Travel Services Company (NJ)

Served as vCISO for 15 months, reporting to the CTO.  Performed cyber security controls assessment using a commercially available tool that generates maturity “scores.”  Identified projects to close security “gaps.”  Repeated controls assessment quarterly as projects were completed.  Developed a cyber security mission and strategy.  Revised several outdated cyber security policies. Revised the organization’s incident response plan and facilitated tabletop exercises to validate and test the plan.  Prepared reports and presentations for executive management and the Board.  

Real-Estate Development & Management Company (MA)  

Engaged as vCISO reporting to the CIO following a major security incident. Proposed and led projects in collaboration with the organization’s Managed Service Provider (MSP) to implement new solutions to close security “gaps” that contributed to the incident - a security awareness training platform, a secure email gateway, multi-factor authentication, a vulnerability management program, and a 24/7 managed detection and response service. Developed a comprehensive set of cyber security policies. Created a comprehensive incident response plan. Prepared reports and presentations for executive management.        

Integrated Agri-Business (MN)

Conducted a comprehensive risk and controls assessment of 30 cyber security processes and made recommendations to avoid, accept, assign, or mitigate identified risks. Created a multi-year roadmap of projects to enhance the company's cyber resilience based on available resources and the organization's tolerance for risk.

Specialty Insurance Company (NJ)

Engaged as vCISO reporting to the CIO. Conducted a controls security assessment using the NIST Cyber Security Framework (CSF).

Non-Profit Providing Financial & Emotional Support to Families with a Child Diagnosed with Cancer (MN)

Assisted the organization in finding a new Managed Service Provider (MSP). Helped write the RFP, sourced potential providers, reviewed vendor proposals, and interviewed the final candidates.  Had a follow-up engagement to perform a comprehensive risk and controls assessment of 27 cyber security processes and made recommendations to avoid, accept, assign, or mitigate identified risks. Developed an information security policy for inclusion in the employee handbook. 

Non-Profit Providing Emergency Shelter & Residential Programs for Homeless Youth, Sexually Trafficked Girls & Adult Men​​ (MN)

Conducted a comprehensive risk and controls assessment of 27 cyber security processes and made recommendations to avoid, accept, assign, or mitigate identified risks. Developed an information security policy for inclusion in the employee handbook.