I am an experienced Information Technology professional, having focused most of my career on Information Security, Risk Management, and Compliance. I have worked with many different organizations, both in consulting and industry roles, to help understand the regulations, risks, and challenges they face, and determine strategies for the people, processes, and technologies needed to surmount them.
During my time in consulting, I built comprehensive information security strategies to meet each client’s specific regulatory requirements and security best practices. During my time in industry, I used the skills learned as a consultant to perform the same work internally to an organization, and then helped implement controls to ensure adherence to the overall strategy.
As a consultant, I was directly responsible for leading application security, offensive security, and penetration testing/red teams. My teams and I identified vulnerabilities and issues in infrastructure, applications, and code, and provided our customers with actionable recommendations to address any findings. We translated these technical issues into terms understandable at all levels of the business, especially executive stakeholders, while providing specific details to the technical teams responsible for remediation.
My goal with each program was to ensure constant monitoring and vigilance in protecting customer, partner, employee, and business/company data. I have worked with different departments in each business, such as Product Development, Software Development, Compliance/Risk Management, and others to implement processes that meet customer, regulatory, and/or best practice requirements, while ensuring a balance between business needs and security needs.
As an industry professional, I worked to assess our business, operations, and technology environments/platforms to identify risks and gaps related to information security. I then built, defined, championed, and executed the overall corporate governance, risk, and compliance strategy, including buy-in from key stakeholders. I then worked to communicate governance, risk, and compliance related issues (including IT security, HIPAA compliance, etc.) to management and key executives, to ensure proper awareness and decision making.
Finally, I have always believed you cannot truly help make a business more secure and/or compliant without understanding what it is they do, how they generate revenue, etc. Therefore, after graduating with a technically-focused degree in Informatics, I obtained my Master of Science in Information Systems (MSIS) degree from the Kelley School of Business at Indiana University. Lessons from the MSIS program have been invaluable throughout my career, and have helped me navigate, communicate, and translate risks across all levels of the business.