I'm an enthusiastic Bay Area-based information security guru. I dabble in all things security-related and have recently expanded my expertise into data privacy and digital forensics.
A little more information about me...
This is a rough assessment of where I am in my career development, taking into account the skill sets I am still seeking to further develop.
2019 - Present
• Reduce security/compliance risk by onboarding Okta for zero-trust modeling, streamlined access de-provisioning, and authentication profiling. Secure corporate endpoints with DISA/CIS benchmarks through Jamf policy design/management.
• Streamlined risk prioritization through unified risk management methodologies based on internal (SOC-2/PCI) and external (NIST, Open Threat Taxonomy, and Open Security Architecture) standards to identify, measure, and mitigate risk.
2018 - 2019
• Built and maintained security and SOC-2/PCI compliance programs, policies, budget, service portfolio, and technical roadmap for a 100+ employee series-C FinTech organization with a post-money valuation in the range of $500M.
• Established response methodologies for new business ventures focusing on security; facilitated two major banking partnerships.
• Improved business preparedness through development of continuity/response program and execution of $0-retainer IR agreement.
2015 - 2018
• Promoted and built/managed a team of 3 responsible for operation/execution of security and SOX/SOC-2 internal IT controls.
• Facilitated first SOX audit engagement and project planning following IPO with zero IT deficiencies in our first 10k filing.
• Planned and executed an internal audit reliance strategy that reduced audit overhead by 20% by negotiating reliance on internal audits with measured risk-rankings of internal controls against probability/impact of material misstatements.
2011 - 2015
• Mediated security and privacy gaps in vendor engagements and contractual negotiations; reduced risk in 25+ new proposals.
• Facilitated development of SIEM (ArcSight) architecture, rules, response runbooks. Investigated threat indicators with SOC.
2007 - 2011
• Managed vulnerability remediation planning for 200,000 systems in North America; facilitated reduction to less than 1/10th of prior mandates by streamlining processes to identify, investigate, and escalate issues in the critical path of remediation.
Project to graduate 2022
San Francisco, CA
New York, NY
Phone: [redacted due to spam]