May 2025 – Present · 1 yr 1 mo

Apr 2025 – Present · 1 yr 2 mos · Fort Collins, Colorado, United States · Remote

• Member of the committee for regional cybersecurity capacity building and collaboration for the Americas and Caribbean. https://thegfce.org/region/americas-caribbean/

Mar 2025 – Present · 1 yr 3 mos · Remote

Feb 2025 – Present · 1 yr 4 mos · Fort Collins, Colorado, United States · Remote

Apr 2024 – Sep 2024 · 5 mos

• Returned to individual contributor role after my team was laid off by Cisco in February. My own position was eliminated as part of the second wave of layoffs in September.

Oct 2018 – Mar 2024 · 5 yrs 5 mos

• Duo Security was acquired by Cisco in October 2018. The Advisory CISOs helped guide strategy for Cisco's Security Business Group as part of the Security Strategy Office, in such areas as architecture, design, product roadmap, go-to-market, integration, public policy, investments, and customer experience.

Feb 2024 – May 2025 · 1 yr 3 mos

• Description of the committee work: https://www.nationalacademies.org/our-work/cyber-hard-problems
• Resulting publication:
• https://nap.nationalacademies.org/catalog/29056/cyber-hard-problems-focused-steps-toward-a-resilient-digital-future

Jun 2022 – Present · 4 yrs

Jun 2022 – Present · 4 yrs

Feb 2022 – Present · 4 yrs 4 mos

Sep 2021 – Sep 2024 · 3 yrs

• Represented Cisco, an investor in Team8, on the CISO advisory board, analyzing portfolio startup offerings and supplying feedback.

Jul 2021 – Jun 2023 · 1 yr 11 mos · Austin, Texas, United States

• Curated a speaker series on cybersecurity for the Strauss Center students, faculty and staff. Recruited varied speakers from across the industry and helped refine their talks.

Jul 2019 – Present · 6 yrs 11 mos

• Now on the board of directors. Support and advocate for Sightline's mission of helping nonprofits secure themselves.

Dec 2016 – Oct 2018 · 1 yr 10 mos · Austin, Texas Metropolitan Area

• Led a team of CISO strategists that engaged both internally and externally to build on a new vision for information security. As part of the Product team at Duo, worked across multiple functions to contribute CISO perspectives in design, sales, marketing, roadmap, support, and other areas. Created written and webinar content for various audiences, represented Duo at conferences and in working groups, and consulted with customers and prospects about their security program challenges.

Jun 2015 – Dec 2016 · 1 yr 6 mos · Austin, Texas Area

• Led research and collaborative efforts to help retailers and commercial entities improve their security programs. Managed ISAC operations, threat intelligence community groups, and notification/incident response. Built partnerships with leading security vendors, academia, and other sources of intelligence, technology and data analysis. Responsible for architecting upgrades to R-CISC collaboration platform, its data ingestion and analysis. Facilitated technical member working groups to address high-profile issues such as account takeovers (ATO). Created technically focused intelligence products for internal and external consumption.

Aug 2011 – Jun 2015 · 3 yrs 10 mos · Austin, Texas Area

• Led the security analyst team in covering as many as 1,200 security vendors from a technology and business analysis perspective. Published over 300 reports, ranging from individual company profiles to long-format technology business impact analyses and emerging trends. Advised vendor clients on technology roadmap, go-to-market strategy, M&A, and partnership activities; consulted for enterprise and investment clients in technology areas such as threat intelligence, application security, identity and access management, managed security services, risk analysis, and the impact of disruptive developments.

Sep 2010 – Aug 2011 · 11 mos · Austin, Texas Area

Jun 2005 – Sep 2010 · 5 yrs 3 mos · Austin, Texas Area

• Built the agency information security program from scratch, from a single position with no budget to a team of ten with a multi-million dollar budget. Led initiatives to build awareness; performed state-mandated risk and vulnerability assessments, implemented monitoring, incident response and an application security program; and participated in state cybersecurity legislation and rule-writing. Contributed oversight and direction in security aspects of the state-wide effort to virtualize and consolidate 27 agency data centers.
• Directed multiple projects under a $3.8 million dollar Security and Confidentiality Initiative approved by the Texas Legislature. Initiatives included Identity and Access Management (IAM), which involved replacing a custom-developed single sign-on portal to support 65 applications and 500,000 users; database activity monitoring; security logging and monitoring; and comprehensive application security assessment and remediation using automated scanning, manual testing and remediation by an outsourced secure development group.

Aug 1997 – Dec 1999 · 2 yrs 4 mos · Chicago, Illinois, United States

• Responsibilities in IT Security global staff position included: designing and building UBS Warburg’s security monitoring infrastructure and incident response team; managing division’s security awareness program; developing risk assessment methodology; managing global IT Security budget (approximately US $40 million); and representing IT Security on various divisional technical operating committees.

Aug 1995 – Aug 1997 · 2 yrs · London, England, United Kingdom

• Assigned to London branch to create new IT Security group and supervise security aspects of network merger with S.G. Warburg. Participated in task force advising on security issues in outsourcing global production support to Perot Systems Corporation.
• Responsible for IT Security issues for 30 sites in EMEA region; created policies, operational guidelines and procedures; instituted an awareness program; established technical risk assessment and approval process for new development initiatives, including the investment bank’s first Internet service offerings. Worked closely with business heads, Corporate Audit, Legal, Human Resources and Compliance departments on security issues.

Aug 1992 – Aug 1995 · 3 yrs · Zurich, Switzerland

• Volunteered for assignment to provide 24x7 Unix system administration support for international and finance division’s sites in Switzerland and Germany. Created system administration group and recruited six full-time staff and four contractors. Trained own successor.
• During 1993 and 1994, led group in moving approximately 1600 traders, developers and logistics staff from several locations to a new central site in Opfikon near Zurich airport, at the same time redesigning and expanding the network from 400 to 1000 nodes.

Oct 1987 – Aug 1992 · 4 yrs 10 mos · Chicago, Illinois, United States

• Worked in global Unix installation and support after partnership was formed with Swiss Bank Corporation.