Experience

• 

  Northern Kentucky University

  • Highland Heights, Kentucky, United States

  • Chief Information Security Officer

    • Dec 2021 - Present
    • Highland Heights, Kentucky, United States

    Cybersecurity Architect & Visionary | Strengthening NKU's Digital FortressAt the crossroads of education and innovation, I've spearheaded NKU's journey towards cybersecurity excellence. With an unwavering commitment to information security, I've woven a tapestry of robust initiatives, strategic collaborations, and targeted solutions, reinforcing NKU's reputation as a digital stronghold in the educational realm.Key Achievements:Strategic Alliances: Forged synergistic collaborations across IT departments, colleges, and other key offices, underpinning a cohesive approach to NKU's information security initiatives.Thought Leadership: Delivered comprehensive insights on NKU's cybersecurity landscape to IT governance committees and the Executive Leadership Team, ensuring informed decision-making at the highest echelons.Enhanced Security Infrastructure: Rolled out vital measures like multi-factor authentication, reducing the initiation of phishing campaigns from NKU accounts.Future-Proofing NKU: Charted a three-year roadmap for information security education and awareness, laying down a foundation for continued digital resilience.Hands-On Leadership: Mentored the next generation of information security professionals, emphasizing continual growth and preparedness.Risk Management: Spearheaded the development of a formal risk acceptance process, established vulnerability management programs, and conducted rigorous risk assessments with external partners.Operational Excellence: Led the charge in revising account lifecycles, eliminating dormant accounts, and ensuring real-time, automated remediation of compromised accounts.External Collaborations: Played a pivotal role in the selection of an independent auditor for NKU, ensuring transparency and accountability.

• 

  Zovio

  • Chandler, Arizona, United States

  • Associate Vice-President, Information Security and Risk Management

    • 2020 - 2021
    • Chandler, Arizona, United States

    Information Security Transformation for Leading EdTech ServicesDirected the evolution of information security vision, architecture, and team in tandem with the company's growth into a premier provider of educational technology and pedagogical solutions. Spearheaded identity and integration governance, enhancing secure and fluid onboarding experiences for partners. Managed risk, compliance, and information security operations for an online higher education institution, spanning multiple locations and influencing 50,000+ faculty, staff, students, and partners.Key Achievements:Strategic Visionary: Crafted the overarching information security vision, creating a phased strategy roadmap, and realizing short-to-long-term outcomes.Change Leadership: Orchestrated a secure digital transformation across varied segments of the education vertical, promoting a unified technology approach.Performance Metrics: Conveyed a comprehensive "State of Cybersecurity" narrative, detailing past achievements, present initiatives, and future projections to the board and executive leadership.Talent Acquisition & Growth: Spearheaded the recruitment and expansion of teams in identity access management, information security, and risk management.Unified Tech Architecture: Laid out a tech vision embracing both on-premises and cloud platforms, including Salesforce, Office365, Microsoft Azure, and AWS.Integration Governance: Redefined the identity and service integration framework, ensuring scalability, security, and adaptability to ever-evolving corporate changes such as mergers, acquisitions, and new client onboarding.Vendor Relationships: Managed key third-party cybersecurity partnerships, negotiating optimal service and pricing terms.Compliance Mastery: Pioneered and supervised compliance initiatives encompassing CCPA, GDPR, GLBA, and Sarbanes-Oxley (SOX) IT General and application controls.

• 

  University of Cincinnati

  • United States
  • Higher Education
  • 700 & Above Employee

  • Assistant Vice President | Chief Information Security Officer

    • 2014 - 2020

    Driving Cybersecurity Excellence at the University of CincinnatiSpearheaded cutting-edge cybersecurity initiatives, establishing the University of Cincinnati as an industry leader in information security. My role has been instrumental in navigating a complex higher education landscape teeming with research endeavors, bolstering student experiences, and harnessing emerging technologies to elevate institutional outcomes.Key Achievements:Pioneering Security: Revolutionized cybersecurity strategies, positioning the University of Cincinnati at the pinnacle of academic information security.Strategic Leadership: Directed an enterprise-wide security program, ensuring robustness even amidst a bustling academic and research setting.Tech-Driven Learning: Championed the use of technology to amplify student learning outcomes and optimize operational efficiencies.Governance & Structure: Transformed IT units and reinforced governance to bolster alignment and compliance.Unified Architecture Vision: Delivered a comprehensive tech and security framework, synergizing physical and cloud-based platforms.Budget Mastery: Streamlined institutional budget forecasting for IT, enhancing clarity and transparency.IAM Strategy: Laid out a strategic path for Identity and Access Management, emphasizing regulatory compliance amidst the swift transition to cloud solutions.Professional Development: Reinvested in the IT workforce, equipping them for the cloud era and nurturing their growth through structured roadmaps and mentorship.Collaborative Policy Creation: Fostered collaborative avenues for the development and review of robust information security policies, procedures, and standards.Data Protection: Steered the implementation of a Data Loss Prevention solution, facilitating secure data storage and cloud collaboration.Visibility Enhancement: Boosted insights into the unified security architecture through the rollout of a log aggregation and correlation engine.

  • Adjunct Faculty

    • 2013 - 2020

    College of Business Graduate ProgramAchievement: Faculty Dean’s ListTeaching Role: Instructed "Information Security" for students pursuing MS in Information SystemsCECH School of Information TechnologyRecognition: Awarded "Faculty of the Year"Key Courses Taught:"Senior Design" – A capstone project tailored for seniors majoring in cybersecurityNumerous IT modules including System Administration, Digital Forensics, and more

  • Associate Director, Office of Information Security

    • 2011 - 2014

    Advancing Cybersecurity at the University of CincinnatiInstrumental in shaping the cybersecurity landscape at UC, employing performance metrics for comprehensive vulnerability, threat, and cyber investigation tracking across the institution. I've helmed pivotal cyber forensic investigations in collaboration with the Office of General Counsel and UC's Police Department, ensuring diligent risk mitigation and fostering risk-driven decision-making at leadership levels. Additionally, I've provided strategic oversight to the Cyber Incident Response Team (CIRT) to bolster our detection and response endeavors.Key Achievements:Strategic Vision: Devised a three-year 'IT at UC Data Compliance and Information Security Plan', earning the endorsement of the UC Board of Trustees.Revolutionizing Security: Transformed the university's approach to information security, steering it towards modern best practices.Value-Driven Negotiation: Successfully negotiated and secured competitive pricing, subsequently overseeing the rollout of an end-point security solution and a bespoke enterprise vulnerability scanning program, allowing for tailored controls across diverse academic environments.

  • Information Technology Auditor

    • Sep 2008 - Dec 2010

    Pioneering Advanced Audit Frameworks at the UniversityInstrumental in introducing an innovative audit system and fostering a culture that catalyzed advancements in university information security.Key Achievements:Strategic Vision: Defined the strategic direction for the IT Audit function at the university.Comprehensive Audits: Spearheaded and executed the university’s ERP and DR Readiness audits.Risk Assessment: Orchestrated the university's inaugural IT Risk Assessment, leveraging its insights to map out the IT Audit Universe.Long-Term Planning: Conceptualized and rolled out the first strategic five-year IT Audit Plan for the university.Continuous Audit: Introduced a Continuous Audit framework for the Office of Internal Audit, ensuring real-time insights and adjustments.Confidential Investigations: Undertook multiple discreet investigations at the behest of the university's senior leadership.Engagement with Leadership: Regularly presented and deliberated on audit findings with senior management and audit committee members, fostering informed decision-making.

• 

  Grant Thornton

  • Cincinnati Area, KY

  • Senior Internal Auditor III

    • Jan 2008 - Sep 2008
    • Cincinnati Area, KY

    Advancing Security and Audit Functions at Grant ThorntonInstrumental in managing complex international projects, leveraging cutting-edge tools, and driving compliance and readiness reviews for a diverse clientele.Key Achievements:Global Reach: Directed an international datacenter security and disaster recovery readiness assessment for a Fortune 500 enterprise.Technical Expertise: Employed CAAT (IDEA) for journal entries testing across multiple financial audit clients, ensuring thorough and accurate evaluations.Compliance Mastery: Successfully executed SAS 70 (now SSAE 16) readiness reviews and attestations for two burgeoning mid-market firms.

• 

  PricewaterhouseCoopers

  • Cincinnati Area, KY

  • Experienced Associate

    • Mar 2005 - Jan 2008
    • Cincinnati Area, KY

    Fortifying IT Audit and Security Practices at PricewaterhouseCoopersAt the helm of multiple high-profile IT audit and security engagements, with an emphasis on robust internal controls, compliance, and strategic client relationships.Key Achievements:High-impact Leadership: Orchestrated three Fortune 500 IT audit and security projects, steering teams of up to 10 specialists for each endeavor.Executive Communications: Engaged proactively with senior executives, ensuring clear conveyance of findings and actionable recommendations.IT Control Excellence: Spearheaded IT general controls testing across computer operations, access parameters, program development, alterations, and IT Risk and Governance domains.Operational Oversight: Conducted meticulous reviews of segregation of duties, particularly within GL, AR, and AP business cycles.Client Relations: Forged a strengthened bond with an existing client, culminating in the acquisition of new projects for the firm.Compliance Innovation: Pioneered a compliance department tailored for a Fortune 500 client, reinforcing their regulatory adherence.Financial Insight: Delved into the financial materiality of applications, ensuring the long-term viability and reliability of pivotal systems.