I'm an enthusiastic New York-based information security guru. I dabble in all things security-related and have recently expanded my expertise into data privacy and digital forensics.
A little more information about me...
This is a rough assessment of where I am in my career development, taking into account the skill sets I am still seeking to further develop.
2018 - Present
Design and execute a security/compliance roadmap with NIST, FFIEC, SOC-1 and SOC-2 controls for the entire organization. Partnering with Engineering and IT to expand security programs such as penetration testing, bug bounty, and vulnerability scanning to scale. Working with sales on scaling internal SOC-2 program. Leading Incident Response and Security policy programs.
2015 - 2018
Responsible for development and execution of IT security strategy initiatives. Leveraging CIS Top 20 Critical Security controls to isolate high-profile security risks and design/execute security strategies to mitigate. Developing/executing corporate security training. Driving Security risk assessments across IT & Infrastructure and developing program strategies to address key risk areas and vulnerable environments.
Built and Managed a team of four in the development and execution of compliance strategy initiatives. Drove initial assessments of compliance/audit impact from Public Offering state. Developed and Maintained the IT components of annual SOX assessments (policy/process ownership and collection, organization, and distribution of audit material). Reduced budgetary costs by 20% by developing reliance strategies and streamlining internal/external audit processes.
2011 - 2015
Responsible for driving Security/Data Privacy and Regulatory compliance across IT programs. Developed and supported ongoing security risk reduction strategies through organizational procedural changes.
2007 - 2011
Responsible for driving operational security for Citi North America, with a focus on managing operating system vulnerabilities across 200,000+ systems. Reduced IT risk by nearly 90% by streamlining patch management efforts and coordinating processes among system owners.
San Francisco, CA
New York, NY
Phone: [redacted due to spam]