I am an information security professional with a CISSP certification, a university degree in Computer Science, and twenty years of information security experience. I moved into security following a fifteen-year career in information technology. I am currently growing the security program at a government entity, implementing vital changes that keep up with current threats.
Because I view security risk as an element of the overall risk profile of the company, I have been able to grow security and compliance programs that match well with the company business strategy and culture. I have improved the security culture at companies by having a security team that is accessible and involved, and by extending our creative awareness program to remote personnel and to customers. I improve security acceptance by discussing options and the overall risk profile with managers and team members.
I have adopted and integrated multiple standards including security standards such as ISO 27001/27002, NASPO; IT frameworks COBIT and ITIL; Payment Card Industry (PCI) standards; and government and industry standards from NIST, CJIS, FFIEC, FHFA, NCUA, HIPAA, SOX, and GLBA.