Director of Security and Compliance

• Oct 2022 - Present

virtual Chief Information Security Officer

• Mar 2022 - Oct 2022

Recruited member of a boutique security firm with revenues ranging from $2-5M specializing in providing security services to small health care offices (as small as 5 people) to large private equity-funded medical conglomerates (as large as 200+ practices and 3,000+ people) to light manufacturing firms to private equity firms. Client’s revenues range from $750,000 to $1.5B. Responsible for mentoring over 500 clients on how to customize their cybersecurity programs to protect their valuable and protected data. Help lead a modernization of the security risk assessment methodology, improve automation in support of continuous monitoring of risk postures for clients, and lead the effort to migrate clients to formal risk awareness and risk acceptance, where appropriate. Provide executive-level summaries and in-depth technical reviews of risk assessments, penetration tests, and tabletop exercises. Coached in-house IT teams on how to develop, and propose for decision, courses of action to remediate or mitigate identified risks. Show less

Chief Information Security Officer

• Jun 2017 - Mar 2022

o Leader of a team of 5 direct reports, 5 contractor support team, and 80+ indirect reports across multiple subordinate organizations. The team is developing, implementing, and maintaining a security posture acceptable to Academy leadership. Leading effort to gain authorization to operate for multiple management zones for the Academy's greenfield deployment of the West Point Research and Education Network (WREN)--part of the Academy's modernization program and nested within US Army's Network Cross-Functional Team. The WREN services the US Army Military Academy Preparatory School and the US Army’s only undergraduate college with 4,400 students, 2,850 staff, faculty, and contractors, 300+ servers, 2,700+ Wireless Access Points, 30,000 corporate and personal devices and an annual college budget of over $350M. o Contract author and administrator for over $6M per year in the last three years. This includes a $4M+ Migration Support Contract for moving the college to Office 365/Academic 5 and a $1.3M Risk Management Framework Support Contract. Both contracts, over their lifetimes, represent $20M investment by the college. o 10+ years collaborating with C-Suite leaders designing and implementing cybersecurity and risk management plans for organizations ranging in size from 500 to 35K across multiple countries. This includes first-ever formal risk acceptance by one organization, convincing an oversight body to defer sanctions in another organization, and design/building a cybersecurity plan from scratch. o Experienced with formal risk management processes and frameworks: National Institute of Standards and Technology (NIST) Special Publication (SP) 800-53 Security and Privacy Controls for Federal Information Systems and Organizations, NIST SP 800-171 Controlled Unclassified Information (CUI) in Non-Federal Information Systems and Organizations, DOD Instruction 8510.01 Risk Management Framework (RMF) for DoD Information Technology (IT). Show less

Associate Professor Of Computer Science

• Aug 2015 - Mar 2022

o Teach Computer Science to IT and CS cadets in the Senior Design courses with an emphasis on the use of Agile Software Development, problem decomposition and planning, task estimation, individual and group communications, team dynamics. o Teach Test Driven Development (TDD) and Object-Oriented Programing (OOP) to juniors in the CS program. Emphasis is on use of automated testing frameworks, distributed source code management, team dynamics, problem decomposition and planning. o Serve as a senior faculty member within the Department and as part of the Department’s leadership team. Help establish and maintain a sense of team and community through formal and informal events, get together, and other opportunities to get department members to form a cohesive team.o Serve as Co-Course Director for the Senior Design Course (XE401/402). Continued refinements and adjustments to the course as it evolved from a waterfall model approach to problem solving to a hybrid of agile and waterfall methods. Teams included students from degree programs in Electrical Engineering, Computer Science, Information Technology, Systems Engineering, Mechanical Engineering, Civil Engineering, Operations Research, and History. Research sponsors included Army Research Labs, National Security Agency, National World War II Museum, various Army Research and Development Commands, and other commercial and government entities. o Serve as Department Academic Councilor responsible for advising cadets.o Mentor to cadet research and design project teams. I have advised dozens of cadets over the years I have been in the department in my roles as a ‘customer,’ course instructor, and project advisor. Support included technical guidance as well as mentoring and guiding soon-to-be Second Lieutenants (2LT) on task decomposition, project planning, and communications skills. Show less

Director, Cyber Research Center

• Aug 2014 - Jul 2018

o Lead the Cyber Research Center (4 direct reports, 2 military professors and 2 civilian professors) and its team of researchers/collaborators in research supporting US Military Academy, Department of the Army, and Department of Defense sponsors. Provide cadets and faculty a margin of excellence in cyber education through developing education, research, publishing in support of academic advancement and training opportunities. Develop and execute multi-year research plan to grow the Army's Cyber Leaders. Lead implementation of USMA's Cyber Leader Development Program under the guidance of the Army Cyber Institute's CLDP development for the Army.o Responsible for recruiting and maintaining a “margin of excellence” for D/EECS cadets, leadership, faculty, and USMA with educational, professional development, research and outreach opportunities. Margin of excellence opportunities include: cadet senior design projects with external sponsors; summer academic individual advanced development (AIAD) (a.k.a. summer internships); presenting at and attending conferences (e.g., BlackHat, ShmooCon, Women in Cyber Security); participating in competitions (e.g., LA-HACK, National Collegiate Cyber Defense Competition (CCDC), cyber capture the flag events); and education and training opportunities (e.g., SANS events, DEFCON).o Assisted alumni association in increasing endowments earmarked for CRC from $0 to $3.5M, with a further $2.5M pledged.o I recruited junior & senior faculty to be researchers in faculty, cadet, or combined faculty and cadet research projects. Helped recruit 17 faculty to conduct funded research projects. Junior faculty participation in research projects is essential for enabling their publication and earning academic promotion.o Provided research oversight and compliance support for faculty with their own research sponsors. There were recurring sponsors that provided $300K-$500K per year in support of their and faculty proposed projects. Show less

Assistant Professor of Computer Science

• Jun 2013 - Aug 2015

o Teach Computer Science to IT and CS cadets in the Senior Design courses with an emphasis on the use of Agile Software Development, problem decomposition and planning, task estimation, individual and group communications, team dynamics. o Teach Test Driven Development (TDD) and Object-Oriented Programing (OOP) to juniors in the CS program. Emphasis is on use of automated testing frameworks, distributed source code management, team dynamics, problem decomposition and planning. Assisted the Department Deputy Head in implementing and tracking changes to the Software Testing and Development Course (CS403) as we re-purposed it to TDD from OOP.o Responsible for designing, teaching, and implementing changes to the Senior Design Course that incorporated Agile Software Development into the curriculum. As course co-director, designed and taught a hybrid of agile and waterfall methods to 10-15 teams per academic year. Teams included students from degree programs in Electrical Engineering, Computer Science, Information Technology, Systems Engineering, Mechanical Engineering, Civil Engineering, Operations Research, and History. Research sponsors included DARPA, Seagate, Army Research Labs, National Security Agency, various Army Research and Development Commands, and other commercial and government entities. o Mentor to cadet research and design project teams. I have directly advised 20+ cadets in teams that I ran. Support included technical guidance as well as mentoring and guiding soon-to-be Second Lieutenants (2LT) on task decomposition, project planning, and communications skills.o Mentor to junior faculty per year in their roles as project advisors in the senior design project course sequence. I collaborate with another nine permanent and rotating senior faculty members, from four different USMA departments in the same role. Show less

West Point Visiting Fellow

• Jun 2017 - Aug 2017

o Advised Army Cyber Command leadership on multiple cybersecurity initiatives: cybersecurity of platform information technology; testing and deployment of endpoint cybersecurity capabilities; and development of the US Military Academy's "West Point Research and Education Network (WREN)." The WREN is a greenfield network outside the Department of Defense Information Network security perimeter to better support the Academy’s distinctive mission with design philosophies foreign to many Department of Defense paradigms. o I developed 10 recommendations to improve the ARCYBER and Army processes to execute the Congressionally directed effort to conduct cyber operations threat assessments against major Army weapons platforms. o I was a planner and action officer for ARCYBER’s initial efforts to implement Endpoint Management as a Service (aka Tanium). Show less

PhD Candidate

• Jun 2010 - Jun 2013

Studying Computation, Organization, & Society (COS) at CMU's Center for Computational Analysis of Social and Organizational Systems (CASOS), Institute of Software Research (ISR), School of Computer Science (SCS). COS is a multi-disciplinary program of Computer Science, Computational Sociology, and Organization Science. It focuses on the use of Computer Science, Artificial intelligence, Statistics, Organizational Psychology, and Modeling and Simulations to better understand the dynamic complexities of human and organization interaction. Show less

Cybersecurity Plans and Operations Officer

• Oct 2009 - Jun 2010

o I was a planner and action officer for the creation of Army Cyber Command. I chaired multiple working groups, planning meetings, writing committees and planning teams among and between numerous Headquarters, Department of the Army and Army Major Command stakeholders. o Army Forces-Cyber was a temporary command that Headquarters Department of the Army established as part of US Army Space and Missile Defense Command / US Army Strategic Command (SMDC/USARSTRAT). o I was a planner and action officer for the creation of Army Cyber Command. I chaired multiple working groups, planning meetings, writing committees and planning teams among and between numerous Headquarters, Department of the Army and Army Major Command stakeholders. o Army Forces-Cyber was a temporary command that Headquarters Department of the Army established as part of US Army Space and Missile Defense Command / US Army Strategic Command (SMDC/USARSTRAT).

Theater Information Assurance Program Manager

• Oct 2008 - Oct 2009

o Led a team of 2 direct reports and 200+ indirect reports in sustaining the appropriate risk management posture on behalf of the Commander, US Army Central Command. Responsible for the information assurance posture for deployed forces, bases, camps, and stations in Southwest Asia. o Achieved the first ever Authority to Operate (ATO) for USARCENT Secret network serving six (6) sites in three countries and 30K Soldiers and civilians under the DoD Information Assurance Certification and Accreditation Process (DIACAP). Postured the Command to develop and achieve an ATO for the USARCENT unclassified network before I departed. o As part of the G6, I helped write and monitor the execution of operations orders to accomplish cyberspace specific missions, tasks, and requirements. o Reduced cross-service reciprocity for connecting systems to the Army network from 2-3 months to 1-2 weeks. o Led the multi-organizational team that became the ad hoc Incident Response team in support of a named operation that remediated a nation-state cyber security issue. Show less

Deputy CIO & C2BMC Technical Manager, JFCC Integrated Missile Defense

• Jun 2006 - Oct 2008

o Led a team of 2 direct reports and 25 indirect reports within the J6 Command Control Communications section. Responsible for conveying operational and strategic requirements for the Command Control Battle Management Communications (C2BMC) system to Missile Defense Agency’s (MDA) material developers. Responsible for coordinating with MDA and Headquarters US Strategic Command to ensure communications and information flow was always available for the national missile defense program. o My team also persuaded US Strategic Command and Defense Information Systems Agency to name JFCC-IMD the Computer Network Defense Service Coordinator and eventually Computer Network Defense Service Provider for the US national ballistic missile defense system.o As C2BMC Technical Manager, I led an end-user integration effort with MDA to bring operators/users of C2BMC to the Missile Defense Agency's software developers of the user interface testing. This first-of-its-kind effort led to estimated $1M-2M in cost avoidance by NOT building software in a manner users did not expect it to work. o As C2BMC Technical Manager, I was lead for coordinating Certification and Accreditation actions with US Pacific Command, US Northern Command, and Missile Defense Agency to deploy and employ C2BMC within each Headquarters in support of their missile defense missions.o Was lead planner for J6 for a named operation using MDA assets. Show less

Program Manager Air and Missile Defense Operational Test Suite (AMDOTS)

• Oct 2005 - Jun 2006

o Within the Integrated Threat Warning/Attack Assessment (ITW/AA) System Certification Division (J65), I led a team of 5 contractors and 30 USAFA service members as ad hoc team members to design, deploy, and employ an out-of-band test suite to 35+ national missile warning sites around the world. The suite ultimately decreased annual reporting to Congress of system readiness from months-per-report to weeks-per-report. The suite ultimately came online ahead of schedule, under budget, and overperformed.o Inherited a ~$3M up-front-cost and $1M recurring cost project proposal to Joint Interoperability Testing Command (JITC). I succeeded in receiving the JTIC award and then worked with local command resources to fund the remainder of the project. I led the project through multiple negotiations with US Air Force commands that operate and maintain the warning sites to install this system into their network with thorough technical and policy discussions. I led the project through the installation and testing of the first two sites, and then conducted a project handoff with my successor program manager.o The Successor manager completed the project early, under-budget, and demonstrated initial operating capability (IOC) months ahead of schedule. Show less

Branch Chief, Integrated Threat Warning/Attack Assessment (ITW/AA) System Certification Division

• Oct 2005 - Jun 2006

o I led a team of 1 direct report, 5 contractors, and coordinated a team of ~30 US Air Force (USAF) service members and USAF civilians to support the annual end-to-end test of the ITW/AA system. This end-to-end test is the culminating event each year for the US Air Force and other sensor owners to ensure the people, systems, and process work to provide accurate and timely information to national decision makers.o The operation of the test was the responsibility of US Strategic Command. The planning and execution of the data collection across the system and its sites, the collection of that data (e.g., digital audio tapes, compact discs, print outs, packet captures) for analysis, and the analysis of the collected data was the responsibility of my team. Show less