President & CISO

• Dec 2019 - Present

Create or improve your entire cybersecurity program, measuring and improving its effectiveness while improving reporting as well (to the Board and the rest of the organization). Fractional CISO services, coaching and mentoring also available. Podcasting, authoring and speaking available. Vendor advising available. Create or improve your entire cybersecurity program, measuring and improving its effectiveness while improving reporting as well (to the Board and the rest of the organization). Fractional CISO services, coaching and mentoring also available. Podcasting, authoring and speaking available. Vendor advising available.

Producer and Host

• Jan 2021 - Present

Giving back to the infosec community with the help of a diverse group of friends and experts who bring a human perspective to cybersecurity. Relevant and informative with a bit of Texas flavor. The show explores deep and complex topics in cybersecurity. You might want to take notes! Giving back to the infosec community with the help of a diverse group of friends and experts who bring a human perspective to cybersecurity. Relevant and informative with a bit of Texas flavor. The show explores deep and complex topics in cybersecurity. You might want to take notes!

CIO & CISO

• Mar 2023 - Present

At Precedent, our products provide a multi-faceted approach to impact your attorney represented claims, ensuring fair and reasonable settlement outcomes. Our AI data solutions automate demand identification, accelerate the review process, and guide claims staff to produce optimal outcomes. This allows adjusters to actively monitor every bodily injury claim while guiding them to those that require more attention, new actions, or complex decision-making. At Precedent, our products provide a multi-faceted approach to impact your attorney represented claims, ensuring fair and reasonable settlement outcomes. Our AI data solutions automate demand identification, accelerate the review process, and guide claims staff to produce optimal outcomes. This allows adjusters to actively monitor every bodily injury claim while guiding them to those that require more attention, new actions, or complex decision-making.

CISO

• Feb 2023 - Present

Establish trust in the devices that power and run your business. Eclypsium’s supply chain security platform builds trust in your core technology by identifying, verifying, and fortifying the infrastructure code in enterprise software, firmware, and hardware. Establish trust in the devices that power and run your business. Eclypsium’s supply chain security platform builds trust in your core technology by identifying, verifying, and fortifying the infrastructure code in enterprise software, firmware, and hardware.

Delivery CISO

• Apr 2023 - Present

NTT DATA is one of the world’s largest digital consulting and IT service companies. NTT DATA is ranked as one of the world’s most valuable brands, listed in the top 10 global business and IT services companies, and recognized as a leading global data services company. NTT DATA is one of the world’s largest digital consulting and IT service companies. NTT DATA is ranked as one of the world’s most valuable brands, listed in the top 10 global business and IT services companies, and recognized as a leading global data services company.

President Elect

• Jun 2022 - Present

The Security Tinkerers, whose byline is "Advancing cybersecurity through trust", are a non-profit organization comprised of world class CISOs, CTOs, cybersecurity CEOs, and others who have rallied together to promote and encourage growth in the cybersecurity industry.

Member

• Dec 2018 - Present

Member, Informed Defenders Council

• Jan 2021 - Present

Security controls are composed of people, processes, and technologies, and absent regular testing against real-world threats, there is no way to ensure they will perform as intended when the time comes. Legacy manual testing practices are sporadic and provide insufficient coverage to ensure effectiveness. A strong breach and attack simulation platform emulates the adversary and generates real-time data to help identify control failures, resolve structural weaknesses, and make smart investment… Show more Security controls are composed of people, processes, and technologies, and absent regular testing against real-world threats, there is no way to ensure they will perform as intended when the time comes. Legacy manual testing practices are sporadic and provide insufficient coverage to ensure effectiveness. A strong breach and attack simulation platform emulates the adversary and generates real-time data to help identify control failures, resolve structural weaknesses, and make smart investment decisions. Show less Security controls are composed of people, processes, and technologies, and absent regular testing against real-world threats, there is no way to ensure they will perform as intended when the time comes. Legacy manual testing practices are sporadic and provide insufficient coverage to ensure effectiveness. A strong breach and attack simulation platform emulates the adversary and generates real-time data to help identify control failures, resolve structural weaknesses, and make smart investment… Show more Security controls are composed of people, processes, and technologies, and absent regular testing against real-world threats, there is no way to ensure they will perform as intended when the time comes. Legacy manual testing practices are sporadic and provide insufficient coverage to ensure effectiveness. A strong breach and attack simulation platform emulates the adversary and generates real-time data to help identify control failures, resolve structural weaknesses, and make smart investment decisions. Show less

Member Of The Board Of Advisors

• May 2021 - Present

Founded in 2017, Living Security’s mission is to help prevent cybersecurity breaches with a human risk management solution that does more than meet compliance needs, it also truly changes behavior. Living Security believes empowering people is the key to ending cybersecurity breaches. picking up where traditional security awareness training drops off. Gamified learning and immersive experiences engage and educate users, while the science-backed, tech-enabled platform uniquely provides CISOs… Show more Founded in 2017, Living Security’s mission is to help prevent cybersecurity breaches with a human risk management solution that does more than meet compliance needs, it also truly changes behavior. Living Security believes empowering people is the key to ending cybersecurity breaches. picking up where traditional security awareness training drops off. Gamified learning and immersive experiences engage and educate users, while the science-backed, tech-enabled platform uniquely provides CISOs the ability to measure training efficacy and program ROI. Show less Founded in 2017, Living Security’s mission is to help prevent cybersecurity breaches with a human risk management solution that does more than meet compliance needs, it also truly changes behavior. Living Security believes empowering people is the key to ending cybersecurity breaches. picking up where traditional security awareness training drops off. Gamified learning and immersive experiences engage and educate users, while the science-backed, tech-enabled platform uniquely provides CISOs… Show more Founded in 2017, Living Security’s mission is to help prevent cybersecurity breaches with a human risk management solution that does more than meet compliance needs, it also truly changes behavior. Living Security believes empowering people is the key to ending cybersecurity breaches. picking up where traditional security awareness training drops off. Gamified learning and immersive experiences engage and educate users, while the science-backed, tech-enabled platform uniquely provides CISOs the ability to measure training efficacy and program ROI. Show less

Advisory Board Member

• Jan 2023 - Present

With the ever-expanding ecosystem of mobile workers, cloud services, and devices, identity is the only remaining control plane for keeping the bad guys out. And effective identity-centric security relies on the integrity of Active Directory. Semperis protects the heart of your identity infrastructure so you can focus on your organization's core mission. With the ever-expanding ecosystem of mobile workers, cloud services, and devices, identity is the only remaining control plane for keeping the bad guys out. And effective identity-centric security relies on the integrity of Active Directory. Semperis protects the heart of your identity infrastructure so you can focus on your organization's core mission.

Advisor

• Aug 2023 - Present

Member, Advisory Council

• Mar 2021 - Present

Complete and continuous visibility of your vulnerabilities that put your business at risk—all while running silently in the background during normal business hours. Nodeware enables businesses to easily monitor their network, identify security gaps, and access detailed reports in order to achieve security compliance and protect their networks. Complete and continuous visibility of your vulnerabilities that put your business at risk—all while running silently in the background during normal business hours. Nodeware enables businesses to easily monitor their network, identify security gaps, and access detailed reports in order to achieve security compliance and protect their networks.

CISO & CTO

• Feb 2021 - Oct 2022

TrustMAPP delivers continuous Security Performance Management, giving CISOs a real-time view of their cybersecurity maturity. TrustMAPP tells you where you are, where you’re going, and what it will take to get there. From a single source of data, an organization’s security posture is visible based on stakeholder perspective: CISO, C-Suite, and Board. TrustMAPP gives organizations the ability to manage security as a business, quantifying and prioritizing remediation actions and costs.

Member Of The Board Of Advisors

• Oct 2019 - Feb 2021

Member Of The Board Of Advisors

• Feb 2020 - Jan 2021

Southern Methodist University will create, expand, and impart knowledge through teaching, research, and service, shaping world changers who contribute to their communities and excel in their professions in a global society. Among its faculty, students, and staff, the University will cultivate principled thought, develop intellectual skills, and promote an environment emphasizing individual dignity and worth. SMU affirms its historical commitment to academic freedom and open inquiry, to moral… Show more Southern Methodist University will create, expand, and impart knowledge through teaching, research, and service, shaping world changers who contribute to their communities and excel in their professions in a global society. Among its faculty, students, and staff, the University will cultivate principled thought, develop intellectual skills, and promote an environment emphasizing individual dignity and worth. SMU affirms its historical commitment to academic freedom and open inquiry, to moral and ethical values, and to its United Methodist heritage. Show less Southern Methodist University will create, expand, and impart knowledge through teaching, research, and service, shaping world changers who contribute to their communities and excel in their professions in a global society. Among its faculty, students, and staff, the University will cultivate principled thought, develop intellectual skills, and promote an environment emphasizing individual dignity and worth. SMU affirms its historical commitment to academic freedom and open inquiry, to moral… Show more Southern Methodist University will create, expand, and impart knowledge through teaching, research, and service, shaping world changers who contribute to their communities and excel in their professions in a global society. Among its faculty, students, and staff, the University will cultivate principled thought, develop intellectual skills, and promote an environment emphasizing individual dignity and worth. SMU affirms its historical commitment to academic freedom and open inquiry, to moral and ethical values, and to its United Methodist heritage. Show less

Delivery CISO

• Jun 2019 - Jan 2021

NTT DATA is one of the world’s largest digital consulting and IT service companies. NTT DATA is ranked as one of the world’s most valuable brands, listed in the top 10 global business and IT services companies, and recognized as a leading global data services company. NTT DATA is one of the world’s largest digital consulting and IT service companies. NTT DATA is ranked as one of the world’s most valuable brands, listed in the top 10 global business and IT services companies, and recognized as a leading global data services company.

Co-Host, Founder, Defense in Depth Podcast

• Jan 2019 - Jan 2021

Defense in Depth is a 25-minute weekly advice podcast (Thursdays at 6 A.M. ET) that’s based on a single online discussion. The show was co-founded by technology journalist David Spark and Allan Alford, CISO. Defense in Depth is a 25-minute weekly advice podcast (Thursdays at 6 A.M. ET) that’s based on a single online discussion. The show was co-founded by technology journalist David Spark and Allan Alford, CISO.

Chief Information Security Officer (CISO)

• Jul 2018 - May 2019

Mitel is a global market leader in business communications, powering more than two billion business connections with our cloud, enterprise and next-gen collaboration applications. With more than 70 million users in nearly 100 countries, Mitel is the only company that wakes up every day exclusively focused on helping customers take their communications from where they are today to where they expect them to be. Mitel is a global market leader in business communications, powering more than two billion business connections with our cloud, enterprise and next-gen collaboration applications. With more than 70 million users in nearly 100 countries, Mitel is the only company that wakes up every day exclusively focused on helping customers take their communications from where they are today to where they expect them to be.

Chief Information Security Officer (CISO)

• Sep 2017 - Jul 2018

Forcepoint is the leading user and data security cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value. Forcepoint is the leading user and data security cybersecurity company, entrusted to safeguard organizations while driving digital transformation and growth. Our solutions adapt in real-time to how people interact with data, providing secure access while enabling employees to create value.

Product & Business Information Security Officer (PISO & BISO)

• Jan 2017 - Sep 2017

At Pearson, our purpose is simple; to add life to a lifetime of learning. We believe that every learning opportunity is a chance for a personal breakthrough. That's why our ~20,000 Pearson employees are committed to creating vibrant and enriching learning experiences designed for real-life impact. We are the world's leading learning company, serving customers in nearly 200 countries with digital content, assessments, qualifications, and data. For us, learning isn't just what we do. It's who we… Show more At Pearson, our purpose is simple; to add life to a lifetime of learning. We believe that every learning opportunity is a chance for a personal breakthrough. That's why our ~20,000 Pearson employees are committed to creating vibrant and enriching learning experiences designed for real-life impact. We are the world's leading learning company, serving customers in nearly 200 countries with digital content, assessments, qualifications, and data. For us, learning isn't just what we do. It's who we are. Show less At Pearson, our purpose is simple; to add life to a lifetime of learning. We believe that every learning opportunity is a chance for a personal breakthrough. That's why our ~20,000 Pearson employees are committed to creating vibrant and enriching learning experiences designed for real-life impact. We are the world's leading learning company, serving customers in nearly 200 countries with digital content, assessments, qualifications, and data. For us, learning isn't just what we do. It's who we… Show more At Pearson, our purpose is simple; to add life to a lifetime of learning. We believe that every learning opportunity is a chance for a personal breakthrough. That's why our ~20,000 Pearson employees are committed to creating vibrant and enriching learning experiences designed for real-life impact. We are the world's leading learning company, serving customers in nearly 200 countries with digital content, assessments, qualifications, and data. For us, learning isn't just what we do. It's who we are. Show less

Chief Information Security Officer (CISO)

• Jan 2002 - Dec 2016

(Also: Director of Product Security, Sr. Manager of Product Security) Companies choose Polycom for solutions that enable their geographically dispersed workforces to communicate and collaborate more effectively and productively over distances. Using Polycom telepresence, video, and voice solutions and services, people connect and collaborate from their desktops, meeting rooms, class rooms, and mobile settings. Organizations from a wide variety of industries and the private sector work… Show more (Also: Director of Product Security, Sr. Manager of Product Security) Companies choose Polycom for solutions that enable their geographically dispersed workforces to communicate and collaborate more effectively and productively over distances. Using Polycom telepresence, video, and voice solutions and services, people connect and collaborate from their desktops, meeting rooms, class rooms, and mobile settings. Organizations from a wide variety of industries and the private sector work with Polycom standards-based solutions to: - Gain a fast return on their investment as their teams easily collaborate "face to face" wherever they are - Cut the time, cost, and carbon emissions associated with gathering the right people in one place to solve problems - Apply saved resources, time, and energy to primary business and organizational challenges In today's economy, Polycom makes good business sense.

Senior Manager, IT Operations

• 2002 - 2006

(Also: Manager, IT Operations and Sr. Systems Administrator)