• Compliance expert in FedRAMP/FISMA, ISO, SOC, HIPAA, PCI, NIST 800 series, ISO 27000 series, GDPR, etc.
• Developing cost-effective security program, standards, requirements, policies, processes, procedures, audits.
• Conducting regular audits on systems and host third-party audits for certifications and compliance certificates.
• Providing security information, reporting, marketing, problem solving, solution architecting, and training.
• Collaborating with security architects, technical teams, DevOps, auditors, and customers.
• Provided subject matter expertise in the design, implementation, and assessment of NIST compliant security.
• Documented security programs, standards, requirements, policies, processes, procedures, assessments, audits.
• Lead NARA development of first unified security architecture, cited as “best” federal architecture by OMB.
• Assisted NIST integrating much of my security architecture work into NIST SP 800-53, 800-53A, and 800-53B.
• Implemented security programs at USFS, IRS, EPA, DCMO, DHS, GSA, DOT, others based on NARA/NIST work.
• Rejoined consulting firm to help Fiderus establish security consulting practice, sign and fulfill first contract.
• Helped IBM teams supporting Fleming, K-mart, and Cox Cable with nationwide network and security projects.
• Developed consulting assets, trained consultants, became top selling security and privacy consultant.
• Cofounded consulting firm to provide network and security support services to IBM.
• Helped IBM Investigate and resolve campus-wide system shutdowns originally thought to be hacker attacks.
• Helped IBM design new South Florida secure network and transition legacy networks to new infrastructure.
• Helped develop proof-of-concept infrastructure for new IBM Security and Privacy consulting practice.
• First Metronet ISSO, lead first corporate security program, lead beta test lab, helped develop security products.