Oct 2024 – Mar 2025 · 5 mos

• Provided strategic and technical guidance to continue setting new standards in API and application security to help ThreatX lead the way in proactive, automated defenses that keep businesses ahead of emerging threats. They were purchased by A10 Networks in March 2025.

May 2024 – Present · 1 yr 10 mos

• Provide open and honest feedback Rapid7's suite of products and articulate possible enhancements and improvements, as well as discuss market analysis and recommendations.

Nov 2020 – Present · 5 yrs 4 mos · San Diego, California, United States

• Recruited to perform the role of the Chief Information Security Officer to develop, grow and improve enterprise cybersecurity and risk management practices and policies to ensure global services have robust controls and risks related to software and IoT product development, security architecture for IT/OT/Cloud, crisis management, data privacy and digital risk, information assurance, AI governance, and regulatory compliance are managed appropriately.
• Founded in 1988, FFF Enterprises, Inc. is a privately held, multibillion-dollar specialty pharmaceutical distributor and diversified healthcare company. FFF Enterprises is the parent company of leading specialty infusion pharmacy Nufactor, Inc., as well as RightNow Inventory™, our inventory management program based on IoT and SaaS technology. Our partners and customers include global pharmaceutical and biopharma manufacturers, prestigious healthcare systems, large and independent retail pharmacies, and leading alternate care sites.

Aug 2020 – Apr 2024 · 3 yrs 8 mos · Atlanta Metropolitan Area

• Advisory board member serving as a strategic guide for cybersecurity, privacy, and risk management.
• Allbound’s partner-centric technology is driving the future of global channel success. The company’s SaaS based partner relationship management (PRM) platform is a powerful solution focused on the partner life cycle from onboarding, training, enablement, and pipeline management that together enable businesses to put partners first.

Sep 2018 – Aug 2020 · 1 yr 11 mos · Atlanta Metropolitan Area

• Recruited to both serve as the CISO to build and manage the cybersecurity, risk, and privacy programs as well as to assist in product roadmapping and evangelizing the Apptega cybersecurity management software product. Reported to the CEO.
• Apptega is cybersecurity management software that makes it easy for businesses to build, manage and report cybersecurity – saving hundreds of hours of manual administrative work while providing unprecedented visibility and control of your entire cybersecurity program.

May 2018 – Sep 2018 · 4 mos · Greater San Diego Area

• Founded Sunset Cybersecurity to offer a Fractional CISO services that focused on implementing or augmenting cybersecurity, data privacy, and risk management programs for SMBs or subsidiaries of larger organizations. Projects included:
• ◦ Acted as CISO for both internal and external functions for client companies
• ◦ Developed and improved cybersecurity, data privacy , and risk management programs
• ◦ Prepared and led clients through SOC2 and ISO27001 audits and initial certifications
• ◦ Aligned data governance programs to GDPR controls including privacy impact assessments
• ◦ Implemented third-party risk management programs including due diligence during onboarding

Nov 2015 – Jan 2018 · 2 yrs 2 mos · Greater San Diego Area

• Hired on to develop and implement the overall company strategy for GRC security solutions and service offerings, manage the consulting team, and assist with internal operations from marketing to resource management. Additional duties include being the technical resource throughout the sales process from pre-sales to post-sales implementation, acting as Principal Consultant for advisory on high visibility projects, researching and evaluating new security products, and to work with client’s management teams to identify and propose solutions for any Security or GRC tools or services needs. Mentored junior consultants on project management, consulting engagements, and trained all consulting staff on cybersecurity fundamentals.
• Highlights: Advisory Chair on the Board of Directors; Created and delivered a presentation which closed our largest deal in history with a large financial firm

Dec 2013 – Nov 2015 · 1 yr 11 mos · Greater San Diego Area

• Hired on to perform the role of the CISO to run the security program which included development, implementation, and testing of information security policies, standards, and controls based on risk analysis of being a SaaS solution provider to Fortune 100 and Global Fortune 100 companies. Also acted as a liaison for internal and external customers to negotiate security requirements and compliance on RFPs, legal contracts, and 3rd party external audits as well as articulate complex information security concepts to senior executives and non-technical employees clearly through developing a Security and Privacy Awareness program. Additionally worked closely with the executive team to align our Business Continuity Program with ISO22301.
• Highlight: Successfully transitioned MIR3 to the ISO27001:2013 standard and achieved certification.

Jul 2013 – Sep 2013 · 2 mos · San Diego County, California, United States

• Hired on to help redesign business processes for the Enterprise Identity Access Management group, move these processes to Sailpoint's IdentityIQ IAM system, and assist the team in closing out the access and provisioning/deprovisioning audits for SOX and SSAE 16 compliance for the fiscal year.
• Highlight: Identified previously unknown audit gap for user access management for UNIX\Linux systems

Mar 2013 – Jun 2013 · 3 mos · Greater San Diego Area

• Hired on to help with an eGRC implementation project using RSA Archer to support managing corporate policies and controls, assessing and responding to risks, and reporting on compliance both internally and with regulatory agencies. Primary focus was on business processes within Information Security Engineering and Enterprise Risk Management while keeping a holistic view of the different Archer solutions such as Audit Management, Compliance Management, Policy Management, Incident Management, Threat Management, and Vendor Management.
• Highlight: Worked with the project lead to design a customized solution for SCADA/ICS InfoSec Engineering engagements

Aug 2012 – Jan 2013 · 5 mos · Greater Denver Area

• Hired on to spearhead the PCI and LAN Standardization project for the Four Seasons Hotel Group due to experience with PCI project management, network security, and work within the hospitality industry. Worked with Four Seasons IT Directors to identify gaps, created remediation plans, and traveled onsite both nationally and internationally to reconfigure networks and systems to close any gaps.
• Highlight: Led the first successful project for a Four Seasons hotel and was asked to present my project plan, method, and opinions on how to replicate success going forward to executive teams from both Four Seasons and Trustwave.

Aug 2011 – Aug 2012 · 1 yr · Greater Denver Area

• Hired on to provide consulting for clients on SIEM design, installation, and tuning to ensure accurate and timely incident response as well as to assist clients with regulatory compliances such as PCI, HIPAA, and SOX as well as other IT governance needs.
• Highlight: Created complex automated installation roll-out using Powershell to deploy agents to deploy agents to thousands of distributed endpoints for a large restaurant chain.

Sep 2006 – Dec 2010 · 4 yrs 3 mos · Greater Denver Area

• Initially hired to audit internal networks and systems for security holes, redundancy, and network optimization to prepare for PCI compliance but after presenting step by step documents on remediation based on risk and priority I was promoted to manager to carry out these tasks and run the IT department.
• Highlight: Worked with executives and SMEs to design a technologically feasible project plan for an Online Annual conference for our members which brought in an additional 20% in revenue and was considered a huge success by our members and executive team.

Feb 2005 – Aug 2006 · 1 yr 6 mos · Greater Denver Area

• Initially hired on part time but was brought on full-time within a month after presenting several ideas to alleviate risk through security, redundancy, and process re-engineering which led to running the PCI compliance project with an external QSA.

May 2004 – Apr 2005 · 11 mos

• Hired on to redesign processes for large scale photo labs such as Paramount Studios and large format printing companies by implementing automation software, SANs, and redesigning their LANs.

Dec 2002 – Jun 2003 · 6 mos · Austin, Texas

• Hired on to secure their ISP environment by utilizing open source software and tools. Migrated to Linux IPchain based firewalls and BIND DNS servers from the slower and more costly Microsoft solutions.

Dec 1999 – Jan 2001 · 1 yr 1 mo · Austin, Texas

• Initially hired on to Wayport as a Network Administrator but was quickly promoted due to advanced knowledge in networking to design LANs for hotels using Ethernet, Fiber, HPNA, and Wireless solutions. Wayport was purchased by AT&T.
• Highlight: Designed the first wireless networks for airports, Austin Bergstrom and Sea-Tac, along with the CTO.

Jun 1997 – Dec 1999 · 2 yrs 6 mos · Austin, Texas

• Hired on due to previous ISP call center experience and quickly was relied on to manage the floor when teamleads or management was unavailable.