Since 2018, performed DFARS and NIST SP 800-171 compliance assessments and program development to ensure the confidentiality of Controlled Unclassified Information (CUI) for a number of DIB clients.
Performed Security Maturity Assessments using the FFIEC Cybersecurity Assessment Tool (CAT), NIST Cybersecurity Framework, and ISO 27001/27002, measuring the maturity of process implementation against the Carnegie Mellon University Capabilities Maturity Model (CMM).
Worked at the senior management level with over 20 years of experience providing IT Security and Privacy Management to the government, finance and manufacturing industries.
Served active duty as a Colonel in the US Army where holding positions as the Inspector General, Director of Audit and Investigations, and the Chief, Enterprise Solutions in the Information Operations Division for the Defense Logistics Agency.
Served as the Deputy Chief of Staff for Information Management, a CIO equivalent, for the Northeastern United States with the US Army Reserve Command.
Assisted a $4B manufacturing company in performing Sarbanes Oxley IT assessments of newly acquired subsidiaries internationally to determine current state of security and provide remediation assistance and process improvement.
Over 25 years risk management and Cybersecurity consulting experience.
Nearly 10 years with Big 4 firms Deloitte & Touche and PWC, performing Cybersecurity assessments and program implementations for commercial sector companies, including financial services, life sciences & healthcare, and technology & telecommunications sectors.
Over 10 years experience working in the federal government sector, including DoD, VA, and the White House.
Over 10 years working in Governance, Risk, and Compliance (GRC) technologies and program development.
Experienced Chief Information Security Officer (CISO), having established and matured a formal Cybersecurity program for a Medicare and Medicaid healthcare insurance provider.
Developed and managed Cybersecurity audits of IT departments at a larger financial services sector.
Developed a managed identity services business for a global financial services organization.
Established Cybersecurity and identity management businesses.
Has worked on incident response teams to gather forensic evidence and assist in the recovery efforts of large companies targeted by ransomware, email account breaches and other exploits.
His expertise includes threat hunting and endpoint detection and response (EDR) for potentially infected machines, secure email and email filtering with Barracuda and Proofpoint, and next-generation antivirus products including Carbon Black and CrowdStrike.
He has operated a Tier 1 / Tier 2 help desk and provides security training.
Is skilled in Windows upgrades and migrations, rebuilding servers in both Windows physical and virtual environments, Office 365 administration, Unix-based operating systems, hypervisors, troubleshooting network issues, multi-factor authentication (MFA) implementations, installation of data communication network including cabling, wireless routers, VPNs and telephone systems.