Mar 2023 – Mar 2025 · 2 yrs

• Built and led company-wide security program and team known for responsive and approachable support. Created a security-conscious company culture, with embedded security champions across the organization.
• Achieved ISO 27001, SOC 2, and GDPR compliance. Implemented policies, procedures, and technical controls. Lead compliance efforts and yearly audits.
• Met with major customers to discuss details of the security program and completed customer security questionnaires, enabling the business to rapidly close deals.
• Advised business on risk and conducted reviews for Third Party Risk Management program.
• Worked with General Counsel on customer contract reviews.
• Conducted daily security operations including administration, monitoring, and response on all security tools. Toolset included Crowdstrike, Kandji, Google Security Command Center, Netsparker/Invicti, Github, and others.
• Lead Vulnerability Management and Incident Response programs.
• Delivered customized security education and outreach.

Apr 2018 – Feb 2023 · 4 yrs 10 mos

• Created and oversaw the organization's security program, building a team across the company that obtained ISO 27001 and SOC 2 certifications. Established and maintained robust policies, processes, and technical safeguards. Directed compliance initiatives and managed recurring audit activities.
• Engaged directly with key clients to present the security framework and handle security questionnaires, helping to accelerate the sales process.
• Provided strategic guidance on risk matters and carried out assessments as part of the Third Party Risk Management efforts.
• Collaborated with legal counsel to review customer agreements from a security perspective.
• Managed day-to-day security operations, including configuration, surveillance, and incident handling across a range of security tools such as Crowdstrike, Kandji, Obsidian, Google Security Command Center, Netsparker/Invicti, and Github.
• Led programs focused on vulnerability remediation and incident response.
• Created and delivered tailored security training and awareness initiatives.
• Set up and maintained physical security systems, including video surveillance and access badge infrastructure.

Mar 2014 – Nov 2017 · 3 yrs 8 mos

• Successfully moved enterprise to LISA, one of the first Zero Trust architectures outside of Google. Directly responsible for driving entire project including devising strategy, designing security architecture, coordinating multiple teams, setting timelines, communication, marketing, and evangelism.
• Set strategic direction for global endpoint and network security. Socialized significant changes via collaboration, debate, and company-facing memos. Evaluated, implemented, and administered global endpoint and network security toolset. Products included Carbon Black, SentinelOne, Cyphort, ProtectWise, Palo Alto Networks, Elasticsearch, and Kibana.
• Assisted in creation of vendor security review program and conducted reviews.
• Provided risk assessment and security guidance to teams across the enterprise.
• Conducted incident response activities including network and host forensics.
• Generated content for security awareness training.
• Provided guidance and feedback to Venture Capital firms and numerous security startups.
• Served on Customer Advisory Boards for Cyphort and SentinelOne.

Jul 2007 – Apr 2008 · 9 mos

Apr 2006 – Feb 2014 · 7 yrs 10 mos

Feb 2002 – Mar 2006 · 4 yrs 1 mo

Jan 1999 – Jan 2002 · 3 yrs

Jul 1996 – Sep 2000 · 4 yrs 2 mos