Senior information security leader with 17+ years of experience helping numerous entities including Fortune 500, non-profit, tech start-up, financial services, and healthcare organizations meet their security, privacy, and business needs by helping to define strategic goals, develop road maps for more functional, mature, and secure programs, address immediate issues, and drive implementation of practical security solutions.
Prior Roles
Partner at KRAA Security, Co-Founder and Partner at Symosis, Director at Accuvant / Optiv, Managing Principal at McAfee, Principal at Foundstone
Relevant Expertise
Security Program Strategy
Security consulting and advisory for 18+ years worked with 100+ Fortune 500 companies, SMB and non-profits on security program development, enterprise risk and cybersecurity in M&A
Enterprise Risk and Compliance
Risk and Risk management, Compliance – ISO, FedRamp, NIST, PCI, HIPAA, Third Party Risk
Threat & Vulnerability Assessment
Security Assessments, Penetration Testing, Application, Mobile and Cloud Security
Security Architecture & Implementation
Security Requirements, Threat Modeling, Enterprise Architecture, Data security
Security Education
Previously SANS / Global Knowledge Instructor, Security Awareness Training, Security Training for Developers
Author & Contributor
Hardening Code: Bulletproof Your System Before You Are Hacked
Hacking Exposed: Web Applications
Exploiting Software
How to Break Web Security
Speaking
RSA Security Conference
Security World Expo
OWASP Leadership Conference
Local ISACA, ISSA conferences
Certification: CISSP, CISA, CISM, C-CISO, ISO 27k certified professional
Board Member: ISACA Silicon Valley, Previously OWASP