➤ Cybersecurity & Technology Risk ➤ Smart Adoption ➤ Security Engineering and Operations ➤ Compliance ➤ Training (Role based, org-wide, C-Suite, Boards)

➤ Personalized guidance for breaking into cyber and advancing your cyber career. ➤ Mock interviews, resume review, and career planning from experienced industry leaders and hiring managers. * CyberPath Coaching is Powered by ResilientTech Advisors

HIPAA, SOC 2, CMMC, NIST 800-171, NIST 800-53, FedRAMP, FISMA, NIST AI RMF, ISO/IEC 42001 Cyber leadership for SMBs and Government.

Serving as a strategic advisor and leader driving cybersecurity risk reduction strategy and execution across Virginia’s Finance Agencies during a pivotal transition period. Partnering directly with Cabinet Secretaries, state Finance Agency Heads, and CIO/ISO leadership to align 11 enterprise-level risks with strategic risk reduction objectives, prioritized workstreams, and measurable outcomes. Driving implementation across decentralized environments by embedding governance structures, surfacing actionable metrics, and ensuring visible progress in a complex political landscape.

Chief Information Security Officer (CISO) for a for-profit subsidiary of CareFirst Blue Cross Blue Shield serving 70% of the 8.3M Federal Employee healthcare market, overseeing a $33M budget and a team of 143 cybersecurity experts, risk managers, and compliance specialists to enable secure claims processing, benefits administration, and member services. Strategic Leadership: ➤ Defined and implemented the vision, mission, and integration plan for the newly established cybersecurity department, aligning with organizational and business objectives. ➤ Oversaw the integration of cybersecurity functions, including operations, risk management, and compliance, into a unified department. ➤ Delivered regular reports to executive leadership and the Board on cybersecurity strategy, ensuring alignment with long-term goals. Operational Excellence: ➤ Strengthened security and operational efficiency with an SSL certificate automation plan, achieving full automation for development and test environments by 2025. AI and Innovation: ➤ Designed and deployed AI-driven threat monitoring and detection systems, reducing response time to potential incidents by 37%. ➤ Established AI governance and ethical guardrails in collaboration with the Chief Enterprise Architect to ensure responsible and secure implementation of AI technologies. Compliance and Risk Management: ➤ Reinforced stakeholder trust by achieving unqualified SOC 1 and 2 audit opinions, demonstrating operational and regulatory excellence. ➤ Mitigated data privacy risks through a risk-based business process redesign, achieving a 95% reduction in PHI incidents. Financial and Business Alignment: ➤ Mapped the $33M cybersecurity budget to key projects and initiatives, maximizing ROI and aligning with organizational priorities. Incident Response and Preparedness: ➤ Conducted comprehensive tabletop exercises, captured lessons learned, and updated incident response procedures to improve preparedness and resilience.

Recruited as CISO to lead and stabilize data privacy incidents while driving cybersecurity strategy, operations, and compliance for critical healthcare infrastructure. Led a geographically distributed team of 50 cybersecurity professionals with a $9.5M program budget to drive IP, PII, and PHI data security, enabling secure operations for 100,000+ transplant candidates across 250+ transplant centers. Board of Directors & Senate Finance Committee Engagement: ➤ Briefed the Senate Finance Committee and the Board of Directors on privacy incident identification, response, investigation, and remediation actions. ➤ Enabled risk-based decisions on cloud initiatives by developing and presenting strategic security framework to Board of Directors. Incident Leadership: ➤ Led multiple investigations and revamped incident response processes, reducing response time by 30% and strengthening organizational preparedness Regulatory Compliance: ➤ Completed a comprehensive system and data inventory within 14 days to meet federal deadlines and improve compliance Strategic Risk Management: ➤ Redesigned the Information Security program to address capability gaps, align risk mitigation strategies with HHS-HRSA contractual requirements, and support the organization's strategic goal of expanding beyond government contracts into the private sector. ➤ Directed a comprehensive analysis of cyber risk exposure and insurance coverage gaps, leading strategic renegotiations of cyber liability policies to enhance protection for critical assets and align operations with emerging threats and organizational risk priorities. Business Enablement: ➤ Assembled and led a cross-functional team to enable secure mobile access for overseas projects within 72 hours, directly contributing to market expansion. ➤ Championed a secure resource and data access transformation, laying the groundwork for HITRUST certification and strengthening compliance readiness for critical organizational objectives.

Strategy and management consulting, serving F100 clients. ➤ Advised Fortune 100 clients on cybersecurity and technology transformation to enhance operational resilience, compliance, and customer growth potential for clients in highly regulated industries (pharmaceuticals, finance, healthcare, government). ➤ Delivered cybersecurity market research and thought leadership. -Mid-Atlantic cybersecurity ecosystem development and growth. -Pre-deal diligence. ➤ Contributed to firm-wide intellectual property by developing frameworks and strategic guidance on cybersecurity including crisis management, resilience, and best practices.

Led a 12-month strategic initiative to enable the GSK Consumer Health and GSK Biopharma demerger, completed ahead of schedule and under budget. Delivered cybersecurity strategy and frameworks to establish GSK CH as an independent, resilient, and compliant entity. Strategic Leadership: ➤ Delivered a strategic cybersecurity roadmap focusing on people, processes, and technology to enable the digitization of CH’s critical manufacturing infrastructure and network in the United States, the United Kingdom, and Poland. Board Engagement: ➤ Developed Key Risk Indicators (KRIs), Key Performance Indicators (KPIs), and reporting frameworks to enable risk-based decision-making for the GSK CH Board. ➤ Provided cybersecurity and risk reporting Board of Directors and Corporate Executive Team to inform strategic decision-making. Business Enablement: ➤ Enabled GSK CH to operate independently with scalable cybersecurity governance, processes, and threat intelligence capabilities. Strategic Risk Management: ➤ Negotiated favorable cyber insurance terms for GSK Consumer Health and Biopharma, providing financial safeguards against cyber risks such as data breaches, hacking, and digital asset loss ➤ Created information sharing relationships with National Security organizations in the US and UK. ➤ Directed the development of a third-party and vendor management rating system to enhance oversight and reduce risk.

Government and Public Sector (GP) consulting. ➤ Strengthened compliance and enhanced security posture for federal agencies by guiding them through comprehensive cybersecurity and IT strategy enhancements using NIST frameworks. ➤ Increased portfolio profitability and operational efficiency by managing IT governance projects and enhancing client deliverables. ➤ Achieved a 30%-40% improvement in vulnerability remediation for a federal client by successfully resolving 100% of critical issues, 70% of medium vulnerabilities, and 30% of low vulnerabilities, resulting in on-time reauthorization and strengthened system security. ➤ Increased product deployment speed in AWS GovCloud and Azure Government Cloud by 30% by integrating DevSecOps practices to establish consistent CI/CD pipelines and delivering accurate cyber risk assessments, while leading multi-cloud RMF compliance in a 98-person project.

Leadership in cybersecurity and digital transformation. Aligned federal technology programs with national security objectives, mitigated enterprise risks, and led modernization initiatives for the FBI. Select Achievements: ➤ Modernized FBI informant file management by digitizing a paper-based system across 56 field offices and 30+ legal attaché sites, implementing the agency’s first role-based access controls, PKI, and digital signatures. Led change management efforts, earning stakeholder trust through feedback-driven adoption while securing critical assets. ➤ Advanced strategic IT governance by overseeing $30.7M in procurement and risk management initiatives, aligning technology investments with security and operational goals. ➤ Enhanced organizational resilience by developing annual security awareness training for 35,000 employees and IT policy training for 117+ FBI IT program managers, CSOs, and key contributors. ➤ Strengthened compliance and cross-agency collaboration by leading a 30-member CNSS Mobile Security Working Group to issue a directive on secure mobile device usage within five months, overcoming a three-year delay. ➤ Advised senior executives and stakeholders on cybersecurity risks and strategies, ensuring alignment with evolving threats and mission-critical objectives. ➤ Enhanced data security across the IC’s digital landscape by leading the CNSS Mobile Security Working Group (MSWG), collaborating with 23 IC members to develop and issue a directive on secure mobile device usage within 5 months, overcoming a 3-year delay.