Experience

Ember River

• United States
• Defense & Space
• 1 - 100 Employee

• VP, Cybersecurity

  • Aug 2023 - Present

  San Diego County, California, United States In this role, Heath manages the development of the internal cybersecurity program, establishes risk management strategies and architectural priorities, and designs the best security frameworks possible for Ember River’s clients.

• vCISO Consultant

  • Jun 2022 - Aug 2023

  San Diego, California, United States He provides Ember River with vCISO services for clients who are looking to refresh a security program or start one for the first time. Heath's current project is focusing on a healthcare technology integrator to assess security maturity, creating a strategy, and build the team to execute that strategy.



Point Loma Nazarene University

• United States
• Higher Education
• 700 & Above Employee

• Adjunct Professor, Management of Information Systems

  • Apr 2019 - Present

  Greater San Diego Area Heath works with students to explore what it means to manage information systems in environments where business and technology activities are increasingly overlapping.



Cask

• Wholesale Import and Export
• 1 - 100 Employee

• Senior Security Consultant

  • Sep 2020 - Mar 2022

  San Diego, California, United States As a Senior Security Consultant for Cask, Heath leads projects that require information system governance to be streamlined and a natural part of service delivery. Leveraging his diverse background in the military, federal government, healthcare and retail, he focuses on helping clients deploy security and GRC applications while considering a wide range of requirements. See below for recent consulting engagement descriptions: - Interim Global Risk Manager - Information… Show more As a Senior Security Consultant for Cask, Heath leads projects that require information system governance to be streamlined and a natural part of service delivery. Leveraging his diverse background in the military, federal government, healthcare and retail, he focuses on helping clients deploy security and GRC applications while considering a wide range of requirements. See below for recent consulting engagement descriptions: - Interim Global Risk Manager - Information Security Program Technical Writer / Program Developer - Senior Advisor for the implementation of ServiceNow Risk Management - Senior Advisor for the implementation of ServiceNow Security Incident Response - Senior Advisor for the implementation of ServiceNow Vulnerability Management Show less



EVOTEK

• United States
• IT Services and IT Consulting
• 100 - 200 Employee

• Business Information Security Officer (BISO)

  • Apr 2018 - Aug 2020

  Greater San Diego Area As Business Information Security Officer for EVOTEK, Heath shaped the company’s overall security service delivery operations, leveraging industry-recognized security controls and advanced technologies to address today’s most critical security threats for clients. His focus areas were vulnerability management, security metrics, insider threat, access management, governance frameworks and to drive strategy through integrity, character, and commitment to EVOTEK and clients.



DXC Technology

• United States
• IT Services and IT Consulting
• 700 & Above Employee

• Vulnerability Analyst

  • Dec 2017 - Apr 2018

  Greater San Diego Area Heath led vulnerability management efforts supporting the County of San Diego and DXC. Heath used vulnerability scan data and external data sources to: 1) make severity adjustments to CVSS scores, as well as 2) work with the rest of IT to prioritize, monitor and complete remediation steps. Interacting with application owners, architects, Wintel teams, infrastructure teams and third-party vendors to reduce exposure. Automation of vulnerability severity adjustment process reduced… Show more Heath led vulnerability management efforts supporting the County of San Diego and DXC. Heath used vulnerability scan data and external data sources to: 1) make severity adjustments to CVSS scores, as well as 2) work with the rest of IT to prioritize, monitor and complete remediation steps. Interacting with application owners, architects, Wintel teams, infrastructure teams and third-party vendors to reduce exposure. Automation of vulnerability severity adjustment process reduced time spent on adjustment from 2 minutes per vulnerability to only seconds per vulnerability. This allowed analysts to focus on mitigation coordination. Monitoring and alerting management about emerging vulnerabilities. Creating executive dashboards summarizing exposure. Assessing pen test results to prioritize and coordinate remediation. Show less



Nike

• India
• Online Audio and Video Media

• Information Security Metrics Lead

  • Dec 2016 - Aug 2017

  Portland, Oregon Area Heath helped develop a program to illustrate Nike's risk posture to the board of directors, CISO, and senior managers. Heath lead a five-person security metrics team. Team members conducted metric design discussions, performed data extraction and transformation from multiple security tools, and developed a front-end dashboard in Tableau. Heath collaborated with developers to wrap the Tableau dashboard in java script for integration with broader intranet experience. Heath's data… Show more Heath helped develop a program to illustrate Nike's risk posture to the board of directors, CISO, and senior managers. Heath lead a five-person security metrics team. Team members conducted metric design discussions, performed data extraction and transformation from multiple security tools, and developed a front-end dashboard in Tableau. Heath collaborated with developers to wrap the Tableau dashboard in java script for integration with broader intranet experience. Heath's data analysis covered the following topics: vulnerability management, end-point protection, pen testing, secure code and network security. These efforts included evaluating the coverage and effectiveness of security controls. Show less



Optiv Inc

• United States

• Senior Research Principal, IAM and Insider Threat

  • Jul 2015 - Nov 2016

  Portland, Oregon / Denver, Colorado Heath created program strategies based on interviews of CISOs and security leaders across the country. These program blueprints illustrated effective ways to build insider threat and identity and access management (IAM) programs.



Providence Health & Services

• Hospitals and Health Care
• 700 & Above Employee

• Senior Information Security Analyst - Program Assessment & Development

  • Apr 2012 - Jun 2015

  Seattle/Portland Provided reporting and analysis to the Board of Directors and senior management regarding information security threats facing this large healthcare organization. Created a set of six key performance indicators for the CISO. Aggregated over 100 base measures of security controls to create these six indicators. Used Qualys vulnerability scan data to prioritize the top 5000 workstations that needed enhanced policies, controls, and asset tracking.

• Business Process Engineer - Information Security, Incident Response

  • Feb 2009 - Apr 2012

  Seattle/Portland Created a process catalog covering the five core activities of the information security program. Enhanced analytic practice for a staff of 20 people. Pivoted operational focus from the process catalog to a set of standard tools that led analysts along the standard process path. This embedded standard processes into daily activities. Improvements included a set of core but flexible writing standards and creating a peer review process. These efforts increased cohesion between… Show more Created a process catalog covering the five core activities of the information security program. Enhanced analytic practice for a staff of 20 people. Pivoted operational focus from the process catalog to a set of standard tools that led analysts along the standard process path. This embedded standard processes into daily activities. Improvements included a set of core but flexible writing standards and creating a peer review process. These efforts increased cohesion between technical assessments and strategic priorities. Our enhanced analytic capability motivated changes such as: - Providing potential cost savings on multifactor authentication by focusing deployments. - Helping local management reverse asset loss trends. - Expanding full disk encryption policy to include high-risk desktops.



U.S. Department of State

• United States
• International Affairs
• 700 & Above Employee

• Economic Analyst, International

  • Jun 2007 - Nov 2008

  Washington D.C. Metro Area Created economic analysis focusing on international finance and financial intermediation. Answered questions regarding to what extent capital flowed from savers to investors in international markets.



US Navy

• United States
• Armed Forces
• 700 & Above Employee

• Linguist

  • Jan 2001 - Dec 2006

  US, Europe, and the Middle East Arabic Linguist