SUMMARY:

• Cybersecurity Professional with 11 years of experience in Cybersecurity Risk Technology and 7 years of Industrial Control Systems (ICS) Cyber Risk Advisory.
• Workjng within the oil and gas industry in helping organizations to determine long - term goals, identify opportunities, and develop action plans for organizations to achieve their overall Cybersecurity objectives.

TECHNICAL SKILLS:

• Security Risk Management
• Information Asset Management
• Threat & Vulnerability Control
• IS Policy & Compliances
• Identity & Access Management
• 3rd Party Security Management
• Data Protection & Privacy
• Security Awareness & Training
• Physical Security Management

PROFESSIONAL EXPERIENCE:

Confidential

Cybersecurity Manager, Risk Advisory

• Managed multiple engagements, performing cyber risk assessments and developing response strategies based on current state, developed target state based on NIST 800-53 and ISO 27001, NIST cybersecurity framework (CSF) standards that ensured business continuity and limited the impact of a security breach.
• Conducted stakeholder’s interviews, reviewed policies and procedures and vulnerability analysis of current state that successfully identified gaps between current state and required future state.
• Delivered workshops that demonstrated how to mitigate network and infrastructure/ security risk and protect sensitive and high value business assets developing trusted expertise that led to identifying and generating $275k in new business opportunities.
• Participated in solution architecture designs ensuring applications and system hardening that led to security efforts assisting with the integration and initial implementation of IAM solutions.
• Responsible for Client delivery within a National practice, which often times included global team members, assessing Power & Utilities Industrial Control Systems, focused on improving their security posture by leveraging technical and business skills.
• Developed the Assessment / Security/ consultancy that built trustworthy and authentic client and internal relationships, ensuring application and system hardening with edge routers and switches.
• Cultivated business development opportunities that contributed to $1.3 million profitable growth.
• Lead multiple engagements specific to industrial control systems (ICS), IT and OT cybersecurity convergence, Internet of Things (IoT) and supply chain management. Minimizing risk and ensuring business continuity by limiting the impact of a security breaches.
• Provided ICS cyber security advice in client engagements (including assessment, design and implementation of security in Linux environments and security infrastructure for IT/OT risk solutions) Provided professional analysis through trusted expertise.
• Performed cyber risk assessments to mitigate security risk based on ISA-99, NIST 800-82, IEC 62443-4-1/2, WIB M-2784, and ISO 27002 cybersecurity frameworks that helped clients in the energy and Oil & Gas industry to be more resilient to cyber threats measured by annual sophisticated attack simulations.
• Worked collaboratively with clients C-level and key business units leads, and 3rd party vendors performing interviews of current state, target state assessments that produced executive roadmaps for continual improvement in teams, technology and processes.
• Defined the templates for delivery engagements. Developed remediation, implementations and integration risk strategies end-to-end solutions. producing individualized reports with successful recommendations.

Confidential

Director, Consulting Services - Oil & Gas Solutions

• Collaborated with clients to address security vulnerabilities, aligning to regulatory compliance to NERC CIP v.5, CIP 002 3, CIP 002 4, IEC 62443/ISA 99, ISO 27001, and NIST 800/82 cyber security guidance. Achieved stronger alignment with Industry standards and companies mission and vision.
• Delivered presentations on Managed Secure Services (MSS) to executive teams on cyber security solutions for 3 of the 6 Oil & Gas Super Majors and third-party vendor collaborations; resulting in pipeline of $2M partner driven sales 2015.
• Worked with automation vendors such as ABB, Siemens, Rockwell, Honeywell, Foxboro, Emerson, Yokogawa technical controls in leveraging cybersecurity, network security penetration testing and improved threat risk and audit / assessments on Linux boxes, which ensured vulnerabilities were managed effectively (e.g. remediated, investigated or mitigated) efficiently.
• Work collaboratively with stakeholders, key business units and vendors (Honeywell, CISCO, Yokogawa, and Palo Alto) in identifying current state security gaps and business risks impact on critical assets. Updated Process Control Domain (PCD) components such as PLCs.
• Conducted security awareness training, managed phishing campaign/awareness program, and threat risk assessment teams. Translated complex technical security issues into the language of business risk and provided guidance on security assessments, ensuring application and system hardening, governance and incident response. Earned “Trusted Member” recognition on informal security steering committees.

Confidential

Lead, ICS Security, Governance Risk & Compliance

• Led ICS Security Center of Excellence to consistently, pragmatically address security infrastructure and network security control system risks; utilizing ICS- CERT cyber-security frameworks and standards such as NIST, ISO, NERC SIP, ISA/IEC. Development, improvement, and implementation of EHS&T Audit process, reporting and metrics related to EHS&T.
• Assessed ICS environments, conducted internal audits, penetration testing, reviewing network system design, configuration, and overall functionality to ensuring applications/systems hardening best practice and corporate policy adherence.
• Oversaw development and updating of ICS policies, standards and procedures enterprise-wide. Performing workshops, and mitigation strategies, based of risk severity rankings, minimizing risk and ensuring business continuity by pro-actively limiting the impact of a security breach.
• Worked with stakeholders, 3rd party vendors, internal teams to address security risk and vulnerabilities relevant to cybersecurity standards and GRC regulations pertinent to utility environments, such as ICS-CERTS, NIST SP 800-53/82, NERC CIP, NEI 08-09, ISA 99, NIST CSF that successfully ensured application/ system hardening on edge points, tracked 100% of vulnerabilities to closure across the lifecycle.

Confidential

Co-Founder and Principal Partner, ICS Cyber IT Security | Business Development

• Worked collaboratively with clients Executive Management teams and key business asset owners, and 3rd party vendors performing network security, current state, target state, and roadmap assessments, remediation, penetration testing implementation and integration of governance and risk end-to-end solutions. Resulting in client’s reaching and maintaining their target ICS Infrastructure security state, and compliance.
• Designed, reviewed, and implemented security infrastructure solutions to meet client needs for adversary simulation penetration testing and strategic advisory services, with a reputation for closing deals through demonstration of technical excellence and understanding of the client’s security program.