Experience

• 

  (ISC)²

  • Tampa, Florida, United States

  • Content Developer

    • Oct 2021 - Dec 2022
    • Tampa, Florida, United States

    As a Content Developer for ISC2, I'm part of a team primarily responsible for supporting all aspects of the examination development process from exam blueprint creation, through item writing and form development activities, to exam delivery, analysis and item review. I help facilitate the creation of examinations of the highest quality through Subject Matter Expert preparation, workshop participation, form review, process documentation and procedural compliance. Serving as a cybersecurity content expert with a broad understanding of relevant professional topics, I help lead groups of other subject matter experts from all over the world in the production of cohesive, relevant, and challenging examinations of the highest quality.

• 

  BerryDunn — Accounting and Consulting

  • Portland, Maine Area

  • Manager (Cybersecurity Consulting)

    • Apr 2016 - Aug 2021
    • Portland, Maine Area

    Serve as co-practice lead and Project Manager for concurrently active information security projects. Lead a team of highly qualified individuals performing a full spectrum of information security services including information security program development, NIST, ISO, and MARS-E risk assessments, vulnerability scanning and penetration testing, information security maturity modeling, and physical security assessments).Using my deep knowledge and background in information security, I'm often engaged in providing strategic information security planning and virtual CISO services (including strategic security program development, cyber threat intelligence program development, incident response and disaster recovery planning, security design reviews, and flaw remediation strategies).Other duties include:• Identify potential security exposures that may currently exist or may pose a potential future threat to client environments and provide solutions for remediation.• Independently design, recommend, plan, develop and support implementation of project-specific security solutions to meet strategic and operations security requirements.• Lead internal process improvement initiatives including the refinement of information security risk assessment procedures, tool development, and staff development.Accomplishments:• Successfully managed several information security engagements that exceeded client expectations. • Significantly increased engagement realization through process improvements and automation.• Introduced new revenue streams including information security capability maturity modeling and ICS/SCADA security assessments.

• 

  Wapack Labs

  • Manchester, New Hampshire

  • Partner - Managing Director

    • Oct 2012 - Apr 2016
    • Manchester, New Hampshire

    As the Managing Director and Partner of Wapack Labs, I work with some of the most important cutting edge technologies in the field of cyber threat intelligence. Not only do I get to work with highly qualified threat analysts, but on the research and development side, I get work with brilliant talent who are highly involved in developing the next phase of threat intelligence analysis systems that will help protect all industries from cyber threats. • Performed as project lead over highly skilled cyber threat intelligence professionals and malware analysts, producing high quality and actionable threat intelligence reports. • Identify emerging and persistent threats to the organization’s networks, systems, and applications.• Provide technical guidance on risks and control measures associated with emerging threats.• Manage all facets of customer relationships including development of tailored intelligence requirements, collection plans, and reports. • Effectively ascertain and leverage trustworthy, open and closed-source cyber threat intelligence data feeds and tools• Through all-source fusion, write and present global and region specific strategic threat intelligence reports to executive level management teams. Accomplishments: • Assembled a highly effective and diverse cyber threat intelligence team with a low rate of attrition providing Level II and III threat intelligence and analysis reports to Fortune 100 organizations and the Financial Services Information Sharing and Analysis Center (FS-ISAC). • Successfully managed the delivery of several projects including an operational threat intelligence correlation platform used by leading computer emergency response teams. • Authored and published several highly regarded, comprehensive geostrategic cyber risk reports, highlighting risk and resiliency of national critical infrastructures including Iceland, Ukraine, India, and Brazil.

• 

  Alion Science & Technology

  • Bath, Maine

  • MANAGER INFORMATION ASSURANCE & INFORMATION SYSTEMS

    • Nov 2002 - Oct 2012
    • Bath, Maine

    As both Information Assurance Manager and Manager of Information Services, I served Alion as a recognized leader in many security and technology initiatives delivering high value solutions often ahead of schedule and always within budget. Aa a conceptual thinker, I developed and led changes in the business processes and networked infrastructure with my ability to perceive, predict and hypothesize the threat landscape and responded by implementing the most practical and economical strategies to protect the organization's physical and logical assets.As Project Manager I provided oversight, development, and subject matter expertise in all security related matters including policy, standards, and procedures development. As a Fully Qualified Navy Validator, I successfully led several Certification and Accreditation (C&A) efforts for multiple programs requiring an Authority to Operate in both unclassified and classified environments. My responsibilities extended heavily into regulatory compliance. Often performed periodic risk assessment activities including pre-assessment testing requirements and post-assessment executive level written and oral reports to convey the organization’s security risk posture. At the conclusion of these engagements, I provided leadership and oversight of actionable remediation activities to correct security vulnerabilities making recommendations and implementing cost effective controls to reduce security risks to an acceptable level.As a passionate leader in security, I developed and delivered security awareness programs within the organization and consulted with executive management on the development of Incident Response, Business Continuity, and Vulnerability Management plans to ensure conformity with acceptable organizational rules of behavior and mandated regulatory compliance.

• 

  Baker Newman & Noyes

  • Portland, Maine Area

  • MANAGER, IT CONSULTING

    • 2001 - 2002
    • Portland, Maine Area

    • SSAE16 (formerly SAS70), HIPPA, and IT Auditor and team member.• Performed security controls reviews and vulnerability assessments identifying residual risks and control strengthening opportunities.• Assisted in the development of the BNNIT branding and marketing strategy.• Gave written and oral presentations to senior management describing security vulnerabilities and remediation strategies.

• 

  State of Maine Department of labor

  • Augusta, Maine

  • INFORMATION SYSTEMS SPECIALIST

    • 2000 - 2001
    • Augusta, Maine

    • Managed several key system implementations including a statewide case management system for the State Board of Labor Appeals.• Helpdesk team lead for end user support for the agency's 1,600 users• Coordinated and managed enterprise-wide hardware and software installations and upgrades.

• 

  U.S. Coast Guard

  • Portland, Maine Area

  • TELECOMMUNICATIONS SUPERVISOR

    • 1986 - 2000
    • Portland, Maine Area

    • Supervisor of Operations of the Safety and Distress call center including employee scheduling, training, budgeting, and overall effectiveness.• Personnel, physical, and AIS Auditor for shore and afloat activities.• Design, implement, and test Command DRP and BCP.• Configuration and use of all National Safety and Distress communication equipment including VHF, HF, and Satellite communications platforms.