Chief Information Security Officer

As the Chief Information Security Officer (CISO), I have direct operational responsibility for the holding company's risk management program, third-party risk management, and coordinating with external auditors. I also have oversight responsibility for the development of policy and procedures, contingency planning and execution, security operations, and incident response handled the Information Technology department. Via the holding company, I am CISO for Bowhead Specialty Underwriters, Bowhead Specialty Insurance Services, and Baleen Specialty. All are wholly-owned subsidiaries of Bowhead Specialty Holdings.

Guest Lecturer/Adjunct Professor

I develop course material and teach on cybersecurity topics as part of the the University's undergraduate program in the Department of Information Systems. CIS 4730 - Network Security Essentials and Practice (Spring 2024) covers such areas as malware, firewalls/network segmentation , identity management/access control, wireless network security, intrusion prevention/network detection and response, and network resiliency.

Head of Cyber Risk Engineering

As the Head of Cyber Risk Engineering, I sit within the underwriting function and attend meetings with applicants' security teams (CISOs, Heads of Security, etc.) to understand how they are managing their own cybersecurity risk. In support of individual risk decisions, I conduct both inside-out and outside-in analyses to determine risk levels within an applicant both internally and relevant to their peers. I develop responses and recommendations for identified deficiencies. I also monitor emerging trends in the cybersecurity market as well as in the threat landscape to assist with overall portfolio steering.

Director, Risk Assessments and Testing

• Team size: Five FTEs and 30 Contractors
• Budget: Multi-million dollar program

As the Director for Risk Assessments and Testing, I am responsible for the development of a new process to assess applications, networks, infrastructure, and third-parties leading to a holistic picture of information technology risk. Additionally, I have implemented significant process improvements focused on integrating disparate cybersecurity and non-cyber e.g. sourcing, privacy, and compliance review efforts across the WarnerMedia enterprise. I am currently developing a enterprise-wide profile based on NIST's Cybersecurity Framework that ensures WarnerMedia is successfully meeting its business objectives through cybersecurity.

Director - Risk Assessments and Testing

• Team size: Five FTEs and 30 Contractors
• Budget: Multi-million dollar program

As the Director for Risk Assessments and Testing, I am responsible for the development of a new process to assess applications, networks, infrastructure, and third-parties leading to a holistic picture of information technology risk. Additionally, I have implemented significant process improvements focused on integrating disparate cybersecurity and non-cyber e.g. sourcing, privacy, and compliance review efforts across the WarnerMedia enterprise. I am currently developing a enterprise-wide profile based on NIST's Cybersecurity Framework that ensures WarnerMedia is successfully meeting its business objectives through cybersecurity.

Director - Technical Security Testing

• Team size: Six FTEs
• Budget: Million dollar program

As the Director of Technical Security Testing, I oversee a team of security architects, threat modelers, and penetration testers. In this role, I developed a standardized process for conducting security architecture reviews that covered application documentation, application development, authentication, data flows and business Logic, implemented cryptography and other data protection mechanisms, and application logging. These requirements are mandated by WM security policy and standards. I also developed a process for executing threat models on application using industry-standard processes that assessed an application/system's digital and network assets which comprise the overall solution, identified application weaknesses, determined what threats exist that could exploit those weaknesses, and established with application owners plans to protect or recover from an attack.

Director - Security Assessments and Infrastructure Engineering and Architecture

• Team size: Six FTEs
• Budget: Million dollar program

As the Director of Security Assessments and Infrastructure Engineering and Architecture, I worked with our leadership and system/application owners to assess the risk new and current information systems bring to the WarnerMedia enterprise including Warner Bros, CNN, HBO, Turner, among others. These assessments include architectural reviews, technical security testing, controls assessments, and other critical elements.

Director - Architecture, Engineering and Asset Security

• Team size: Seven FTEs
• Budget: Multi-million dollar program

As the Director of Architecture, Engineering, and Asset Security, I led a team that designed, build, and operated business critical cybersecurity solutions for Warner Bros. My team and I supported the Warner Bros Technology organization’s core mission to provide secure production, post-production digital media, on-line and mobile gaming, web-hosting services and technical leadership to various WB divisions.

Global Head of Security Architecture

• Team size: 12 FTEs and 1 Contractor
• Budget: Multi-million dollar program

As the Global Head of Security Architecture, I led an enterprise security architecture team that spans the globe. This bank-wide role worked with top leaders across the bank to advocate, strategize, design, develop, and advance security controls into a dynamic and challenging environment. This team covered enterprise security architecture, cyber risk management, cryptographic architecture, data architecture and privacy, and application security architecture (and associated program management and budgeting concerns). The security architecture team was a key component of the Bank’s global architecture efforts and ensures all projects and strategies put forward within the Bank have an alignment to the Bank’s Enterprise Security Architecture. My team also performed special assignments from the Chief Security Officer including engineering and consulting throughout the Bank.

Vice President - Enterprise Security Architecture

• Team size: Five FTEs
• Budget: Million dollar program

I was responsible for developing Deutsche Bank’s enterprise security architecture enabling scalable and effective protection of all Bank IT assets and data globally. As a member of the Chief Security Officer's (CSO) Chief Technology Office (CTO) as well as the Chief Architects Forum, I worked with global business leaders to match their critical business requirements with those of the Bank, it's worldwide regulators, and industry standards thus creating secure solutions and architecture components with a focused on:

Senior Lead Technologist

• Team size: 20 FTEs
• Budget: Multi-million dollar program

I oversaw Booz Allen’s cyber security efforts at a plethora of agencies that compose the Regulators and Housing segment of their Federal Civilian work. These agencies included SEC, CFPB, OCC, and Freddie Mac among others. I developed new solutions and implemented coordinated cross-firm projects for these clients. I led Booz Allen’s work on the National Institute of Standards and Technology’s National Vulnerability Database program. I ensured deliverables are successfully submitted to all client in accordance with requirements and quality goals. I provided research, analysis, and content to develop a national-level cyber security strategy document for an international client. I recommended policies based on evaluation of European and Middle Eastern cyber security policies and strategies and provided timely feedback and input on client policy documents to develop a robust and effective cyber program.

Director - Security Programs

• Team size: Two FTEs
• Budget: Multi-million dollar program

I was responsible for all aspects of ANS' information assurance and information security service offerings. I also developed the information assurance security/cybersecurity services ANS provided to its government and commercial clients. I developed risk management frameworks and security policy for healthcare organizations. In addition, I was the Program Manager for ANS' work with the USAMS 2 (USSTRATCOM) contract, the ITSSS (FBI) contract, and all ANS work at the Defense Information Systems Agency (DISA) as well as the US Navy Seaport-E contract. I regularly liaised with prime contractors and their clients about current and forthcoming work. In addition, I conducted the full spectrum of program management functions for all ANS personnel assigned to programs.

Sr. Program Manager

• Team size: Ten FTEs
• Budget: Multi-million dollar program

I was the Sr. Account Executive for several DOD/Intelligence Programs for ICS. My most recent assignment was as the Senior Program Manager for Diplomatic and Law Enforcement Programs for ICS. Within these programs, ICS had two significant contract vehicles potentially worth a combined $1.4 billion. Previously I served as a Sr. Solution Engineer for ICS' Solutions Engineering Group. My role included acting as a principle technical support for ICS' Business Development Team and ICS' Operational Units. I was responsible also for researching and developing new services for ICS' clients in order for the company to become even more responsive to our clients' needs. As the Program Manager for ICS' work at a large federal agency, I was tasked with overseeing all of ICS' work within the agency.

Security Engineer

• Team size: Three FTEs
• Budget: Million dollar program

I led a team of three security specialists that conducted reviews for compliance to US Air National Guard (ANG) security regulations. I secured the HQ ANG network from backbone to desktop as well as prepared all security related documentation for the ANG Inspector General. I developed the ANG certification and accreditation (C&A) manual. I also conducted user audits to ensure passwords for the ANG user community were in the prescribed format. I developed standard operating procedures for network incidents as well as performed risk analysis on all sections of the ANG network and its local directorate networks. I also participated in the various phases of the ANG’s incident response process including coordinating with US Air Force and federal law enforcement personnel.

Cryptologic Technician Interpretive

Honorable discharge

Cybersecurity Committee Oversight Board Member

Member of the Cybersecurity Committee Oversight Board to assure timely and highly relevant communications to Association members.

Fundraising Organizer

I organized and raised money to benefit Women's Society of Cyberjutsu (WSC). WSC is a nonprofit cybersecurity community for women and girls. Their goal is to train a diverse and defense workforce of cyber talent through hands-on training, networking events, professional development and mentoring. WSC members and supporters have the rare opportunity to impact the direction and goals of the training provided. With this fundraiser, I raised over $600 in three weeks.

Cybersecurity Collaboration Forum Leadership Board Member

As part of the Los Angeles-centric Forum, I work to improve the resiliency of the cybersecurity community through CISO-centric knowledge sharing. I seek to strengthen the community’s ability to share meaningful insights and best practices on the most pressing cybersecurity issues today. I also guide content and curriculum development by recommending thought leaders as potential speakers for Los Angeles events we host.

Communications Chair (Acting)/Board of Directors

As acting Communications Chair, I lead the chapter's efforts to communicate effectively and efficient about upcoming events, issues before the Board of Directors, and general communications with the chapter's members. As a member of the chapter's Board of Directors, I help guide the chapter and participate in leading the chapter as it grows into a world-class organization. I was formally assisting with event coordination as a way of giving back to the cybersecurity community.

Scholarship Review Member

I review applications for cybersecurity scholarships for the Center for Cyber Safety and Education at both the undergraduate and graduate levels. Each candidate is evaluated for passion for cyber, merit, and financial need. These scholarships encourage and support students pursuing a degree with a focus on cybersecurity, information assurance, or similar field globally.

Technical Content Advisor

I provide cybersecurity advice to the CDSA. CDSA, the Content Delivery & Security Association, is the international content protection association. Founded as a non-profit in 1970, CDSA has served as the worldwide forum advocating the innovative and responsible delivery and storage of entertainment, software and information content. Its global membership includes companies involved in every facet along the digital and physical media supply chain.

Member - Board of Advisors

As a member of the Advisory Board to the the Cybersecurity Certificate Program at Ithaca College, I work with program leadership to provide advice and consultative feedback for their cybersecurity certification process. This program is designed to train and develop professionals to manage cybersecurity issues within an organization. The program prepares working professionals to analyze, manage, and build cybersecurity competencies that can protect the organization. It provides participants with the insight and expertise needed to solve real-world cybersecurity problems, recommends practical and strategic solutions, and to communicate results. Participants gain technical, analytical, and communication skills through Ithaca College's project-based interdisciplinary curriculum, which seeks to provide a comprehensive understanding of the new cybersecurity threats and players.

Chartering Secretary

I helped charter, as an officer of the Chapter, the Northern Virginia Chapter of ISC2. This became the largest ISC2 chapter in the world.

Coach

As the co-coach of the Washington County 4H Lego robotics team, I sheparded a team of children through the requirements phase all the way until the qualifier tournament

Committee Member

As member of the Committee of the International Conference on Cyber Warfare and Security (ICCWS), I work with conference organizers to review submitted papers for consideration for inclusion in the conference proceedings.