Mar 2025 – Present · 1 yr 3 mos · South Jordan, Utah, United States

Jan 2022 – Mar 2025 · 3 yrs 2 mos · South Jordan, Utah, United States

• Accomplished Cybersecurity and Technology Executive
• Joined Marsh January of 2022.
• Most recently worked as CISO for major $10 billion integrated health system. Previously CISO at major academic medical system and university, security leader at regional banking system. Three decades’ experience in leadership, deploying robust business-enabling cybersecurity solutions. Executive leader positioned to define and execute an organization’s business strategy, aligning with business goals and compliance drivers, while balancing demanding workload with shared resources to meet financial goals. Successful at overcoming cultural and political issues and getting tough things done. Confident communicator offering high-caliber presentation, collaboration and closing skills. Executive and Technical Advisory Board Member. Certified Chief Information Security Officer.
• CISOsConnect Top 100 CISOs Globally for 2024
• CISOsConnect Top 100 CISOs Globally for 2021
• Hot Topics Top 100 CISOs Globally for 2017 and 2020
• Peerlyst Community eBook: 29 Highly Influential CISOs
• Named one of “Hospital and Health System CISOs to Know” for 2018-20 by Becker’s Hospital Review
• FBI CISO Academy, October 2017

Feb 2021 – Mar 2025 · 4 yrs 1 mo

Aug 2020 – Dec 2021 · 1 yr 4 mos

Mar 2019 – Dec 2020 · 1 yr 9 mos

Feb 2019 – Dec 2021 · 2 yrs 10 mos

Jan 2019 – Nov 2021 · 2 yrs 10 mos · Virginia Beach, VA

Oct 2018 – Mar 2019 · 5 mos

• The VMASC Industry Association enjoys the partnership with ODU's VMASC to further the application of research and development and increase awareness of how modeling, simulation, analysis can be applied to some of our nation's most difficult challenges. This year we continued initiatives like scholarships, education support, sponsorships, and entrepreneurial contests, while expanding initiatives that increase the visibility of ODU MSVE and enhance collaborative R&D in modeling, simulation, and analysis. We also embarked on a robust strategic planning effort that is culminating in a strategy to enable the VMASC industry association to help ODU VMASC achieve its objectives while growing the local modeling and simulation industry.

Jan 2018 – Present · 8 yrs 5 mos

Jan 2018 – Dec 2021 · 3 yrs 11 mos

Sep 2016 – Jan 2022 · 5 yrs 4 mos · Virginia Beach, VA

• Building secure digital environment for new mobile apps, patient/member portals, and enterprise data platform in cloud IaaS and PaaS environment.
• Major telehealth platform implementation, integrated with electronic health record system, patient portal mobile app, health plan member mobile app
• One of Top 100 CISOs Globally for 2017
• https://www.hottopics.ht/stories/enterprise/the-top-100-cisos-2017/
• Current Focus Areas:
• DevSecOps: Development and secure deployment of cloud-based mobile and enterprise data platforms, enabling improved digital engagement with health consumers
• Blockchain IoT management platform development
• Cyber security tradecraft at scale
• First 30 Months Report, Program Build:
• Board and Executive Leadership reporting and risk tolerance planning established
• Serving on AEHiS Public Policy Workgroup, providing Cyber Security expertise on Congressional legislative activity and Federal affairs, Health Sector Coordinating Council, CISA 405d Task Groups
• Team-working CIO’s IT Transformation, Cloud, Digital, Innovation, Business-Enabled Cyber Security
• New ISO leadership team in place, 90% FTE staffing completed, MSSP on-line, student staffing in place
• Major implementations: 2FA, Privileged Access Management, Adv Malware Defense, Network Segmentation, Micro-Segmentation, Threat Detection and IR Uplift
• Innovation Advantages for Healthcare, BlockChain, Analytics, Digital and Mobile Strategies
• Collaborating and serving advisory role with Old Dominion University on NSF STEM Grant and CSIIP
• HIPAA, PCI, CUI
• NIST, ISO
• HIMSS18 and 19: Presenter/Speaker at Cybersecurity Forum
• Executive Advisory Board Positions:
• Tenable
• CyberMDX
• RedShield
• Intruno

May 2013 – Sep 2016 · 3 yrs 4 mos · Greater Salt Lake City Area

• 2016:
• Resource acquisition and Implementation of Sailpoint IIQ
• Resource acquisition and Implementation of Tanium Endpoint Security
• Resource acquisition and Implementation for 24x7 SOC, partnership with other health organizations for cyber threat intelligence sharing
• Organizational risk analysis evaluation and preparation for OCR HIPAA Audit
• Chairperson for State of Utah Data Security Management Council
• 2015:
• New information security policy and rules for University and Health Care organization approved by Academic Senate
• Implementation of Symantec DLP, FireEye NX, QRadra SIEM, IAM
• Planning and implementation of SOC
• 2014:
• University’s PCI ROC, successful completion in Nov. 2014
• Coordinating University Health Care’s adherence to security rules listed in HIPAA
• Security plans for infrastructure subject to FISMA
• Coordinates security compliance with FERPA
• Responsible for day-to-day info security across the University of Utah and affiliate organizations
• Owner of Info Security Risk Management Framework, Risk Analysis Process and Risk Assessments
• Fiscal Year 2015 Key Initiative: Implementing Continuous Monitoring Program, specifically affecting these technology areas and processes
• Overseeing continued proactive testing of vulnerabilities

Feb 2007 – May 2013 · 6 yrs 3 mos

• Implement and manage requirements/controls for PCI and HIPAA compliance.
• Data Center Infrastructure and Process Management.
• Manage and oversee quality of the end user computing experience by directing efforts of teams responsible for delivering technology. Evaluate existing technologies, policies, and procedures for appropriate usefulness in consideration of existing and future business requirements. Assess current systems and controls for adequacy in managing operational risk, improving workflow, and accuracy in reporting system performance. Design, recommend, and direct implementation of technologies, policies and procedures for managing risk, work flow, end user experience, and back-end system performance and reporting. Develop appropriate metrics for accurately assessing system and process performance. Currently driving the adoption of many processes and standards not previously in use, including: Configuration and Change Management, Systems Management, Incident Management, Work Order and Workflow Processing, Ultimate End User Experience, and overall improved operational risk management.

Oct 1998 – Nov 2006 · 8 yrs 1 mo

• Responsible for operations and architecture involving security and technology controls for Zions Bancorporation. Manage operational framework and plans for multiple layers of security infrastructure: firewalls, HIDS, NIDS, AV, malware, SPAM, DNS, routing, proxy, internet access, web application security, encryption, policy and system access. Represent the performance of risk controls relative to regulatory compliance to the corporation and various auditing firms.
• Wide area network, storage, software delivery, telephone service, system configuration management, enterprise system backup. Established technology standards. Created Architecture and Standards Office, with various technology specific sub-committees.
• Managed Network and Server Operations. Services: file sharing, email, printing, software distribution, patch management, inventory, web servers, application servers, database servers, directory services, system backups.

Dec 1995 – Oct 1998 · 2 yrs 10 mos

• Administered and implemented process oriented approach for supporting technology within American Stores Company and affiliate stores, including: Jewel, Osco, Acme, Lucky. Technology platforms include: NetWare, Microsoft Windows/NT, enterprise anti-virus, distributed system backups, enterprise software delivery, SNA gateways, NetWare and Microsoft security. Worked with internal development teams and business analysts to roll out multi-tier (client server) applications, bringing great leverage of technology to many business units enabling them to drive greater revenue and efficiency. Oversaw and administered operations and engineering efforts for distributed server platforms.

Nov 1988 – Jan 1995 · 6 yrs 2 mos

• RAF Mildenhall, UK
• Holloman AFB, NM