Experience

FCJ Cybersecurity LLC

• United States
• IT Services and IT Consulting
• 1 - 100 Employee

• Business Owner & Advisor

  • May 2023 - Present

  Riverside, California, United States Recent client projects include security risk assessments, security program remediation management and vCISO services in the healthcare and government industries.



Marcum Technology

• United States
• Information Technology & Services
• 1 - 100 Employee

• Vice President, Cybersecurity & Digital Forensics

  • Aug 2020 - Apr 2023

  Costa Mesa, California, United States Led the national cybersecurity and digital forensics consulting practice for this leading professional services and technology firm. Global practice leader for a leading professional services firm that provides cybersecurity, privacy and digital forensic services to enterprise and mid-market clients across the globe. Directed teams responsible for penetration testing, network vulnerability analysis, web application scanning (DAST and SAST), risk assessments (governance and technical)… Show more Led the national cybersecurity and digital forensics consulting practice for this leading professional services and technology firm. Global practice leader for a leading professional services firm that provides cybersecurity, privacy and digital forensic services to enterprise and mid-market clients across the globe. Directed teams responsible for penetration testing, network vulnerability analysis, web application scanning (DAST and SAST), risk assessments (governance and technical), cybersecurity and privacy policy creation and improvements, incident response, digital forensics, e-Discovery, expertise witness, court testimony, virtual CISO services and more. Actively marketing services through content creation and delivery of targeted webinars, white papers, articles, interviews and other key messaging. Show less



PSI Services LLC

• United States
• IT Services and IT Consulting
• 700 & Above Employee

• Head of Information Risk Management Office

  • Oct 2019 - Aug 2020

  Glendale, California, United States Redesigned, staffed and led the cybersecurity, privacy, risk and compliance organizations under one umbrella for this leading psychometric software company that is the largest portfolio company under Waud Capital, a major private equity firm based in Chicago, IL. Directed teams responsible for penetration testing, network vulnerability analysis, web application scanning (DAST and SAST), risk assessments (governance and technical), cybersecurity and privacy policy creation and improvements, and… Show more Redesigned, staffed and led the cybersecurity, privacy, risk and compliance organizations under one umbrella for this leading psychometric software company that is the largest portfolio company under Waud Capital, a major private equity firm based in Chicago, IL. Directed teams responsible for penetration testing, network vulnerability analysis, web application scanning (DAST and SAST), risk assessments (governance and technical), cybersecurity and privacy policy creation and improvements, and incident response. Implemented vastly improved PCI DSS, NIST CSF, CCPA, ISO 27001 and GDPR cybersecurity, governance, risk and compliance programs across this global organization. Show less



Stridium Cybersecurity Advisors LLC

• United States
• IT Services and IT Consulting

• Founder & Managing Partner

  • Apr 2016 - Oct 2019

  Riverside, CA Founded and managed Stridium Cybersecurity Advisors, which provided cybersecurity consulting services to small and medium businesses with a focus on the senior decision makers in these organizations - the C-level Executives, Board of Director members and Owners. Provide clients with penetration testing, network vulnerability analysis, web application scanning (DAST and SAST), risk assessments (governance and technical), cybersecurity and privacy policy creation and improvements, incident… Show more Founded and managed Stridium Cybersecurity Advisors, which provided cybersecurity consulting services to small and medium businesses with a focus on the senior decision makers in these organizations - the C-level Executives, Board of Director members and Owners. Provide clients with penetration testing, network vulnerability analysis, web application scanning (DAST and SAST), risk assessments (governance and technical), cybersecurity and privacy policy creation and improvements, incident response, digital forensics, e-Discovery, expertise witness, court testimony, virtual CISO services and more. Actively marketing services through content creation and delivery of targeted webinars, white papers, articles, interviews and other key messaging. Show less



ALLAKAZAM

• Board Member & Security Advisor

  • Nov 2016 - Mar 2019

  Inverness, Illinois Provided board-level advice to help steer this data-driven startup. Also provided cybersecurity advice and direction to the company.



RSM US LLP

• United States
• Accounting
• 700 & Above Employee

• Director, Security & Privacy Services

  • May 2014 - Apr 2016

  Irvine, CA Practice leader for the Western US-region Security and Privacy Services consulting practice. Designed and delivered information security-related assessments, audits and advice. Directed teams responsible for penetration testing, network vulnerability analysis, web application scanning (DAST and SAST), risk assessments (governance and technical), cybersecurity and privacy policy creation and improvements, incident response, digital forensics, e-Discovery, expertise witness, court testimony… Show more Practice leader for the Western US-region Security and Privacy Services consulting practice. Designed and delivered information security-related assessments, audits and advice. Directed teams responsible for penetration testing, network vulnerability analysis, web application scanning (DAST and SAST), risk assessments (governance and technical), cybersecurity and privacy policy creation and improvements, incident response, digital forensics, e-Discovery, expertise witness, court testimony, virtual CISO services and more. Actively marketing services through content creation and delivery of targeted webinars, white papers, articles, interviews and other key messaging. Show less



Esri

• United States
• Software Development
• 700 & Above Employee

• Chief Information Security Officer (CISO)

  • Mar 2013 - May 2014

  Redlands, CA Responsible for the global security strategy for Esri to be the trusted provider of geographic information solutions that empower our colleagues and customers to make critical decisions with greater confidence. In this role, manage a global organization consisting of Security Operations, Security Engineering, Security Architecture, Security Assurance and Physical Security. Leverage a matrix and discipline based structure to execute a strategic security plan with a global service delivery model.… Show more Responsible for the global security strategy for Esri to be the trusted provider of geographic information solutions that empower our colleagues and customers to make critical decisions with greater confidence. In this role, manage a global organization consisting of Security Operations, Security Engineering, Security Architecture, Security Assurance and Physical Security. Leverage a matrix and discipline based structure to execute a strategic security plan with a global service delivery model. Internal and external resources under my direction lead risk assessments, security design, security development, delivery, and security monitoring of Esri information technology security as well as risk management, regulatory compliance, forensics, eDiscovery, ethics, and physical security. Oversees the company’s global technology security architecture, with a focus on security policies, engineering, operations and compliance standards. Show less



Grant Thornton International Ltd

• United Kingdom
• Accounting
• 400 - 500 Employee

• Global Director, Information Security & PMO

  • Jul 2012 - Mar 2013

  Oakbrook Terrace, IL Built and led the global information security capability and global project management office for this global professional services organization. Worked with the largest member firms to provide direction and cybersecurity services needed across multiple member firms. Served as the global information security officer and advisor on the Grant Thornton global information security council.



Deloitte

• Business Consulting and Services
• 700 & Above Employee

• Senior Manager, Global Security Office

  • Oct 2008 - May 2012

  Chicago, IL Built holistic global application security program from scratch to mitigate application security vulnerabilities found in internally developed solutions as well as purchased vended solutions. Directly drove strategy, policies, risk assessments, application testing, security architecture, training and awareness. • Led a team of risk assessors, security assurance testers and security architects responsible for providing application security services to the firm • Directly assessed the… Show more Built holistic global application security program from scratch to mitigate application security vulnerabilities found in internally developed solutions as well as purchased vended solutions. Directly drove strategy, policies, risk assessments, application testing, security architecture, training and awareness. • Led a team of risk assessors, security assurance testers and security architects responsible for providing application security services to the firm • Directly assessed the technical security aspects of all individual enterprise development projects • Analyzed, refined and directly approved all application security architectures, code remediation plans, change management requests, web application firewall rules, SOA and firewall change requests, standards exception requests, and enterprise security architecture board proposals • Defined, proposed and implemented a risk assessment methodology into the software development lifecycle of all internal development teams • Refined, proposed and implemented a security assurance testing capability including a new audit-based annual review process and underlying technology and convinced leadership to roll it out to all member firms • Defined, proposed, and integrated a new security review process into the existing Procurement process and performed security reviews of more than 200 separate product and services RFPs, RFIs and SOWs • Directly negotiated technical security contract terms of more than 60 separate vendor agreements related to vendor hosted and developed solutions • Defined and proposed a new vendor security risk management process and supporting technology and staffing requirements for all third party hosted applications and environments Show less



Lincoln Financial Group

• United States
• Financial Services
• 700 & Above Employee

• Director, Security Assurance

  • Jun 2007 - Sep 2008

  Arlington Heights, IL Defined, proposed and implemented a comprehensive application security capability, including processes, staffing, and supporting technology for all internally developed and externally purchased applications. Hired a team of application security analysts to a) scan all web application code bases, b) improve the SDLC of all internally developed code as well as c) its delivery to production environments. Promoted from divisional responsibilities to corporate security. Left during reduction in… Show more Defined, proposed and implemented a comprehensive application security capability, including processes, staffing, and supporting technology for all internally developed and externally purchased applications. Hired a team of application security analysts to a) scan all web application code bases, b) improve the SDLC of all internally developed code as well as c) its delivery to production environments. Promoted from divisional responsibilities to corporate security. Left during reduction in force.

• Director, Architecture Assurance

  • Jan 2007 - May 2007

  Arlington Heights, IL • Promoted from divisional responsibilities to corporate security



Career Education Corporation

• United States
• Education Administration Programs
• 700 & Above Employee

• Senior Security Architect

  • Jan 2006 - Jan 2007

  Chicago, IL • Created, proposed and implemented a risk assessment methodology for all internally developed applications • Defined, proposed, built and implemented an enterprise digital forensics and e-Discovery capability, integrated with the legal and HR departments • Directly investigated more than 100 individual complaints using tools built in Linux • Worked with multiple development groups to integrate risk assessments into their SLDCs



Allstate

• United States
• Insurance
• 700 & Above Employee

• Security Architect

  • Aug 2003 - Jan 2006

  Northbrook, IL • Led a team that created, architected, proposed and implemented a firm-wide internal public key infrastructure (PKI) that provided server, code-signing and individual certificates to all employees and critical applications • Worked with multiple departments to integrate this new PKI into existing processes and tools • Created and implemented the organizational strategy for addressing tape backups for all business units



Tripoint Systems Development Company

• VP, Information Technology & Chief Security Officer

  • Apr 2000 - Aug 2003

  Chicago, IL • Established and led a team that created a market-leading subscription-based legal invoicing system and the underlying infrastructure components necessary to deliver it to more than a dozen corporate law departments and their outside counsel • Participated in pre-sales functions selling the new legal invoice system through a combination of teleconferences, web conferences, written materials and on-site presentations • Met directly with and negotiated technical legal terms of contracts… Show more • Established and led a team that created a market-leading subscription-based legal invoicing system and the underlying infrastructure components necessary to deliver it to more than a dozen corporate law departments and their outside counsel • Participated in pre-sales functions selling the new legal invoice system through a combination of teleconferences, web conferences, written materials and on-site presentations • Met directly with and negotiated technical legal terms of contracts every prospective client • Led a client forum of strategic customers with responsibility for driving a portion of the technical product direction • Directly architected and coded the base product and underlying components • Built a corporate information security capability that withstood every independent security audit conducted by Fortune 100 companies and later achieved SAS70 Type II audit certification • Promoted from VP, R&D to responsibility for all of IT including infrastructure, development and security Show less



Relavis Corporation

• Software Development
• 1 - 100 Employee

• Software Development Manager

  • Feb 1994 - Apr 2000

  Chicago, IL • Led a programming team that created a CRM product that was a four-time Lotus Beacon Award for Best-In-Showcase • Directly architected and coded the base product and underlying components • Helped establish this company as the market leading Lotus Notes software company in North America • Worked with product management in a pre-sales function to capture the specific technical specifications and value of the solution for prospective clients • Met directly with prospective clients to… Show more • Led a programming team that created a CRM product that was a four-time Lotus Beacon Award for Best-In-Showcase • Directly architected and coded the base product and underlying components • Helped establish this company as the market leading Lotus Notes software company in North America • Worked with product management in a pre-sales function to capture the specific technical specifications and value of the solution for prospective clients • Met directly with prospective clients to review features and functionality Show less



Microsoft

• United States
• Software Development
• 700 & Above Employee

• Systems Engineer

  • Jan 1993 - Sep 1993

  Oakbrook Terrace, IL • Consulting engagement to soft sell Microsoft products and act as a onsite presence to a major pharmaceutical company



Galaxy Technology, Inc.

• Network Sales Engineer

  • Jan 1992 - Jan 1993

  Wood Dale, IL • Marketed, cold-called and sold computer hardware on an aggressive quota to regional resellers and small businesses



MicroAge

• United States
• IT Services and IT Consulting
• 200 - 300 Employee

• Systems Engineer

  • Jul 1990 - Nov 1991

  Chicago, IL • Collected requirements from clients, designed network systems, and co-sold computer hardware, software, training and services to medium and large organizations



Setko Fasteners, Inc.

• Manager, Information Systems

  • May 1989 - Jun 1990

  Bartlett, IL • Directly designed and implemented a sales ordering system for the sales and accounting departments • Directly coded a turn-key inventory system for the tool crib



Brady, McQueen, Martin, Collins & Jensen

• Technical Writer

  • Feb 1988 - Apr 1989

  Elgin, IL • Hired by senior partner to draft trusts, briefs, court filings and other legal documents



US Navy

• United States
• Armed Forces
• 700 & Above Employee

• Active Duty Enlistment

  • 1984 - 1988

  Electrician's Mate (EMFN) U.S.S. John F. Kennedy, CV-67 | Norfolk, Virginia Musician's Mate (MUSN) United States Navy Band | NTC Great Lakes, Illinois