Sep 2023 – Present · 2 yrs 7 mos · Columbia, South Carolina, United States · Remote

• I offer perspective and counsel to influence the direction of Panoptcy Security.

May 2023 – Present · 2 yrs 11 mos · Gardner, Massachusetts, United States · Remote

• I develop cybersecurity curriculum programs to assist students to learn a diverse set of fundamental cybersecurity knowledge, skills, and abilities.

Feb 2023 – Mar 2026 · 3 yrs 1 mo · Las Vegas, Nevada, United States · Hybrid

• Host of "The Late Show with Gerry", a KnightTV+ exclusive show. #cybersecurity industry talk, engagement, and personality interviews.

Jan 2023 – Present · 3 yrs 3 mos · The Cloud · Remote

• I champion Simply Cyber Con cybersecurity conference leaders to deliver on excellence.

Dec 2022 – Jan 2024 · 1 yr 1 mo · Las Vegas, Nevada, United States

• I get the awesome responsibility of driving practical information security tooling, concepts, and methodologies into the World of Haiku and Haiku Pro platforms. Like a Boss.

May 2022 – Sep 2023 · 1 yr 4 mos · Chattanooga, Tennessee, United States

• Board member to provide guidance, engagement, and awareness to the Hackers for Vets non-profit organization. Led by Mike Jones, this organization seeks to make positive impact in the cybersecurity and transitioning military community. Very honored to be associated. 💙

Mar 2022 – Jun 2022 · 3 mos · Sugar Land, Texas, United States

• Accountable (and frankly quite excited about) developing and delivering cybersecurity curriculum and education that applies both lecture and hands-on lab to provide students with actionable, relevant, and practical cybersecurity skills.
• Since I 💙 cybersecurity I've insisted on also being responsible for the development, implementation, and maturation of the corporate cybersecurity program at the organization ensuring mission critical systems and data are protected commensurate with organizational risk appetite.

Oct 2021 – Present · 4 yrs 6 mos · Remote

• I ensure course curriculum content and practical applicability, instructor experiences, and student experiences are all awesome 🤗

Oct 2021 – Present · 4 yrs 6 mos · Jacksonville, Florida, United States

• I provide guidance, thought, and support to WHCI.
• The Whole Cyber Human Initiative (WCHI) is a means of redefining how we look at and develop talent in Cybersecurity and IT.
• With a 1.8 million person talent shortage and people struggling to find work in the industry, we look to be the bridge. By looking past the resume and providing free and low-cost trainings, we start to develop the “Whole Cyber Candidate”. We take the Candidates and secure talent shortages to provide clients results and them experience.

Jun 2020 – Present · 5 yrs 10 mos · Charleston, South Carolina, United States

• I adjunct for CSCI 227: Principles and Practices of Cybersecurity at The Citadel.
• This course provides an introduction to concepts related to Cybersecurity. Students learn safe practices which can be deployed to secure computer systems and gain an understanding of different tools which can be used to defend attacks on computer systems.
• Major Topics:
• Introduction to Cybersecurity
• Principles of Cybersecurity
• Attacks and Defense Mechanisms
• Introduction to Internets
• Internet Security Risks and Defense Mechanisms
• Mobile and Workplace Security
• Security Policies
• Cyber Terrorism and Information Warfare
• Encryption

Dec 2019 – Present · 6 yrs 4 mos · Helping cyber security professionals take their career further, faster

• 🌎 https://SimplyCyber.io
• Simply Cyber is an information security YouTube channel designed to help individuals go further, faster in the information security field. As the chief content creator, I am responsible for audio, video, and content production elements.

Jul 2018 – Apr 2021 · 2 yrs 9 mos · Charleston, South Carolina Area

• I was responsible for the design, build, and implementation of enterprise-class information security systems and policies across health, academic and research domains that provide value for MUSC and its partners.
• I'm challenged with setting the information security strategy for MUSC to include developing standards, roadmaps, solution paths. Furthermore I stay informed and incorporate knowledge of emerging threats that help the organization achieve those strategies.

Jan 2016 – Jul 2018 · 2 yrs 6 mos · Charleston, South Carolina Area

• As a member of the Information Security team at MUSC, I have the professional challenge to bring information security governance, operations and engineering in a unique challenging university medical center enterprise.
• I am responsible for risk analysis and risk management, security program management, and leadership.
• Specifically, I ensure that risk associated with MUSC data and data delivery systems are properly assessed, mitigated, and documented to meet regulatory requirements and the enterprise vision. I assist in strategic planning and governance for the Information Security Program, ensuring the security architecture is documented according to policies, standards, procedures and guidelines. Additionally I function as leader to facilitate and achieve information security program initiatives.

Dec 2017 – Dec 2019 · 2 yrs · Charleston, South Carolina Area

• Each week, Steve and I discussed Information Security topics relevant to the medical industry and to patients. From the latest hacks and bugs, to changes in the regulatory environment, and tips and tricks to keep your own personal information safe.
• https://podcast.musc.edu/category/podcast/infosec/

May 2016 – Present · 9 yrs 11 mos · Charleston, South Carolina Area

• I partner with small business (SMB) owners to identify their cybersecurity risks and reduce it. The approach is centered around practical security controls over meeting compliance. Many times small businesses rely on outsourced IT staff to support their business and assume implicitly they are providing information security efforts. This is often not the case, and I am able to positively collaborate with these businesses IT staff to understand the greatest risk to business operations.

Nov 2010 – Jan 2016 · 5 yrs 2 mos · Charleston, South Carolina Area

• I provided information assurance guidance within the public sector, currently supporting the National Science Foundation (NSF) United States Antarctic Program (USAP). I look at my clients information security problems holistically, objectively addressing the complex interplay of people, process and technology.
• While being honored and humbled to travel to some of the most remote locations on Earth, I leveraged NIST 800-53 security controls with the Risk Management Framework for mitigating risks and supporting a sound information security program approach. I provided accreditation program support from both a technical, operational and management perspective. I performed enterprise risk assessments for my client in alignment with NIST SP 800-30. I developed system security plans for authorization packages in alignment with NIST SP 800-18. I've analyzed and developed weakness remediation procedures in alignment with NIST SP 800-40 v2. I performed security control assessments testing across multiple sites and multiple technologies leveraging the 53A to assess 800-53 controls for a MODERATE baseline. I performed regular weakness remediation validation to support a continuous monitoring security approach.

Nov 2009 – Oct 2010 · 11 mos · Charleston, South Carolina Area

• I provided client-facing independent analysis, evaluation, and recommendations designed to promote economy, efficiency, and effectiveness in my DoD client's security program, and function as primary liaison with client's project offices' and government agencies in all security matters.
• I leveraged my education and experience to provide quality consulting relative to security engineering, information assurance policy and procedures, and information assurance management. I leverage knowledge of the DoD 8500 series and the DIACAP process to deliver results.

May 2009 – Nov 2009 · 6 mos · Greater Boston Area

• TBG Security delivers best-of-breed security technologies for enterprise IT environments, providing services in risk management, security policy, security strategies for compliance, business continuity, network security, managed services, product integration, incident response management, and technical support.
• I consulted / actively participated in the implementation and configuration of various infrastructure components, including improvements to topology, protocols, policy, device configurations, and network and security management tools for my clients. I provided policy review and recommendations for the client’s security program. I remediated vulnerabilities and quantifiably demonstrated an improvement in overall security posture.

Aug 2005 – May 2009 · 3 yrs 9 mos · Washington D.C. Metro Area

• Performed and held multitude of roles and responsibilities while at Bearingpoint, including:
• Sarbanes-Oxley (IT) Auditor 6/2008 - 5/2009
• System Administrator 2/2007 -12/2008
• Ops Specialist 8/2006 - 12/2008
• Management Analyst 8/2005 - 7/2006
• Leveraged COSO framework for IT Application control testing and COBIT framework for ITGC testing to ensure all SOX processes are followed and all controls are performed from an internal audit standpoint. I conducted documentation, validation, testing, and reporting of SOX IT controls across key applications, including user access, change control, physical access, and configuration management.
• Lead technologist responsible for mission-critical systems health, determining approach and architecture for developed technical solutions, and providing regular work-in-progress status updates to management. Administered Windows 2003 Server environment and ASP-based Intra-Net Web-based solution.
• Managed resale transaction requests/orders for technology (hardware & software) procurement related to BearingPoint consulting engagements.
• Advanced the USMC goal of achieving accurate, timely, reliable and useful financial information. I provided technical advice and direction, as well as, the development of software and solutions. My assignment encompassed business and IS strategies, web development, effectiveness and efficiency studies, development methods and service management. I supported the implementation of a financial management and reporting system based on an Oracle backend with an Oracle Portal front end. I provided direction and knowledge regarding all phases and tasks of the System Development Life Cycle (SDLC). In addition to developing and implementing a Model-View-Control Design Web-based Application, I successfully performed the lead role for the MIS Architecture engagement’s Capability Maturity Model Integration (CMMI) effort.