Travel Services Company (NJ)

Served as vCISO for 15 months, reporting to the CTO.  Performed cyber security controls assessment using a commercially available tool that generates maturity “scores.”  Identified projects to close security “gaps.”  Repeated controls assessment quarterly as projects were completed.  Developed a cyber security mission and strategy.  Revised several outdated cyber security policies. Revised the organization’s incident response plan and facilitated tabletop exercises to validate and test the plan.  Prepared reports and presentations for executive management and the Board.  

Real-Estate Development & Management Company (MA)  

Engaged as vCISO for 36 months, reporting to the CIO, following a major cyber security incident.  Proposed and led projects in collaboration with the organization’s Managed Service Provider (MSP) to implement new solutions to close security “gaps” that contributed to the security incident, including a security awareness training platform, secure email gateway, multi-factor authentication, vulnerability management program, and a 24/7 managed detection and response service. Developed a comprehensive set of cyber security policies. Created a comprehensive incident response plan and third-party cyber risk management program. Prepared reports and presentations for executive management.  Coached & mentored the organization's first full-time cyber security professional.      

Integrated Agri-Business (MN)

Conducted a comprehensive risk and controls maturity assessment of 30 cyber security processes and made recommendations to avoid, accept, assign, or mitigate identified risks. Created a multi-year roadmap of proposed projects to enhance the company's cyber resilience based on available resources and the organization's tolerance for risk. Following presentation of assessment results and the proposed project roadmap to senior leadership, retained to lead the implementation of multiple projects identified in the roadmap.

Specialty Insurance Company (NJ)

Engaged as vCISO reporting to the CIO. Conducted a controls security assessment using the NIST Cyber Security Framework (CSF).

Non-Profit Providing Financial & Emotional Support to Families with a Child Diagnosed with Cancer (MN)

Assisted the organization in finding a new Managed Service Provider (MSP). Wrote the RFP, sourced potential providers, reviewed vendor proposals, and interviewed the final candidates.  Had follow-up engagement to perform a comprehensive risk and controls assessment of 27 cyber security processes and made recommendations to avoid, accept, assign, or mitigate identified risks to the organization's Board. Developed a revised information security policy for inclusion in the employee handbook. 

Non-Profit Providing Emergency Shelter & Residential Programs for Homeless Youth, Sexually Trafficked Girls & Adult Men​​ (MN)

Conducted a comprehensive risk and controls assessment of 27 cyber security processes and made recommendations to avoid, accept, assign, or mitigate identified risks. Developed an information security policy for inclusion in the employee handbook. 

Non-Profit Community-Based Educational Foundation (PA) 

Performed a cyber risk assessment of the organization's use of technology and made recommendations to invest in additional controls vs. purchasing cyber risk insurance.