, technology, and people, while integrating advanced analytics to assess a client’s effectiveness in cybersecurity and information security practices.
Additionally, I reported directly to the Chief Security Officer (CISO) at The Boeing Company, overseeing compliance with government and corporate requirements. My responsibilities included generating reports on the health of the company’s security program, preparing risk analyses, and implementing plans aimed at promoting consistency across the enterprise, all while aligning with the company’s vision, mission, and goals.
I believe one of my strongest assets is my ability to forge strong professional and personal relationships with stakeholders. I maintain connections with senior executive leadership in both government and industry, facilitating effective risk management and enhanced cybersecurity strategies.
Balancing strategic, tactical, and technical requirements to provide executive leadership with solutions based on quantitative and qualitative analysis, as well as sound risk management principles, is crucial for a chief information security officer (CISO).
· Building high-performing teams that achieve specific organizational goals is essential in the field of cybersecurity. Utilizing tactical and strategic planning helps manage resources effectively.
· Proven success in adopting a project management approach to cybersecurity for multimillion-dollar projects within global organizations has led to recognition for reduced costs and shorter schedule durations.
· Performing complex assessments and making independent decisions grounded in risk management principles is vital, all while maintaining a focus on enabling business objectives and enhancing information security.
I can communicate both technically and with a focused business acumen, always coming to the table with recommended solutions that find a way forward. My certifications as a Chief Information Security Officer (CISO), a Certified Information System Security Professional (CISSP), and my Master of Science degree in Information Technology underscore my expertise as an information security and cybersecurity professional. Additionally, I hold the certification of Project Management Professional (PMP), backed by formal training and extensive hands-on project management experience, which enhances my skills in risk management.