Risk and Compliance Manager
• Responsible for the development of Aptiv Connected Services governance, risk, and compliance program with an emphasis on NIST 800-30, NIST Cybersecurity Framework, CIS Top 20, and ISO 27001/27002.
• Function as the Data Privacy Officer for Connected Services, responsible for managing the divisions General Data Protection Regulation (GDPR) and California Consumer Protection Act (CCPA) programs.
• Manage and mentor employees related to risk management, software development, and incident response.
• Ensure the security of Connected Services software development, cloud-based server/serverless IT systems, PKI, and product lines.
• Develop the divisions policies, standards, and procedures.
• Use Agile methodology for project management.
Chief Information Security Officer
• Created Merit’s Community CISO program which performed risk assessments for member organizations. The team evaluated administrative and technical controls based on the use of Open Source Intelligence, NIST Cybersecurity Framework, and the Centers for Internet Security Critical Security Controls.
• Responsible for Merit’s internal governance, risk, and compliance program.
• Co-chair the development of Merit Network’s Cyber Defense Portfolio which provided managed security services to its membership.
• Developed content for workshops and presentations which have been given throughout the country.
• Hired and managed Merit’s cybersecurity team providing feedback on performance, gave direction and follow up tasks, and had weekly 1 on 1 meetings with individual staff.
• Create training workshops for internal employees on various security related topics.
Enterprise Security Architect
• Perform key security roles in assisting state agencies in architecting new or existing systems, identify risks, and develop compensating controls and remediation plans.
• Ensure agency systems met federal, state, and 3rd party regulatory compliance requirements.
• Lead security architect for projects related to federated identity management and deployment of internal cloud services.
• Create and modify State of Michigan security-related policies, standards, and procedures.
• Co-chair of the Enterprise Audit team and a member of the PCI, Enterprise Architecture, Solution Design Team, and Medicaid Compliance Project core teams.
• Conduct preliminary audits for the state’s IRS and Affordable Care Act programs to ensure they meet Publication 1075 and NIST SP 800-53 control objectives.
• Develop continuing education for internal staff.
Network Security Architect
• Coordinated and developed strategic network security plans to protect the State of Michigan’s data, voice, and video traffic.
• Ensured new and piloted State of Michigan projects met federal, state and third-party guidelines as part of the Enterprise Architecture core team.
• Served as the telecommunications representative for PCI and IRS audit core teams.
• Conducted internal departmental control evaluations using CobiT 4.1 governance framework.
Senior Systems Engineer
• Developed and executed a project to redesign the company’s data center to provide high availability for the company and its customers.
• Lead systems engineer for managed hosting services to external customers which included web, email, and database hosting.
• Simplified desktop and server configuration along with implementing centralized identity management.
• Improved Linux deployment and management by creating customized scripts, implemented centralized conﬁguration management services, and custom RPM development.
• Deployed hard drive and removable media encryption software to high risk users.
• Migrated the university’s LDAP servers while adding multimaster replication for high availability, SSL encryption, and roaming user home directories.
• Developed new server builds based on industry standard security guidelines along with creating tools to streamline the process.
• Supervised student employees who worked for the enterprise technology services department. Responsible for assigning projects, mentoring, and giving yearly reviews to those employees.
• Responsible for installation and maintenance of the university’s internal and perimeter ﬁrewalls, IDS/IPS, load balancers and network access control.
• Conﬁgured and maintained over 120 Nortel layer 2 and 3 switches, Nortel wireless switches, and 600 Nortel and Cisco wireless access points.
• Lead projects for hard drive encryption, RSA two factor authentication, and web-based network statistical data.
Ferris State University
Master of Science
Information Systems Management
Advanced Studies Certificate in Information Security and Network Management
Graduated: May 2009
Central Michigan University
Bachelor of Science
Major: Information Technology
Minor: Media Design, Production, and Technology
Graduated: May 2007
Certified Information Systems Security Professional (ISC2)
Certified Secure Web Application Engineer (Mile2)
Certified Penetration Testing Engineer (Mile2)
ITIL v3 Foundation (AXELOS Ltd.)
CobiT 4.1 Foundation (ISACA)