Professional Summary
Over 21 years of program, project, and risk management experience in various industries and government projects including Federal Government, Department of Defense (DoD), General Services Administration (GSA), Healthcare, FedRAMP Authorized Cloud Service Provider (CSP), Educational, Managed Security Service Provider (MSSP), Consulting, and Financial.
Over 20 years of hands-on IT security testing and management experience. Includes IT security SME, governance, risk management, compliance, security analyst, penetration testing, security assessments, security audits, security assessment and authorization, Federal Information System Security SME, and forensics team member. Expert in aligning security programs with current NIST and FedRAMP guidance and requirements.
Over 22 years of tactical operations and emergency management experience with multiple public safety and service organizations. Recent projects include serving as a Volunteer Firefighter and First Responder for the North Fork Fire Protection District, served as a Ranger Service Volunteer in the Colorado Mounted Rangers, serving as the HOPE, Denver Chapter, Disaster Relief Coordinator for flood recovery, volunteered at an orphanage for children with brain injuries and illness in Bangkok Thailand.
Over 17 years of infrastructure and operations management experience including deploying virtual environments.
Over 17 years of software development including enterprise, internet, and mobile applications.
Experience
6/2022 – Present
KPMG International Services Limited (Remote)
Associate Director - GISG Security Architecture and Enablement
Senior AppSec & Cloud Security Architect - GISG Security Architecture and Enablement, 10/2023 - Present
- As a Senior Security Architect, I specialize in offering comprehensive security consultation to Solution Teams across our global organization, ensuring all proposed solutions meet stringent security standards. I prioritize design reviews guided by Zero Trust principles, security best practices, and organizational mandates.
- My role includes Security Assessment Delivery Lead, which includes reviewing, approving, and managing third-parties that conduct thorough reviews encompassing alignment with security requirements, design scrutiny, and threat modeling, crucial for guiding solutions through the security assessment review phase.
- I am deeply involved in developing and enhancing service deliverables, particularly focusing on the security aspects of IaaS, PaaS, and SaaS services, with a strong emphasis on cloud technologies and Artificial Intelligence. Collaboration with organizational solution owners and project teams is integral to delivering robust and scalable security strategies.
- I actively promote cybersecurity awareness by developing and delivering training materials that include a security-focused perspective, thereby bolstering solution-building efforts.
- As a certified expert in AI governance with ISO 42001:2023 certification, design robust enterprise AI security standards compliant with ISO 42001. My experience includes implementing the MAESTRO threat modeling framework and AI Red Teaming strategies, seamlessly integrated across Azure DevOps (ADO) and GitHub pipelines to enhance security and mitigate risks in AI-driven environments.
Associate Director - GISG Security Management
GISG Assessment Manager, 10/2022 - 10/2023
- As a Senior Security Engineer, I oversaw the framework for conducting and monitoring security and compliance assessments. I played a key role in developing strategies and roadmaps for assessments, including architecting, building, and managing the organization's Information Security Boundaries Assessment Program.
- I also contributed to the implementation, maintenance, and enhancement of relevant technology solutions, as well as overseeing support resources. Additionally, I managed the maintenance and improvement of the framework, materials, processes, and procedures for the organization's information security boundaries assessments.
Global Cloud Security Guardrails (GCSG) Assessments Manager, 6/2022 - 10/2022
- As a Senior Security Engineer, I spearheaded the design and administration of a framework for automating monitoring and executing assessments of cloud platforms against the organization’s Global Cloud Security Guardrails (GCSG) and overseeing the monitoring of the overall risk treatment plan.
- I implemented automated monitoring utilizing the organization’s ServiceNow IRM for GCSG alongside cloud-native tools of organizational Cloud Platforms (Azure, AWS, or GCP).
- I oversaw the maintenance and improvement of the GCSG program framework, materials, processes, and procedures, including managing the GCSG Code Repository for disseminating automation code across the organization and providing final approval for code releases.
- Additionally, I contributed subject matter expertise to overarching efforts for GCSG automation, encompassing deployment, monitoring, and assessment.
9/2020 - 6/2022
SynoTek, LLC (Remote)
Chief Information Officer (CIO) / Principal Consultant
- SynoTek, LLC is a minority woman-owned company that is organizations comply with the Federal requirements as identified in the Federal Acquisition Regulation (FAR). We include Federal Information Security Act (FISMA), National Institute of Science and Technology (NIST) guidance requirements, and FedRAMP authorizations and Continuous Monitoring requirements.
- As a principal consultant, I contributed to the development of solutions for GRC implementation. I oversaw and monitored the execution of assessments of information systems against various GRC frameworks and facilitated overall risk management.
- I conducted gap analyses and assessments across multiple frameworks. Additionally, I provided guidance for GRC Automation for Cloud Platforms (Azure, AWS, and GCP) using cloud-native tools.
- GRC frameworks: FedRAMP, FISMA, NIST RMF, NIST CSF, CMS MARS-E, HIPAA HSR, Department of Commerce Privacy Shield, CSA, ISO 27000 Series, GDPR, CIS Benchmarks, CIS Critical Security Controls, DISA STIGS, ITIL, COBIT, PCI-DSS.
12/2020 – 2/2022
BM Watson Health (Remote)
Compliance and Security Manager
- In my role as a senior security and compliance manager, I delivered customer-facing technical leadership within a data warehouse implementation team. My responsibilities included overseeing the security (RBAC, LDAP, DBMS, networking) and compliance (NIST, HIPAA, SSAE16, MITA) components of the solution.
- I effectively communicated these aspects to both technical and non-technical stakeholders. Additionally, I collaborated on new opportunities organization-wide to ensure adherence to security and compliance requirements.
- Key Responsibilities: Participated in requirements and design sessions to ensure compliance with applicable State and Federal regulations in solution architecture.
- Supported and maintained security policies/configuration for DBMS, applications, systems, etc., in both on-premise and cloud-hosted solutions, including encryption keys, access controls, and database audit logging.
- Configured, tuned, and reviewed security logs (e.g., central systems logging, database logging) to enhance anomaly detection and reduce false positives.
- Conducted vulnerability security scans of systems to identify and rectify infrastructure security issues in servers and databases.
- Developed and maintained security plans, procedures, and other necessary documentation.
- Evaluated new platforms and tools in the industry, providing recommendations for their incorporation into current and future projects.
- Advised management by creating scorecards and reports displaying our risk profile, facilitating informed decision-making.
- Offered proactive analysis and options for implementing regulatory requirements from CMS regarding the system's operations.
- Maintained communication with customers regarding new CMS rules, organizing meetings to present findings and facilitate feedback for CMS, while proposing solutions for implementing the rules (controls) in the system.
10/2016 - 9/2020
Collab9 (Remote)
Chief Information Security Officer (CISO)
- As a senior-level executive at Collab9, LLC, a FedRAMP Authorized Unified Communications as a Service (UCaaS) solution provider, I spearheaded the delivery of a secure cloud-based communication solution integrating voice, video, web conferencing, messaging, mobility, and customer care.
- My mission was to align business objectives with security initiatives, ensuring the adequate protection of information assets and technologies. I managed all aspects of the CISO role, leveraging various information security frameworks and the globally accepted project management framework of PMI. Additionally, I fulfilled the role of Collab9 Privacy Officer.
- In my capacity within the Collab9 Secure UC environment, FedRAMP Authorization Boundary, and HIPAA environment, I assumed the following additional roles: Senior Information Security Officer (SISO), Information System Security Officer (ISSO), Information Security Architect (ISA).
- Accomplishments: Successfully conducted FedRAMP Continuous Monitoring Annual Assessments for the years 2017, 2018, and 2019. Completed HIPAA Security Rule Assessment in 2018. Led Gap Analysis from FedRAMP Moderate to FedRAMP High, CJIS, DoD IL5, and IRS 1075 compliance.