Details
Skills
Microsoft Sentinel, Microsoft Defender XDR, Microsoft Defender for Endpoint, Microsoft Defender for Identity, Microsoft Defender for Cloud Apps, Entra ID, Azure Security, Azure Data Explorer, KQL, Azure Machine Learning, SIEM Administration, Detection Engineering, SOC Operations, Managed Detection and Response, Incident Response, Incident Command, Threat Hunting, Threat Intelligence, Vulnerability Management, LoCI Framework, OT Security, ICS Security, Zero Trust Architecture, Identity and Access Management, Conditional Access, NIST CSF, ISO 27001, NIST 800-53, CIS Controls, MITRE ATT&CK, Risk Management, Security Architecture, Cloud Security, Security Governance, Board Reporting, Executive Advisory, Fractional CISO, Security Awareness, SOAR Automation, Logic Apps, Azure DevOps, OpenCTI, OpenBAS
About
I'm a senior cybersecurity and technology leader with 25 years of experience building security programs that actually work, not security theater. I've led managed detection and response practice achieving 68-minute mean time to containment, served as de facto CISO at TransAlta Corporation where I reduced annual infrastructure costs from $24M to under $10M while building a 24/7 SOC from scratch, and advised CISOs, CIOs, and CEOs across energy, financial services, and enterprise environments on improving cyber resilience. My expertise is in Microsoft Sentinel, Defender XDR, and detection engineering. I developed LoCI, a proprietary vulnerability prioritization framework built natively in Microsoft Sentinel, that a commercial cybersecurity vendor subsequently incorporated into their product. I've commanded incident response during major ransomware events in the Canadian energy sector and presented findings to boards the morning after. I'm Calgary based, open to remote roles nationally, and available immediately for permanent, contract, or fractional CISO engagements through Fulcrum Advisory.
Profile Photo
