Skip to main content

Summary

Hands-on Information Security leader with over 20 years experience establishing cross- functional, practical security approaches that fit company culture and business goals. Excellent communication skills across managerial levels. Able to interface with executives, customers, auditors, and technical teams.

Experience Highlights

  • Assessment and Risk Management
    • Penetration Testing
      Vulnerability Assessment
      Risk / Compliance Assessment
  • Certifications
    • CISSP 53360 GIAC GWAPT
      CEH CHFI MCP Project+
      CCNA Security CSCO12076222
  • Security Frameworks
    • ISO 27001 COBIT COSO ITIL
      NIST SP 800-53, 800-30, 800-37r1
  • Compliance Experience
    • ISO27001 SSAE 16 SOC 2 PCI-DSS
      HIPAASOX
  • Operating Platforms
    • Windows Linux Unix OSX

Employment History

Aryaka Networks, Inc • San Mateo, CA 2019 - Present
Chief Information Security Officer (CISO)

Developed Information Security Management System (ISMS) based on ISO27001/ISO27002 framework for supply chain management service provider.

  • Drove ISO/IEC 27001 certification with no non-conformities through stage 2.
  • Drove migration from SSAE 16 to SSAE 18 standards for SOC 2 reporting
  • Reduced exposed vulnerabilities by 80% by updating vulnerability management program.
  • Developed and managed Information Security Incident Response Process
  • Implemented Forensics analysis and evidence gathering process
  • Implemented Continuous Company wide Security and Compliance Awareness Training program.

Elementum SCM, Inc • Mountain View, CA 2017 - 2019
Director Information Security (Head of Security/CISO)

Developed Information Security Management System (ISMS) based on ISO27001/ISO27002 framework for supply chain management service provider.

  • Obtained ISO/IEC 27001 certification within first 90 days after restart, resolving major non-conformity issues found during phase 1.
  • Drove SSAE 16 SOC2 Type 2 certification after one year with no documented findings
  • Established regular vulnerability assessments and penetration testing and reduced exposed vulnerabilities by 20%
  • Developed company’s first internal company-wide Risk Register allowing the company to track and manage company risks.
  • Implemented 3rd party license compliance program and eliminated license violations such as copyleft, GPL. Reduced 3rd party library vulnerabilities by 60% and libraries with vulnerable method in use by 90%.
  • Implemented Company wide Security and Compliance Awareness Training program with 100% participation.

Silicon Valley Chapter, Information System Security Association 2009 - Present
President

Elected to the board of directors for the Silicon Valley chapter of the Information System Security Association (SV-ISSA) from 2009 to present. Most recently serving as the President of the chapter.

  • Chairing board meetings, organizing community events, chapter meetings, and annual security conference.

Blue Jeans Network, Inc Mountain View, CA 2014 - 2017
Security Engineer (Acting Information Security Officer)

Developed Information Security Program based on ISO framework for cloud-based video conferencing solution.

  • Provided critical support to the sales team on pre-sales and post-sales customer security evaluations to help close deals.
  • Coordinated security efforts across departments and functions
  • Three-years SSAE 16 SOC 2 security audit with unqualified reports
  • Integrated and managed Security Information Event Management (SIEM) system
  • Implemented software static code analysis systems

Kaiser Permanente Pleasanton, CA 2010 – 2014
Information Security Consultant Specialist

Providing Risk Management and mitigation recommendations for projects in large healthcare organization covering Kaiser's multiple regions providing Project Lifecycle Security Engagements for information technology projects.

  • Evaluate vendors against HIPAA, SOX, and PCI security requirements for Healthcare records
  • Identified potential risk, consulted on correcting or reducing risk and created reporting if uncorrected
  • Performed risk assessments on new projects
  • Consult with Security Operations Team on security events

Security Operations Center Lead

Lead for team of 6 security analysts providing response and investigations into security events and incidents in large healthcare organization.

  • Developed automation for data-loss-prevention (DLP) tools, reducing workload from 16 man hours for single operation to 2 man hours / day
  • Responded to events from Security Incident Event Management (SIEM) system distilling 50 million events into a few hundred actionable items per week.
  • Investigate cases of fraud and abuse.

Proofpoint, Inc • Sunnyvale, CA 2009 – 2010
Sr. Technical Support Engineer

Provide advanced level product support for the Proofpoint Email Protection Server to Self-Hosted as well as Proofpoint hosted customers.

  • SME in Networking and Information Security.
  • Provide policy recommendations to customers for email security and encryption.

Education

  • Masters of Science • Information Security and Assurance
  • Bachelors of Science • Information Technology: Security
  • Computer Communications Systems Control Specialist - U.S. Air Force
  • Basic Military Training - U.S. Air Force

 

Disclaimer

DISCLAIMER: This is a personal Web site, produced in my own time and solely reflecting my personal opinions. Statements on this site do not represent the views or policies of my employer, past or present, or any other organization with which I may be affiliated. All content is copyrighted.