Jan 2025 – Present · 1 yr 3 mos · United States · Remote

• I network at the intersection between venture capital, early stage cybersecurity startups and growth stage companies. With 25 years of cybersecurity experience, I help growth stage companies implement pragmatic risk management initiatives, early stage cybersecurity product companies develop product and go-to-market plans and investors identify potentially high value opportunities in a complicated global market.

Sep 2024 – Nov 2024 · 2 mos · Irvine, California, United States · On-site

• Short term engagement as Chief Information Officer (CIO).
• Member of executive team that redefined the company strategy and direction. Partnered closely with CEO, CFO and Heads of Product, Operations, Credit, Marketing and Sales.
• Advised Product teams on improvements to existing customer on-boarding process to reduce cost and improve customer quality.
• Reviewed AWS production environment architecture and identified opportunities to improve resilience of critical systems and third party integrations.
• Identified opportunities to reduce fraud and credit risk with Product, Risk and Credit teams.

Oct 2023 – May 2024 · 7 mos

• Continued with previous responsibilities as a senior member of the security team but also successfully completed FINRA licensing completing the SIE, Series 7 and Series 24 licenses.
• Responsible for identification, escalation and remediation of risks in areas such as identity and access management, vulnerability management, data protection and data loss prevention. Led an exercise to conduct a region based threat model to inform future business expansion initiatives as well as partnered closely with engineering teams to design and implement innovative security solutions to meet international standards like GDPR.

Oct 2022 – Jul 2023 · 9 mos

• Given additional responsibilities due to security team restructuring. Led the privacy engineering team responsible for compliance to global privacy processes such as data subject access and deletion requests. Also responsible for leading the team in charge of building the foundation of a Data Governance Program across the enterprise.

Aug 2021 – Oct 2023 · 2 yrs 2 mos

• Joined the company as a member of the Board of Managers of Robinhood Money with the President, CFO, COO and Head of Product. Contributed to product strategy, go to market and growth plans.
• One of 6 senior members of the 100+ staff Security and Privacy team. Mentored and coached leaders building multiple programs including Privacy Engineering, Data Governance, Data Loss Prevention, Vulnerability Management and Identity and Access Management.
• Redefined the information security program in line with federal and state cybersecurity requirements including SEC, FINRA, NYDFS, CCPA, NIST CSF, PCI-DSS, etc.
• Created business continuity plans, information security policies and cybersecurity standards in line with business needs and regulatory expectations.
• Implemented the firm-wide Data Loss Prevention program, processes and technology.
• Led a cross functional team to define and implement the Data Protection Strategy for Robinhood. This included governance and engineering functions to meet CCPA and GDPR compliance.
• Hired and grew a team of professionals focused on risk management, vulnerability management and compliance.

Feb 2020 – Aug 2021 · 1 yr 6 mos

• Led efforts to prepare for regulatory examination from the Office of the Comptroller of the Currency (OCC) leveraging GLBA, FFIEC CAT and NIST CSF rules and frameworks. Achieved sufficient level of maturity in the program to pass regulatory examination without significant findings.
• Conducted Board Member education and walkthroughs of the redesigned information security program to gain buy in and support. Invited back to present on changes and continued improvements with the head of the Audit and Risk Committee monthly.
• Led incident response using cross functional teams including Fraud, BSA/AML, Engineering and Security Operations.
• Implemented processes and systems through collaboration across the business including Legal, Finance, HR, Technology, Engineering, Product and Risk.
• Advised and directed technical security tooling implementations in software development lifecycle (CI/CD), network monitoring and detection and response.
• Hired and retained a security risk management team responsible for continued oversight of cybersecurity risk management and compliance activities.
• Conducted annual processes to certify to industry standards, certification and audits such as PCI-DSS and SOC2.

Dec 2016 – Nov 2019 · 2 yrs 11 mos

• Managed the approximately $10m security budget across staff, technology and third-party service providers.
• Increase budget ROI through outsourcing partners and service providers while maintaining the core team of experts internally.
• Managed incident response in conjunction with Legal, Compliance, Technology and Third Party Service Provider teams.
• Collaborated with cross-functional teams to ensure the program met expectations of clients, regulators and business stakeholders.
• Demonstrated subject matter expertise through quarterly Board meetings at each global location as well as presentations and walkthroughs with large client account teams.

Aug 2014 – Dec 2016 · 2 yrs 4 mos

• Designed and built core capabilities including vulnerability management, identity and access management, security operations, incident response and third-party risk management.
• Responsible for over $2m in cost savings during first year.

Jan 2012 – Aug 2014 · 2 yrs 7 mos

• Interim CISO at global technology supplier, distributor and services organization for 3 months and improved internal security review processes, architecture and relationships between security and technology.
• Interim CISO at PIMCO prior to joining full time. Recognized for leadership and stakeholder management skills and invited to “change badges”.
• Worked closely with senior partners to clarify customer needs and define project scope, work, execution and final completion. Average deal flow of $30m per year with $10m in sales in 2013 and 2014.
• Asked to assist on projects that were not going as well as they could. Leveraged stakeholder and project management skills to realign scope and expectations with customers and re-staffed teams.
• Revamped global IT risk management program at global insurance provider with multiple subsidiaries.

Aug 2010 – Jan 2012 · 1 yr 5 mos

• In this role I performed a wide variety of duties including project manager of an identity and access management strategy development project, consultant responsible for creation of a PCI compliance strategy, facilitator for risk assessment workshop sessions and career coucelling manager for junior staff. The following is a sample of successfully completed projects:
• Developed an IT security strategy for one of the states largest water distributors.
• Reviewed and improved the IT security strategy of a large mining companies.
• Identified areas of improvement in overall IT policy framework, content and implementation strategy.
• Project managed and provided subject matter expert expertise in the improvement of information security governance practices. Worked with Execurity Management to understand requirements and design the operating model, governance framework, review the appropriateness of policy documentation and develop initiatives including a control self-assessment program.

Jul 2009 – Aug 2010 · 1 yr 1 mo

• This role saw me assist a national sales team with marketing strategy development, pre-sales activities and proposal development as well as leading the delivery of consulting work with clients in Melbourne, Sydney and Brisbane.
• Consulting engagements included business process re-engineering, security strategy development, information security management system framework definition and policy/process definition/review. To keep my hands dirty, I was quite involved in vulnerability and penetration testing as well as security architecture reviews.
• During this time, DLP (Data Loss/Leakage Prevention) has become the new buzz in the industry... so much so that I gave a presentation on this as a joint marketing initiative with RSA.

Mar 2009 – Jul 2009 · 4 mos

• Oversaw core security consulting services, including business development, client management, vendor management, process improvements, and project implementations. Conducted information and physical security assessments for clients in diverse industries. Performed technical vulnerability assessment and penetration testing.

Jul 2008 – Feb 2009 · 7 mos

• Served as “Security Designer” and architecture implementation lead for multiple projects. Identified Internal risks and treatment, creating policies to enable firm to be ISO 27001 certified. Implemented technology solutions for some of Australia’s largest banks.

Jan 2004 – Jan 2008 · 4 yrs

• Managed a team of 10 to create firm’s global information security practice. Oversaw resource planning, project implementation, budgeting, business case development, vendor relations, and operations.
• Defined and document the Corporate Information Security Policy to ensure effective controls were implemented to protect critical business information, processes and technologies.
• Developed a proven Information Security Strategy with input from various areas of the business to ensure movement towards compliance with required regulatory requirements including FSA UK and PCI DSS as well as ISO 27001 guidelines.
• Conducted risk assessments of various business locations, processes, applications and systems including in-house developed applications and assessments of third party applications/solutions/agreements.
• Championed security, conducted education and awareness sessions with all areas of the business from executive management to technical staff and call center operators.

Nov 1999 – May 2004 · 4 yrs 6 mos

• Joined IBM Global Services Australia as a HP-UX and AIX Security Administrator. Changed roles in 2000 to focus on Information Security Risk Management through implementation of technical controls across large fleets of UNIX and Linux servers for some of Australia's largest banks and airlines.
• Advised IBM account management and clients on security improvements, controls, and policies. Planned and executed quarterly information security risk assessments and policy gap analysis.