A cyber security senior leader with deep skills in large scale architecture and development. Ensuring Information Security addresses business and cyber security requirements by defining the strategies, goals, and tactics for the enterprise. Responsible for ensuring project's cyber security controls and processes are increasing business value. Founded and led teams in Application, Cloud, and Mobile Security. Leader of the National Defense Information Sharing and Analysis Center (NDISAC) Mobile Security Working Group.
Authored Information Security strategies for Authentication, Secure Software Design and Development, Authorization, Risk Management, and Application Security Protection. These strategic plans for IS are utilized for security control gap analysis, long range business planning, and budgeting.
Lead security officer for development of Android, iOS, and factory floor networks. Securing authentication, email capabilities, firewall, reverse proxies, network enclaves, and PKI. Authored security requirements and design of highly-advanced architecture, data and information management systems and components. Holds a patent in threat modeling and a invention disclosures in information security.
Chief security architect for critical security systems. Created and deployed architectural security review processes for use within companies. Authored the enterprise process for external cloud computing hosting systems in IaaS, PaaS, and SaaS. Created architectural templates for Federation, SAML, OAuth, and RSA Secure token (OATH). Process reviews export control licensing (ITAR/EAR), enterprise architecture, infrastructure, intellectual property, SOX, and PII.
Holds a master degree in software engineering, authored the ISC2 CSSLP courseware, content reviewer for the CISSP courseware, spoken at RSA Security Conferences, and has been a teacher at several SANS Security events.