Hands-on Information Security leader with over 20 years experience establishing cross- functional, practical security approaches that fit company culture and business goals. Excellent communication skills across managerial levels. Able to interface with executives, customers, auditors, and technical teams.
Elementum SCM, Inc • Mountain View, CA2017 - Present
Director Information Security (Head of Security/CISO)
Developed Information Security Management System (ISMS) based on ISO27001/ISO27002 framework for supply chain management service provider.
- Obtained ISO/IEC 27001 certification within first 90 days after restart, resolving major non-conformity issues found during phase 1.
- Drove SSAE 16 SOC2 Type 2 certification after one year with no documented findings
- Established regular vulnerability assessments and penetration testing and reduced exposed vulnerabilities by 20%
- Developed company’s first internal company-wide Risk Register allowing the company to track and manage company risks.
- Implemented 3rd party license compliance program and eliminated license violations such as copyleft, GPL. Reduced 3rd party library vulnerabilities by 60% and libraries with vulnerable method in use by 90%.
- Implemented Company wide Security and Compliance Awareness Training program with 100% participation.
Silicon Valley Chapter, Information System Security Association2009 - Present
Elected to the board of directors for the Silicon Valley chapter of the Information System Security Association (SV-ISSA) from 2009 to present. Most recently serving as the President of the chapter.
- Chairing board meetings, organizing community events, chapter meetings, and annual security conference.
Blue Jeans Network, Inc • Mountain View, CA2014 - 2017
Security Engineer (Acting Information Security Officer)
Developed Information Security Program based on ISO framework for cloud-based video conferencing solution.
- Provided critical support to the sales team on pre-sales and post-sales customer security evaluations to help close deals.
- Coordinated security efforts across departments and functions
- Three-years SSAE 16 SOC 2 security audit with unqualified reports
- Integrated and managed Security Information Event Management (SIEM) system
- Implemented software static code analysis systems
Kaiser Permanente • Pleasanton, CA 2010 – 2014
Information Security Consultant Specialist
Providing Risk Management and mitigation recommendations for projects in large healthcare organization covering Kaiser's multiple regions providing Project Lifecycle Security Engagements for information technology projects.
- Evaluate vendors against HIPAA, SOX, and PCI security requirements for Healthcare records
- Identified potential risk, consulted on correcting or reducing risk and created reporting if uncorrected
- Performed risk assessments on new projects
- Consult with Security Operations Team on security events
Security Operations Center Lead
Lead for team of 6 security analysts providing response and investigations into security events and incidents in large healthcare organization.
- Developed automation for data-loss-prevention (DLP) tools, reducing workload from 16 man hours for single operation to 2 man hours / day
- Responded to events from Security Incident Event Management (SIEM) system distilling 50 million events into a few hundred actionable items per week.
- Investigate cases of fraud and abuse.
Proofpoint, Inc • Sunnyvale, CA 2009 – 2010
Sr. Technical Support Engineer
Provide advanced level product support for the Proofpoint Email Protection Server to Self-Hosted as well as Proofpoint hosted customers.
- SME in Networking and Information Security.
- Provide policy recommendations to customers for email security and encryption.
- Masters of Science • Information Security and Assurance
- Bachelors of Science • Information Technology: Security
- Computer Communications Systems Control Specialist - U.S. Air Force
- Basic Military Training - U.S. Air Force