Statewide Cybersecurity Risk & Governance Chief

• Oct 2023 - Present

Statewide Incident Response Program Manager

• Jun 2020 - Oct 2023

Adjunct University Professor

• Aug 2019 - Present

Part-time professor for the Management Information Systems program at CSUS. Course content examines network security, ethical hacking, compliance and operational security, threats and vulnerabilities, application and data security, host security, access control and identity management, administration and governance, and cryptography. Part-time professor for the Management Information Systems program at CSUS. Course content examines network security, ethical hacking, compliance and operational security, threats and vulnerabilities, application and data security, host security, access control and identity management, administration and governance, and cryptography.

Chief Information Security Officer

• Aug 2018 - May 2020

Provide direction and security guidance for the California Department of Toxic Substances Control as the Chief Information Security Officer. Build and implement an information security strategy, road map, and program to align security controls, and enable users, business objectives, and services to DTSC’s core mission and values, while reducing organizational risk through digital safeguards and countermeasures. Integrate technology to modernize and streamline DTSC business processes while enforcing regulatory policies to ensure legislative and organizational compliance of the confidentiality, integrity, and availability of California State resources. Direct all aspects of security product life cycles, including but not limited to: requirements gathering, strategy, architecture, design, procurement, decision making, and communication. Reform security culture to increase cyber security resiliency, provide management responsibilities to infrastructure staff, collaborate with regulatory, emergency, and financial State agencies, and act as the Privacy Officer, Technology Recovery Coordinator, and information technology Risk Manager. Provide last level technical support for major security breaches. Show less

Enterprise Security Architect

• Nov 2016 - Aug 2018

Lead Technical Security Architect/Tiger Team Lead: Technical lead to securely design and architect enterprise wide projects, and ensure the compliance to CDCR's DOM, CDT’s SAM, ISO 27000 and NIST frameworks. Promote collaboration and facilitate meetings with different stakeholders on enterprise wide projects as CDCR's Tiger Team coordinator. Provide security guidance and risk mitigation techniques to business units and ensure the confidentiality, integrity, and availability of CDCR data. Develop network diagrams and enterprise firewall rules as necessary. Red Teaming: Audit the enterprise’s security posture through penetration testing and risk assessments, which provided a gap analysis to further create new policies and mitigate departmental vulnerabilities. Additionally, configured, administered, and tuned CDCR's vulnerability scanner and created policies scans to help assess and develop baseline images for DISA STIGs compliance. Blue Teaming: Help create CDCR’s Security Operations Center by drafting playbooks to streamline incident response during security breaches. Conduct analysis and create triggers on suspicious activities utilizing our McAfee Suite (SIEM, ATD, ePO, DLP) and various online website auditing tools to create reports, timelines, and remediation processes to help upper management make data-driven decisions. Show less

Referee

• Aug 2005 - Aug 2018

Manage and control competitive youth and adult soccer games. Work under tight timelines and pressure. Have the ability to think quick on your feet and work off instincts. Handle upset parents and coaches, and resolve issues with the upmost professionalism. Develop communication skills and work with confidence at a leadership capacity. Teach and mentor players. Manage and control competitive youth and adult soccer games. Work under tight timelines and pressure. Have the ability to think quick on your feet and work off instincts. Handle upset parents and coaches, and resolve issues with the upmost professionalism. Develop communication skills and work with confidence at a leadership capacity. Teach and mentor players.

Database Administrator

• Feb 2016 - Nov 2016

Database administrator for DB2 on z/OS. Write SQL queries, REXX and JCL to streamline and automate processes during batch jobs. Perform performance and tuning activities, including backups and recoveries to protect business data from hardware and software failures. Database administrator for DB2 on z/OS. Write SQL queries, REXX and JCL to streamline and automate processes during batch jobs. Perform performance and tuning activities, including backups and recoveries to protect business data from hardware and software failures.