May 2018 – Present · 8 yrs · Greater Chicago Area

• I lead the development of our blockchain and digital assets capabilities across Audit, Tax and Consulting Services.

Feb 2016 – Present · 10 yrs 3 mos · Greater Chicago Area

• I'm a Principal at RSM US LLP and lead our Blockchain and Cryptocurrencies Practice.
• I help financial services firms keep their cryptocurrencies (bitcoin, ethereum, monero, etc) safe. I help companies understand the disruptive nature of blockchain, smart contracts and DLT so they can prepare, adapt and react.

May 2018 – Dec 2019 · 1 yr 7 mos

Mar 2012 – Dec 2015 · 3 yrs 9 mos · Greater Chicago Area

• Midwest Leader for Cigital’s Software Security Consulting and Products Group
• · Lead numerous projects around the strategy, assessment, and implementation of application security and software security programs. Built Software Security Groups and Initiatives within numerous organizations.
• · Conduct assessments using the BSIMM Model — Building Security In Maturity Model — which measures the maturity of an organizations software security program.
• · Help clients build security into an Agile development lifecycle including a governance and metrics model to manage software change within the development organization.
• · Assess the security of numerous medical devices and medical information portals including Class I, II and III devices. Devices assessed include pacemakers, monitors, surgical instruments, and other devices which transmit health information from the patient to a medical professional.
• · Assess the security of Internet of Things devices and products including cars, medical devices, construction equipment, and phones.

Oct 2009 – Mar 2012 · 2 yrs 5 mos

• National Leader for Identity and Access Management.
• · Led numerous projects around the strategy, assessment, and implementation of identity management processes and technology across a broad range of industries and technologies.
• · Developed the strategy for identity management for a major food and beverage client. This included addressing existing process remediation, interim plan to address compliance, and development of a full implementation of Oracle’s Identity Management platform.
• · Developed future state roadmap for identity management and roles based security at a large hospital group. Included developing a multi-track roadmap for implementation of additional identity management functionality based upon Courion, roles-based access control, and process improvement.
• · At a large transportation company, implementation of roles-based access control within Oracle’s Identity Manager and Roles Manager as part of a broader Oracle eBusiness Suite implementation along with an Oracle Identity Management implementation. Included project management of identity management initiative, creation of a roles governance structure, and mapping of Oracle eBusiness Suite functionality to Identity Management Enterprise Roles.
• · Analysis of existing access certification process at a large insurance company and recommendations on improving the usability and accuracy of an enterprise recertification program.

Aug 2005 – Oct 2009 · 4 yrs 2 mos

• Midwest Leader for Information Protection and Business Resiliency.
• · Provided recommendation on rules to be included within the global policy. Assessed the security capabilities and designed policies, standards, and minimum security standards for a global real estate management firm.
• · Developed an architectural model to integrate third-party customer’s single sign-on infrastructure into a bill payment application. Created the security requirements to ensure the authentication and authorization processes provided the highest level of security.
• · Performed a pre-GAO FISCAM audit of a third-party service provider’s complete IT infrastructure including penetration testing and detailed analysis of all infrastructure components. The results of the work were then provided to the General Accounting Office.
• · Performed information security assessments for a major hospital including specific assessments on HIPAA, privacy, information security, and policy reviews. Recommendations were reported to the Chief Risk Officer for the hospital.

Aug 2000 – Aug 2003 · 3 yrs

• Manager for Information Security Services including penetration testing, architecture reviews, and security assessments.
• · Has participated in and/or led security assessment project teams within a wide array of industries which has included a broad spectrum of technologies including:
• Checkpoint, Cisco PIX, and Nokia firewalls
• Cisco IOS supported devices
• Unix, Linux, Windows, and Netware platforms
• Various application platforms and languages including Java, PHP, Coldfusion, and Websphere.
• Various database platforms including Sybase, Oracle, Informix, and DB2

Aug 2003 – Aug 2005 · 2 yrs

• Business Information Security Officer for the Emerging Payments Channel Line of Business.
• · Responsible for the Information Security and Security Architecture for five business groups including an Asia and US based Trade Finance Product, Electronic Web-based and IVR-based Payment Products, and Call Center Product.
• · Assessed the regulatory compliance of five financial services applications which handled global import and export letters of credit. This included working with the regional regulatory agencies for the countries which this application was used including the Honk Kong Monetary Authority and Monetary Authorities of Singapore, Korea, and Australia.