Aug 2025 – Present · 7 mos

• As Communication Lead, I am responsible for shaping and driving the communication strategy for our Community of Practice. I manage internal and external communication channels, ensuring that members stay informed, engaged, and connected. My role involves creating and sharing content, promoting events, highlighting member contributions, and supporting knowledge sharing across the community.

Jan 2023 – Present · 3 yrs 2 mos

Feb 2020 – May 2023 · 3 yrs 3 mos

Jan 2013 – Present · 13 yrs 2 mos · North America · Remote

• Founded and lead InfoSec Assured, a cybersecurity consultancy focused on transforming how enterprises manage digital risk. As a part-time strategic advisor and fractional vCISO, I partner with public and private sector organizations to build governance-aligned security programs, conduct architecture reviews, and drive compliance with frameworks like ISO 27001, NERC, GDPR, and PCI-DSS.
• My leadership spans across:
• Designing and delivering cloud and on-prem security architectures for Fortune 500 clients
• Performing high-impact vulnerability assessments and guiding remediation efforts
• Leading ISMS development, incident response planning, and vendor risk initiatives
• Architecting and operationalizing SIEM deployments and secure file-sharing solutions
• Spearheading security awareness training impacting over 7,000 personnel
• Alongside consulting work, I create university-level cybersecurity courses and speak regularly on topics such as governance, privacy, and digital resilience. I’ve presented at BSides Vancouver, InfoSec Train, and the BC Public Sector Risk Management Community of Practice.

Nov 2012 – May 2013 · 6 mos · Vancouver

• Provided IT Security policies gap analysis
• Developed an RFP and the evaluation process for purchasing an SIEM tool. Invited many vendors (IBM, McAfee, Logrhythm, Dell, etc) to propose their solutions. Evaluated the best candidate based on Aritiza's needs and provided a step-by-step project plan for implementation.

Dec 2011 – Nov 2012 · 11 mos · Vancouver, Canada Area

• Worked with the team to come up with the best security solutions for various clients from public and private sectors.
• Wrote many winning proposals in responses to RFPs.
• Was involved in many IT planning and IT Security planning projects.

Jul 2010 – Dec 2011 · 1 yr 5 mos · Vancouver, Canada Area

• Worked for BC Hydro's account.
• Dealt with day to day operations and also projects. Used many tools.
• Consulted BC Hydro on many projects based on ESB (Enterprise Service Bus).
• Derived vulnerability management and reduced the scores significantly.
• Attended Change Authority Board meetings as the only representative from security team. Reviewed the changes weekly.
• Performed policy reviews.
• Reviewed many projects on different ERP and SAP solutions.
• Helped organizing internal audits.
• Reported IT Security progress to senior managers of Accenture or OCIO of BC Hydro on monthly or weekly basis.

Nov 2007 – Dec 2008 · 1 yr 1 mo

• Supported their local network as an administrator and traveled overseas as an information security consultant for ALA’s customers.
• Supplied security advice to an airline company, including:
•  Access Control  Network Security  Business Continuity
•  Disaster Recovery  Risk Management  Operations Security
•  Physical Security  Backup Solutions  Cryptography
• Implemented a network of five 2003 servers and 20 clients from scratch for an accounting company, in a time sensitive project and met the one week deadline.
• Programmed NAT for a pool of five public addresses on a Cisco router. Gained valuable experience with Linux systems.
• Implemented OSPF, EIGRP and RIPv2 for several customers. Programmed VLAN and VTP for four switches.

Jan 2007 – Jan 2007 · 0 mo

• Administered Scanit local network and consulted their client on information security.
• Consulted a bank with over 2500 branches. Hired, managed, mentored and educated a group of five IT security specialists to take control over the information security issues. Performed security audits and prepared initial disaster recovery model, including
•  Threat Risk Assessment  Vulnerability Assessment (Penetration tests)  Risk Assessment
•  Disaster Recovery Planning  Business Impact Analysis  Incident Handling
•  Physical Security  Backup Solutions  Cryptography
• Consulted on IDS designs.
• Delivered software control, software life-cycle development and change control. Dealt with vulnerabilities and attacks such as:
•  Insufficient Cryptography systems  DoS  Cross Site Scripting
•  Buffer overflow  SYN flood
• Analyzed security issues of applications and portlets designed with IBM WebSphere Application Server.
• Investigated and provided technical solutions and support to management and staff in small and medium sized companies.

Jan 2005 – Jan 2007 · 2 yrs

• Network Administrator, Information Security Officer and Risk Manager 2006-2007
• Maintained, troubleshot network, software and hardware problems.
• Administered their LAN, analyzed and treated risks and developed information security policies. Was in charge of testing systems, documenting and training staff.
• Assisted users in using and installing office productivity software, including internal ERPs Microsoft Office 2003 and 2007, Outlook, MS Project and accounting applications.
• Sales Manager 2005-2006
• Hired, managed and led six sales persons. Set, prioritized and enforced sales goals and developed strategic sales plans.