Vice President Information Security & Compliance North America

• Sep 2023 - Present

Senior Director Information Security and Compliance

• May 2021 - Present

Global restaurateur HMSHost International is a subsidiary of Autogrill S.p.A. Autogrill S.p.a. is the world’s leading provider of food & beverage serving 900 million customers a year. Autogrill has over more than 60,000 employees working in 31 countries, 4,000 points of sale at over 150 airports worldwide . IT executive with direct reporting relationship into the CIO. My current scope of responsibilities includes Information Security and compliance functions, for a $3 billion dollar food and… Show more Global restaurateur HMSHost International is a subsidiary of Autogrill S.p.A. Autogrill S.p.a. is the world’s leading provider of food & beverage serving 900 million customers a year. Autogrill has over more than 60,000 employees working in 31 countries, 4,000 points of sale at over 150 airports worldwide . IT executive with direct reporting relationship into the CIO. My current scope of responsibilities includes Information Security and compliance functions, for a $3 billion dollar food and beverage organization. My current portfolio of responsibility includes PCI compliance, Network with 3000+ endpoints, Multi Cloud environments, Cash Management & Banking, Technology Innovation Center, NOC & SOC. I am tasked to lead the strategic road map for Information Security to include: • Lead the creation of a global SOC, • create processes and integrations for end points kiosks, mobile apps, eCommerce platform, table-top ordering devices, and mobile wallet etc. to name a few. • Conduct systems tests for security, vulnerability, and availability • Drive enterprise focused security improvements for the company’s products and services • Partner with cross-functional departments to manage efforts to help expand the company’s infrastructure while maintaining compliance • Lead the development of security strategy, standards, and architectural patterns to protect critical business applications in cloud environments • Maintain the company’s global IT infrastructure in a 24x7 environment • Protect customer data, company IP, and vital internal systems through strong Enterprise Information Security planning and governance • Lead IT initiatives for Disaster Recovery and Resilience as part of the company’s BCP program • Plan and manage operating and capital expense budgets including the qualification and selection of software and infrastructure subscription vendors and services • Advise and recommend advancements in technology, infrastructure, and information security

VP Information Security,Compliance & Infrastructure - North America

• Sep 2023 - Present

Travel, Retail, F&B, hybrid and convenience, across airports, motorways, cruises, railways and more, operating in 1,200 locations across 75 countries, Travel, Retail, F&B, hybrid and convenience, across airports, motorways, cruises, railways and more, operating in 1,200 locations across 75 countries,

Senior Director of Information Security, Compliance & Infrastructure

• Feb 2018 - May 2021

MicroStrategy provides business intelligence, and cloud-based services to Fortune 500. I reported to the EVP/CIO and I my portfolio was: • Re-engineered MicroStrategy Global Information Security Engineering to enhance threat protection, centralized security log management, and re-focusing internal resources. • AWS/Azure - Developed 7 Executed Cloud (AWS and Azure) and IT security/compliance strategies to include: Secure Templates, centralized security logging, automated compliance… Show more MicroStrategy provides business intelligence, and cloud-based services to Fortune 500. I reported to the EVP/CIO and I my portfolio was: • Re-engineered MicroStrategy Global Information Security Engineering to enhance threat protection, centralized security log management, and re-focusing internal resources. • AWS/Azure - Developed 7 Executed Cloud (AWS and Azure) and IT security/compliance strategies to include: Secure Templates, centralized security logging, automated compliance evidence collection • Lead assessments, penetration tests and IT Risk Assessment for Cloud Business lines and Corporate • GDPR - Prepared the enterprise to meet all EU GDPR Compliance. Created the engineering process for “secure data bubbles” so that EU data can be managed, processed and viewed only in the EU, by our EU engineers. • PCI/HIPAA/ISO/SOC2 - Greatly improved all Compliance processes for PCI, HIPAA, ISO, SOC 2, Privacy Shield and General Data Protection Regulation (GDPR), by adopting a Governance Risk and Compliance Tool (GRC system) • FedRAMP - Created and lead the project to achieve FedRAMP certification for an AWS cloud offering that will host Federal Customers Cloud, Network Infrastructure, Data Center • AWS – Responsible for cost optimization initiatives. Completed full spending review & negotiated an EDP with AWS that resulted in $1M of yearly reduction. • Lead Azure Information Security - Infrastructure and ISO/SOC 2 • Designed and executed data center space and costs reduction. Developed investment plans for hyper-converged solutions that resulted in 75% reduction of space and costs successfully reduced spending by $1M yearly. • Completed a global network upgrade. The project replaced legacy unsupported and unreliable Cisco networks and wireless solutions with a modern, centrally managed system (Palo Alto, Aruba). The result was, reduction of travel costs, improved user experience Show less MicroStrategy provides business intelligence, and cloud-based services to Fortune 500. I reported to the EVP/CIO and I my portfolio was: • Re-engineered MicroStrategy Global Information Security Engineering to enhance threat protection, centralized security log management, and re-focusing internal resources. • AWS/Azure - Developed 7 Executed Cloud (AWS and Azure) and IT security/compliance strategies to include: Secure Templates, centralized security logging, automated compliance… Show more MicroStrategy provides business intelligence, and cloud-based services to Fortune 500. I reported to the EVP/CIO and I my portfolio was: • Re-engineered MicroStrategy Global Information Security Engineering to enhance threat protection, centralized security log management, and re-focusing internal resources. • AWS/Azure - Developed 7 Executed Cloud (AWS and Azure) and IT security/compliance strategies to include: Secure Templates, centralized security logging, automated compliance evidence collection • Lead assessments, penetration tests and IT Risk Assessment for Cloud Business lines and Corporate • GDPR - Prepared the enterprise to meet all EU GDPR Compliance. Created the engineering process for “secure data bubbles” so that EU data can be managed, processed and viewed only in the EU, by our EU engineers. • PCI/HIPAA/ISO/SOC2 - Greatly improved all Compliance processes for PCI, HIPAA, ISO, SOC 2, Privacy Shield and General Data Protection Regulation (GDPR), by adopting a Governance Risk and Compliance Tool (GRC system) • FedRAMP - Created and lead the project to achieve FedRAMP certification for an AWS cloud offering that will host Federal Customers Cloud, Network Infrastructure, Data Center • AWS – Responsible for cost optimization initiatives. Completed full spending review & negotiated an EDP with AWS that resulted in $1M of yearly reduction. • Lead Azure Information Security - Infrastructure and ISO/SOC 2 • Designed and executed data center space and costs reduction. Developed investment plans for hyper-converged solutions that resulted in 75% reduction of space and costs successfully reduced spending by $1M yearly. • Completed a global network upgrade. The project replaced legacy unsupported and unreliable Cisco networks and wireless solutions with a modern, centrally managed system (Palo Alto, Aruba). The result was, reduction of travel costs, improved user experience Show less

Director of Cyber Security Operation Center - Veterans Affairs Administration

• Jun 2017 - Feb 2018

Director of Operations, Cyber Security Operations Center (Client: Veterans Affairs Administration) Hired to provide leadership for Security Configuration Services and Enterprise Security Change Control Board Teams. Led a team of 20 Subject Matter Experts. Information Security • Selected to be one of the three members team to re-design the CSCO operations, by developing recommendations to redefine and restructure the teams to: o Create new processes for end point detection and… Show more Director of Operations, Cyber Security Operations Center (Client: Veterans Affairs Administration) Hired to provide leadership for Security Configuration Services and Enterprise Security Change Control Board Teams. Led a team of 20 Subject Matter Experts. Information Security • Selected to be one of the three members team to re-design the CSCO operations, by developing recommendations to redefine and restructure the teams to: o Create new processes for end point detection and response (EDR), reporting and mitigating workflows o Create new subteams to hunt for Indicators of Compromise (IOCs) o Create new subteam fully dedicated to Internal Threat identification o Create cross-coordination and collaboration with Incident Handling/Monitoring and Deep Dive Analysis teams o Recruited critical subject matter experts (SME) to properly staff all new teams • Enabled optimization and management of CSOC tools by providing thought leadership to Security Configuration Services team for tools including Palo Alto, F5, Splunk ES, SourceFire and McAfee ePO. • Enabled Salient to improve SCS team performance by assessing existing Tactics, Techniques and Procedures (TTP). Show less Director of Operations, Cyber Security Operations Center (Client: Veterans Affairs Administration) Hired to provide leadership for Security Configuration Services and Enterprise Security Change Control Board Teams. Led a team of 20 Subject Matter Experts. Information Security • Selected to be one of the three members team to re-design the CSCO operations, by developing recommendations to redefine and restructure the teams to: o Create new processes for end point detection and… Show more Director of Operations, Cyber Security Operations Center (Client: Veterans Affairs Administration) Hired to provide leadership for Security Configuration Services and Enterprise Security Change Control Board Teams. Led a team of 20 Subject Matter Experts. Information Security • Selected to be one of the three members team to re-design the CSCO operations, by developing recommendations to redefine and restructure the teams to: o Create new processes for end point detection and response (EDR), reporting and mitigating workflows o Create new subteams to hunt for Indicators of Compromise (IOCs) o Create new subteam fully dedicated to Internal Threat identification o Create cross-coordination and collaboration with Incident Handling/Monitoring and Deep Dive Analysis teams o Recruited critical subject matter experts (SME) to properly staff all new teams • Enabled optimization and management of CSOC tools by providing thought leadership to Security Configuration Services team for tools including Palo Alto, F5, Splunk ES, SourceFire and McAfee ePO. • Enabled Salient to improve SCS team performance by assessing existing Tactics, Techniques and Procedures (TTP). Show less

Director of Information Security and Enterprise Infrastructure

• Sep 2009 - Jun 2017

Director of Information Security & Enterprise Infrastructure Reported to the VP of IT. Advanced to converge two diverse IT organizations, change culture and improve organizational effectiveness. Managed 34 engineers, 16 remote sites, two major data centers and $10 million budget. Led implementation and integration of High Performance Janelia Research Campus Network and IT Infrastructure. Information Security & Compliance • Delivered all key enterprise network, information… Show more Director of Information Security & Enterprise Infrastructure Reported to the VP of IT. Advanced to converge two diverse IT organizations, change culture and improve organizational effectiveness. Managed 34 engineers, 16 remote sites, two major data centers and $10 million budget. Led implementation and integration of High Performance Janelia Research Campus Network and IT Infrastructure. Information Security & Compliance • Delivered all key enterprise network, information security, email, voice and virtualization services for 3,000 users in two main locations in MD and VA, and 25 remote locations. • Improved Information Security posture from below industry standard to on par with Fortune 100 companies. • Reduced technology loss risk by introducing formal Incident Response; built sponsorship and cultural change through data-driven business case to overcome information security spending reluctance, by partnering with Internal Audit department to bundle security with internal audit processes. • Responsible for the uptime and security of all HHIM Web resources which include not only company web sites www.hhmi.org but also world class scientific research web sites such as www.janelia.org Cloud,Network Infrastructure, Data Center • Transformed, consolidated and re-energized IT organization to emphasize customer service excellence. o Built team self-confidence by changing legacy culture replacing external consultant-led initiatives to one that focused on internal capabilities and reducing costs. o Formalized change management to minimize technology and business interruption. o Achieved space, environmental and cost savings by reducing 3,000 physical servers to 2,199 virtual. This resulted in 45% saving in environmental cost for power and cooling. • Implemented first Cloud initiative by leveraging Office 365, One Drive and AWS Glacier to long term storage thereby improving service delivery and storage costs savings. Show less Director of Information Security & Enterprise Infrastructure Reported to the VP of IT. Advanced to converge two diverse IT organizations, change culture and improve organizational effectiveness. Managed 34 engineers, 16 remote sites, two major data centers and $10 million budget. Led implementation and integration of High Performance Janelia Research Campus Network and IT Infrastructure. Information Security & Compliance • Delivered all key enterprise network, information… Show more Director of Information Security & Enterprise Infrastructure Reported to the VP of IT. Advanced to converge two diverse IT organizations, change culture and improve organizational effectiveness. Managed 34 engineers, 16 remote sites, two major data centers and $10 million budget. Led implementation and integration of High Performance Janelia Research Campus Network and IT Infrastructure. Information Security & Compliance • Delivered all key enterprise network, information security, email, voice and virtualization services for 3,000 users in two main locations in MD and VA, and 25 remote locations. • Improved Information Security posture from below industry standard to on par with Fortune 100 companies. • Reduced technology loss risk by introducing formal Incident Response; built sponsorship and cultural change through data-driven business case to overcome information security spending reluctance, by partnering with Internal Audit department to bundle security with internal audit processes. • Responsible for the uptime and security of all HHIM Web resources which include not only company web sites www.hhmi.org but also world class scientific research web sites such as www.janelia.org Cloud,Network Infrastructure, Data Center • Transformed, consolidated and re-energized IT organization to emphasize customer service excellence. o Built team self-confidence by changing legacy culture replacing external consultant-led initiatives to one that focused on internal capabilities and reducing costs. o Formalized change management to minimize technology and business interruption. o Achieved space, environmental and cost savings by reducing 3,000 physical servers to 2,199 virtual. This resulted in 45% saving in environmental cost for power and cooling. • Implemented first Cloud initiative by leveraging Office 365, One Drive and AWS Glacier to long term storage thereby improving service delivery and storage costs savings. Show less

Manager of Information Security and Infrastructure

• Jan 2006 - Sep 2009

Manager Infrastructure & Information Security responsible, design and the implementation of Information Security engineering and network infrastructure. Information Security Established Information Security/Business Continuity and Disaster Recovery programs by: • Designing and implementing Disaster Recovery plan with site-to-site data and applications replication, one data center in VA, and one data center in MD. • Creating Incident Response Policies and Procedure • Establishing… Show more Manager Infrastructure & Information Security responsible, design and the implementation of Information Security engineering and network infrastructure. Information Security Established Information Security/Business Continuity and Disaster Recovery programs by: • Designing and implementing Disaster Recovery plan with site-to-site data and applications replication, one data center in VA, and one data center in MD. • Creating Incident Response Policies and Procedure • Establishing End Point management for both Windows and MAC • Creating yearly Penetration Testing and Mitigation Processes • Preforming semi-annual Disaster Recovery tests Infrastructure and Data Center Implemented first 100GB enterprise network for both commercial and research environments, improving data throughput, exchange, speed and reliability. Led the design and implementation of a High Performance Compute Cluster that was officially benchmarked as 208th in the world. The HPC was based on an innovative Ethernet technology that was recognized globally by industry (Intel produced a white paper and Bio-IT dedicated an article to the implementation). Enabled HHMI to attract and recruit leading global and Nobel winning scientists by designing and bringing online the Janelia Research Campus; designed all IT aspects required to connect and support high end sophisticated scientific equipment. Designed and implemented high throughput network capable of supporting data generation tools that produced, stored and analyzed an average of 12TB of data daily. Improved global scientific collaboration and knowledge sharing by delivering two major auditorium renovations, including broadcast quality audio visual and holograms; facility was used by Nobel Prize winning and leading global scientists to show presentations of past, current, and future initiatives globally through remote access and streaming. Show less Manager Infrastructure & Information Security responsible, design and the implementation of Information Security engineering and network infrastructure. Information Security Established Information Security/Business Continuity and Disaster Recovery programs by: • Designing and implementing Disaster Recovery plan with site-to-site data and applications replication, one data center in VA, and one data center in MD. • Creating Incident Response Policies and Procedure • Establishing… Show more Manager Infrastructure & Information Security responsible, design and the implementation of Information Security engineering and network infrastructure. Information Security Established Information Security/Business Continuity and Disaster Recovery programs by: • Designing and implementing Disaster Recovery plan with site-to-site data and applications replication, one data center in VA, and one data center in MD. • Creating Incident Response Policies and Procedure • Establishing End Point management for both Windows and MAC • Creating yearly Penetration Testing and Mitigation Processes • Preforming semi-annual Disaster Recovery tests Infrastructure and Data Center Implemented first 100GB enterprise network for both commercial and research environments, improving data throughput, exchange, speed and reliability. Led the design and implementation of a High Performance Compute Cluster that was officially benchmarked as 208th in the world. The HPC was based on an innovative Ethernet technology that was recognized globally by industry (Intel produced a white paper and Bio-IT dedicated an article to the implementation). Enabled HHMI to attract and recruit leading global and Nobel winning scientists by designing and bringing online the Janelia Research Campus; designed all IT aspects required to connect and support high end sophisticated scientific equipment. Designed and implemented high throughput network capable of supporting data generation tools that produced, stored and analyzed an average of 12TB of data daily. Improved global scientific collaboration and knowledge sharing by delivering two major auditorium renovations, including broadcast quality audio visual and holograms; facility was used by Nobel Prize winning and leading global scientists to show presentations of past, current, and future initiatives globally through remote access and streaming. Show less

Manager of Network Operation/Network Architect

• Jan 2005 - Dec 2005

Manager of Information Security & Network Architect Network architect, responsible for the management of a highly available campus network that provided integrated data and voice over IP services for biomedical research teams and supported the highest throughput DNA sequencing facility in the world. Direct reports were a team of 4 engineers. Information Security & Compliance • Responsible for the network and information security capacity planning and performance analyses… Show more Manager of Information Security & Network Architect Network architect, responsible for the management of a highly available campus network that provided integrated data and voice over IP services for biomedical research teams and supported the highest throughput DNA sequencing facility in the world. Direct reports were a team of 4 engineers. Information Security & Compliance • Responsible for the network and information security capacity planning and performance analyses. • Developed, recommended and implemented new network and security procedures to ensure relentlessly effective, streamlined and scalable operations for what at the time was the largest sequencing operation in the East Coast of the US. Show less Manager of Information Security & Network Architect Network architect, responsible for the management of a highly available campus network that provided integrated data and voice over IP services for biomedical research teams and supported the highest throughput DNA sequencing facility in the world. Direct reports were a team of 4 engineers. Information Security & Compliance • Responsible for the network and information security capacity planning and performance analyses… Show more Manager of Information Security & Network Architect Network architect, responsible for the management of a highly available campus network that provided integrated data and voice over IP services for biomedical research teams and supported the highest throughput DNA sequencing facility in the world. Direct reports were a team of 4 engineers. Information Security & Compliance • Responsible for the network and information security capacity planning and performance analyses. • Developed, recommended and implemented new network and security procedures to ensure relentlessly effective, streamlined and scalable operations for what at the time was the largest sequencing operation in the East Coast of the US. Show less

Principal Network Engineer

• Nov 2001 - Jan 2005

Contracted to DC DPW and DC DOT to manage the city wide Metropolitan Area Network for the two agencies (DC DPW and DC DOT) • Principal Network Engineer. Contracted to the Office of Information Technology Office, District of Columbia. Tier 3 support for Network Security and Network for the Department of Public Works and Department of Transportation. Member of DC Computer Emergency Response Team (DC CERT). • DPW/DDOT Security Liaison. Interacted with OCTO Security Board; functions… Show more Contracted to DC DPW and DC DOT to manage the city wide Metropolitan Area Network for the two agencies (DC DPW and DC DOT) • Principal Network Engineer. Contracted to the Office of Information Technology Office, District of Columbia. Tier 3 support for Network Security and Network for the Department of Public Works and Department of Transportation. Member of DC Computer Emergency Response Team (DC CERT). • DPW/DDOT Security Liaison. Interacted with OCTO Security Board; functions as AISO (Agency Information Security Officer), liaison between the DC Security Board. Managed Change Control process for DC DPW and DC DOT Show less Contracted to DC DPW and DC DOT to manage the city wide Metropolitan Area Network for the two agencies (DC DPW and DC DOT) • Principal Network Engineer. Contracted to the Office of Information Technology Office, District of Columbia. Tier 3 support for Network Security and Network for the Department of Public Works and Department of Transportation. Member of DC Computer Emergency Response Team (DC CERT). • DPW/DDOT Security Liaison. Interacted with OCTO Security Board; functions… Show more Contracted to DC DPW and DC DOT to manage the city wide Metropolitan Area Network for the two agencies (DC DPW and DC DOT) • Principal Network Engineer. Contracted to the Office of Information Technology Office, District of Columbia. Tier 3 support for Network Security and Network for the Department of Public Works and Department of Transportation. Member of DC Computer Emergency Response Team (DC CERT). • DPW/DDOT Security Liaison. Interacted with OCTO Security Board; functions as AISO (Agency Information Security Officer), liaison between the DC Security Board. Managed Change Control process for DC DPW and DC DOT Show less

Network and Information Security Engineer

• Dec 2000 - Nov 2001

Provided professional Information Security and Network services engineering support to several customers. • Responsible for the design and configuration of the customers highly available Firewall solutions, • Responsible for the design and configuration of the customers highly available Network edge routers of a Major International ISP • Responsible for the design and configuration of the customers highly available e-commerce Web Portals to provide fault tollerance and reduce… Show more Provided professional Information Security and Network services engineering support to several customers. • Responsible for the design and configuration of the customers highly available Firewall solutions, • Responsible for the design and configuration of the customers highly available Network edge routers of a Major International ISP • Responsible for the design and configuration of the customers highly available e-commerce Web Portals to provide fault tollerance and reduce normal workload on Firewalls and load balancers. Show less Provided professional Information Security and Network services engineering support to several customers. • Responsible for the design and configuration of the customers highly available Firewall solutions, • Responsible for the design and configuration of the customers highly available Network edge routers of a Major International ISP • Responsible for the design and configuration of the customers highly available e-commerce Web Portals to provide fault tollerance and reduce… Show more Provided professional Information Security and Network services engineering support to several customers. • Responsible for the design and configuration of the customers highly available Firewall solutions, • Responsible for the design and configuration of the customers highly available Network edge routers of a Major International ISP • Responsible for the design and configuration of the customers highly available e-commerce Web Portals to provide fault tollerance and reduce normal workload on Firewalls and load balancers. Show less