Cyber Risk Management thought leader with over 30 years of
experience in the IT industry, the last 25 focused specifically on
cyber security. Worked as both CISO of multinational company, and
a management consultant performing risk management and risk
engineering to mature customer security and privacy programs.
I advise many venture capital firms, and review dozens of
cybersecurity technology companies each year. I have informally
and formally advised many cybersecurity startups.
-
Centene Corporation
VP, Information Security
July 2019 - Present (4 years 8 months)
Charlotte, North Carolina
VP, CISO Carolina Complete Health
Hired as in-state CISO for NC health plan. Also responsible for BCP and DR. But primarily support Centene IT security by participating on security steering committees, assisting in security strategy, budgeting, and board presentations; assisting GRC requirements, supporting other state healthplans, and acting as virtual CISO for subsidiaries within US and UK.
-
Manifest
Advisory Board Member
August 2023 - Present (7 months)
Charlotte, North Carolina, United States
-
The CyberNest
Advisory Board Member
April 2023 - Present (11 months)
Charlotte, North Carolina, United States
-
Crumpton Group LLC
Chief, Cyber and Information Security
January 2015 - July 2019 (4 years 7 months)
Arlington, VA
Act as surrogate CISO for companies without cyber security leadership, or advisor to CISOs in US, Canada, Mexico, and Europe wanting to mature their security program. Conduct dozens of enterprise risk assessments for companies in varying industries around the world.
Major projects include:
- Implemented a security operations center (SOC) for large Mexican conglomerate, developing all processes and procedures, hiring and training staff.
- Developed and implemented IT security governance process for Mexican conglomerate, and act as Chair for their governance committee for first 6 months.
- IT risk advisor to Board of Directors for large multinational healthcare company; attending quarterly board meetings
- Assisted Fortune 100 company security program to help them feel comfortable to move private data in the cloud for first time.
- Developed entire Master’s degree curriculum with three degree concentrations for prominent Technical University in Mexico. Supporting professors in tuning class material.
- Worked on year-long project to evaluate the IT risk management program for large US Sports League.
-
DMI (Digital Management, LLC)
Vice President, Chief Information Security Officer (CISO)
2011 - 2014 (3 years)
Bethesda, MD
DMI’s first CISO: developed the corporate security architecture and maintained a secure infrastructure while the company tripled in size, acquired 5 companies and expanded to over two dozen global offices.
Significant Achievements:
- Re-wrote and reorganized all cyber security policies, implemented GRC program, and maintained ISO 20000 and 270001 certified security practice
- Personally performed daily security operations and incident response tasks, managing and monitoring perimeter and endpoint security tools
- Resident mobile security subject matter expert for customer engagements, designed architecture and business plan for European Mobile Security Operations Center to provide Mobile security management for customer devices, and performed a Mobile risk assessment for large International company
- Oversaw Trusted Computing consulting practice
