I am the creator of technology & cybersecurity strategies which enable business objectives and permeate organizational culture at all levels. I strongly believe that by forging strong partnerships kinetic energy is built that reduces risk, makes an organization more resilient, and promotes innovation which increases success.
Principal CISO
aws.amazon.com | August 2021 - Present
Accomplishments:
As Principal CISO, I have been able to consistently demonstrated strategic leadership, vision, and expertise in developing and executing comprehensive cybersecurity programs. With a strong track record of safeguarding organizations from evolving cyber threats and ensuring compliance with industry regulations, I have played a pivotal role in enhancing security posture and fostering a culture of cybersecurity.
Responsibilities:
- Act as a cybersecurity & digital transformation visionary for the AWS organization, customers, and partners.
- Convert learnings gathered from customer interactions to influence AWS technology and services evolution.
- Build new AWS technology & cybersecurity services that are used by AWS internally and by customers.
CISO & VP of IT Strategy, Operations, Infrastructure & Architecture
llflooring.com | March 2019 - August 2021
Accomplishments:
Senior executive responsible for creating and overseeing a comprehensive information technology and security strategy and ensuring the protection of all digital assets, data, and systems. Identified and mitigated cybersecurity threats, developed and implemented security policies and procedures, managed security teams, and ensured compliance with industry regulations. Played a critical part in safeguarding organization against data breaches, and cyberattacks to ensure customer trust.
Responsibilities:
- Set clear vision, strategy and measurable goals for a holistic technology program.
- Partnered with executive leadership to align technology program with organizational mission and vision.
- Developed a technology team and culture that is great at identifying solutions to business challenges.
- Continuously iterated to enhance and improve organizational capabilities.
- Maintain all regulatory and industry security compliance.
- Report to executive leadership and Board of Directors on topics of technology, digital transformation & cybersecurity.
- Utilized strong collaboration skills with peers and colleagues to accomplish amazing things.
CISO & VP of IT
orvis.com | April 2015 - April 2019
Accomplishments:
In over 150 years the Orvis footprint had grown slowly. To help grow the Orvis brand, I lead a digital transformation that brought the Orvis brand into millions of more homes and increased online revenue to 80% of total sales.
Responsibilities:
- Collaboratively drove results.
- Set vision & strategy for technology & cybersecurity program.
- Aligned a secure technology program with mission and vision.
- Designed solutions that improved employee and customer experiences.
- Reported to the Board of Directors on technology & cybersecurity.
- Maintained regulatory and industry security compliance.
Chief Information Security Officer
pokerstars.com & resortscasino.com | April 2014 - April 2015
Accomplishments:
The State of New Jersey legalized online gambling but PokerStars, Resorts Casino, and NYX Gaming did not have someone to build and secure a regulated gaming platforms for them. These organizations reached out to me to guide them through the task. In one year I built a secure, efficient, profitable, and compliant platform that has been a top-performing online gaming platform in New Jersey for over 6 years.
Responsibilities:
- Architected, and lead the implementation of the world's largest online poker platform which has been officially licensed in New Jersey.
- Developed a strategic relationship with state gaming enforcement leadership.
- Created a framework for roles and responsibilities with regard to information ownership, classification, accountability and protection of information assets.
- Developed, implemented and monitored a strategic, comprehensive information security program.
- Created and manage a targeted information security awareness training program and establish metrics to measure the effectiveness of this security training program.
Cybersecurity Architect & Security Engineering Manager
April 2012 - April 2014
Sr. Network Infrastructure & Security Manager
December 2007 - April 2012
Business Network & Security Consultant
November 2005 - December 2007
Network Administrator
August 2004 - November 2005
Evolving Technology & Cybersecurity Leader
April 1993 - August 2004
November 2019 - Present
Cybersecurity professionals face immense pressure to evolve and grow, but they are not alone. As a member of this ISC2 board, I am able to help over 150,000 professionals develop their information security careers, guide individuals through globally recognized certifications, connect people to networking/collaboration opportunities, & educate the general public through The Center for Cyber Safety and Education.
https://www.isc2.org/about
February 2021 - Present
https://www.nacdonline.org/
April 2018 - Present
Future cybersecurity leaders need a place to go to develop leadership traits like discipline, integrity, confidence, loyalty, and honor. To help in fostering this type of environment I have been an advisory board member for Norwich University's Master's of Science in Information Security & Assurance Program. In this role, I have helped shape a program that aligns future cybersecurity leaders with the real needs of businesses.
norwich.edu/academic-programs/masters/cybersecurity
July 2015 - Present
Cybersecurity and technology challenges can be overwhelming when faced in a vacuum. As a leader on this council, I set out to empower cybersecurity teams with added perspective and tools. These efforts have lead retail cybersecurity teams to become the business enabling forces at organizations of all sizes. Retail organizations are now faster, stronger, and better at serving their customers than they ever were before.
nrf.com/about-us/committees-councils/it-security-council
January 2016 - Present
Small and medium-sized organizations can feel overwhelmed as they navigate cybersecurity challenges on their own. I joined the PCI Council's Small Merchant Taskforce because of my desire to ease these challenges. This resulted in the design and roll-out of the PCI Data Security Essentials Resources for Small Merchants, which provides simple guidance on protecting payment card data against theft. It is used today by hundreds of thousands of small merchants across the globe.
pcisecuritystandards.org/pci_security/small_merchant_tool_resources
January 2016 - July 2019
Retail chip and pin security advances have led malicious actors to shift credit card fraud online. Due to my experience in solving this problem, I partnered with NIST, the NCCoE & a cross-section of technology vendors to create and publish an easy-to-use practice guide for online retailers. This guide is now used across the globe, to protect user privacy, and to reduce fraudulent online purchases.
nccoe.nist.gov/projects/use-cases/multifactor-authentication-ecommerce
CISO Executive Program
EC-Council’s CCISO Program has certified leading information security professionals around the world. A core group of high-level information security executives, the CCISO Advisory Board, contributed by forming the foundation of the program and outlining the content that would be covered by the exam, body of knowledge, and training. Some members of the Board contributed as authors, others as exam writers, others as quality assurance checks, and still others as trainers. Each segment of the program was developed with the aspiring CISO in mind and looks to transfer the knowledge of seasoned professionals to the next generation in the areas that are most critical in the development and maintenance of a successful information security program.
The demand for skilled information security management professionals is on the rise, and the CISM certification is the globally accepted standard of achievement in this area.
CISMs understand the business. They know how to manage and adapt technology to their enterprise and industry.
CRISC is the most current and rigorous assessment available to evaluate the risk management proficiency of IT professionals and other employees within an enterprise or financial institute.Those who earn CRISC help enterprises to understand business risk, and have the technical knowledge to implement appropriate IS controls.
This cybersecurity certification is an elite way to demonstrate your knowledge, advance your career and become a member of a community of cybersecurity leaders. It shows you have all it takes to design, engineer, implement and run an information security program. The CISSP is an objective measure of excellence. It’s the most globally recognized standard of achievement in the industry. And this cybersecurity certification was the first information security credential to meet the strict conditions of ISO/IEC Standard 17024.
The Internal Security Assessor program teaches you how to perform internal assessments for your company and recommend solutions to remediate issues related to PCI DSS compliance. Assessors are sponsored by their companies, so when you receive this qualification you will be able to act as a liaison with external PCI auditors and manage interactions with a Qualified Security Assessor (QSA).
The Payment Card Industry Professional is an individual, entry-level qualification in payment security information and provides you with the tools to build a secure payment environment and help your organization achieve PCI compliance. This renewable career qualification is not affected by changes in employment assignments and stays in effect as long as the individual continues to meet requirements. This three-year credential also provides a great foundation for other PCI qualifications.
Together our forces are stronger than they ever will be alone. Please feel to connect with me to ask a question or just to say a quick hello.