My Projects
I have successfully led and completed numerous cybersecurity projects. I helped manage and deliver multi-year capabilities aligned to improve detection and incident response capabilities and improve security program maturity. I led experienced cybersecurity teams that are the foundation to ensuring the success of these projects. Please take a look at some of our featured projects below:
Improved Threat Intelligence
Technology and vendor selection for endpoint security, next generation firewall, IPS, XDR, SIEM/SOC, WAF, and Proxy
Experienced with implementing Checkpoint, Palo Alto, Zscaler, Imperva Web Application Firewall, Rapid 7, and Nessus technologies. Technology stack and implementations were across multiple data centers and over 6,000 endpoints and managed IOT. Projects were managed on time, within budget, and no impact to the business.
​
Selection criteria included successful POCs and RFPs, measurements and weighted functional areas for vendor service, price, MITRE ATT&CK alignment, performance, management console, XDR, ZeroTrust, DLP, operations integration, playbook scenarios, cloud micro services capabilities.
Security Awareness
Top of mind cybersecurity for engaging security tips and how to report and incident
Implemented multiple security awareness learning tools and programs that keep the business engaged and aware. Quarterly training, monthly phishing exercises, security awareness month and contests. Customer satisfaction surveys and metrics reported a highly engaged audience with lessons learned for home and business.
Security Risk Management
Security risk management established based on IT risk frameworks and methodologies. Developed risk registers based on risk assessment sources including NIST 800-171, CMMC, HITRUST, vulnerability assessments, penetration testing, and other industry program maturity models
Established risk governance processes that prioritizes the highest cybersecurity risk based on a Top 5 Cybersecurity risk model. Top 5 Cybersecurity risk is managed with mitigation activities that are focused to measure overall risk.
​
Risk assessments conducted include NIST, CMMC, security program maturity, privacy, and third party risk. Assessments are scoped against applications, data centers, and locations. Risk register templates were developed along with risk acceptance memorandums. Templates developed included a cybersecurity incident materiality assessment for SEC cybersecurity incident reporting guidance.
