Jun 2021 – Oct 2023 · 2 yrs 4 mos

Jun 2020 – Jun 2021 · 1 yr

Mar 2019 – Jun 2020 · 1 yr 3 mos

Dec 2016 – Mar 2019 · 2 yrs 3 mos

Jul 2016 – Dec 2016 · 5 mos · Lean Techniques

• Lead the Enterprise Security by Design (SbD) initiative and coordinated the adoption of SecOps/DevOps best practices into the continuous deployment/integration for teams across US and Internationally.
• Developed and delivered team and organization training materials and workshops, building knowledge and skills to facilitate the SecOps/DevOps transformation.
• Wrote compliance and legal mapping polices/procedures and standards to articulate how SecOps/DevOps were meeting and exceeding regulatory and industry standards.
• Coached teams, Scrum Masters, Process Pro's, Program Managers, and Executives on SecOps/Devops values and principles to promote continuous improvement in practices and artifacts.
• Mentored teams, leading them to be self-directed with strong accountability, decision making, conflict resolution and transparency.
• Gave technical direction and examples on best practices cloud continuous deployment integrations including but not limited to:
• ◦ Cloudformation Templates (VPC, EC2, IAM)
• ◦ Custom API integration scripts
• ◦ Lamda
• ◦ Packer, Chef, Puppet, Docker

Jun 2014 – Jul 2016 · 2 yrs 1 mo · Des Moines, Iowa

• At ADT I am responsible for requirements, architecture, documentation and implementation of secure systems across Monitoring, Response, Location Services, and other B2B partner platforms.
• The Product Security team engineers common secure solutions across the different business segments and products with a focus on all major aspects of security including software architecture, systems architecture, software development, privacy regulation compliance, authorization, authentication, operational capability, and business continuity.
• We work closely with engineering product teams and the line of business to ensure appropriate security and privacy controls are put into place on ADT products and are delivered to market in a timely manner to meet market demands.
• We focus on developing security processes that integrate into an agile environment and utilizing metrics to track progress throughout the platform and hardware engineering life-cycle.
• Our primary charter is to work closely with our business units to understand market needs and ensure viable and relevant products are delivered to the market in a timely and secure manner.

Aug 2013 – May 2014 · 9 mos · Des Moines, Iowa Area

Aug 2012 – Aug 2019 · 7 yrs

Aug 2012 – Aug 2013 · 1 yr · Des Moines, Iowa Area

• Managed and developed a comprehensive process for assessing, identifying, monitoring and reducing pertinent business risks that are key Dwolla's objectives and goals. Responsible for ensuring Dwolla is in substantial compliance with internal operating policies and procedures as well as COPA, BSA, AML, Patriot Act, GLBA, and partner contracts.

Jan 2010 – Aug 2012 · 2 yrs 7 mos

Jun 2009 – Jan 2010 · 7 mos

Mar 2007 – Jan 2008 · 10 mos

• Assist the director of Information Security Services in the development of policies, procedures, and guidelines to ensure compliance with various regulations such as FISMA, HIPPA, and GLBA. Perform PCI GAP Analysis on department payment process. Perform Risk assessments on all technology components and business operations and recommend controls to ensure compliance with NIST and ISO standards. Chief security advisor on issues related to the confidentiality, integrity, and availability of project components.

Jan 2008 – Jun 2009 · 1 yr 5 mos

• Identified protection goals, objectives, and metrics consistent with corporate strategic plan. Managed the development and implementation of global security policy, procedures, and standards to ensure ongoing maintenance of security. Responsible for maintaining controls related to: asset protection, application developments and implementation, access control, video surveillance, and data protection. Managed information protection responsibilities including network security architecture, network access and monitoring, and employee education and awareness. Oversaw incident response planning as well as the investigation of security breaches, and assisted with disciplinary and legal matters associated with such breaches as necessary. Primary liaison for the organization to the federal government on all matters pertaining to information assurance/security. Coordinated with federal auditors and executive leadership to satisfy auditor findings while still supporting business objectives.

Jan 2005 – Mar 2007 · 2 yrs 2 mos

• Established security awareness programs to ensure critical information was protected. Managed the development of unit level programs along with wing level polices. Developed standards and guidelines to help enforce policies. Chaired Working Groups to help develop more strategies to ensure Operations Security were effective. Constructed security policies and guidelines to ensure Information Security was integrated into day to day operations. Performed risk analysis with local and national law enforcement agencies and reported findings to senior leadership along with recommended counter measures to ensure military assets were properly secured. Performed duties as a security liaison to senior leadership to relay technical concerns with the enterprise infrastructure.

Mar 2003 – Dec 2004 · 1 yr 9 mos

• Administered and managed the mission essential content of 120 wing level web pages, one file server, two messaging servers, and 900 client computers. Supervised five personnel responsible for maintaining the 80th Flying Training Wing Computer Resources Help Desk. Responsible for 950 clients and 1100 Active Directory objects supporting Flying Training for US and 13 NATO nations’ pilots. Stood up virtual network consisting of 6 routers 4 switches and 2 hubs to facilitate wing Information Manager Training. Ensured proper patch compliance on network servers and client machines. Developed and implemented Group Policy settings to ensure the security of network resources.

Jan 2003 – Mar 2007 · 4 yrs 2 mos

• Provided security management of 7 distinct networks at 6 sites. Coordinated the submission of security accreditation packages by site personnel. Performed security inspections of system sites to ensure compliance with established standards. Established and instructed a Security Awareness program for end users, managers and system administrators. Established a Network User License Agreement for Sheppard AFB ensuring users were aware of acceptable actions on information systems. Implemented the first PKI program at Sheppard AFB using Common Access cards that allowed users on base to use two factor authentication. Trained end-users on encryption and digital singing techniques. Migrated 6,500 users to PKI logon in 60 days with very few complications.

Jan 2000 – Mar 2003 · 3 yrs 2 mos

• Administered the creation and deletion of Active Directory objects from multiple classified and unclassified networks. Ensured the uninterrupted operation of checkpoint firewalls and Cisco Router access controls list. Performed auditing functions on event logs ensuring the confidentiality and integrity of network resources. Patched and monitored DHCP, WINS, Exchange, and DC servers. Upgraded from Windows NT Domain to Windows 2000 domain controllers with relatively few migration issues ensuring the integrity of wing data.