Skills
1. Cybersecurity and Information Security:
- Penetration Testing
- Vulnerability Assessment
- Intrusion Detection
- Network Security
- Security Monitoring
- Risk Assessment and Reduction
2. Network and Systems Architecture:
- Secure Network Architecture
- LAN-WAN
- Network Infrastructure Architecture
- Web Architecture
- Application Architecture
3. IT Infrastructure and Protocols:
- DNS Administration
- IP (Internet Protocol)
- Packet Switching
- DMZ (Computing)
4. Compliance and Standards:
- PCI Compliance
- IT Security Policies & Procedures
- Information Security Policy
5. Project Management and Professional Services:
- Professional Services Management
- Project Planning
- Proposal Generation and Writing
6. Risk Management:
- Quantitative Risk
- Cyber Security Risk
- Security Metrics
7. Technical Skills:
- Computer Engineering
- Computer Networking
- Windows OS Configuration
8. Communication and Education:
- Presentations
- Technical Writing
- Computer Science Education
- Information Security Awareness
9. Business Continuity and Disaster Recovery:
- Business Continuity Planning
10. Software and Tools:
- Symantec Antivirus
- IMail
- Microsoft Mail
11. Marketing and Customer Relations:
- Development & implementation of marketing plans
- Customer Satisfaction
- Campaign Development
About
With 27 years in information security, I've recognized the need for a transformative approach that goes beyond traditional compliance-focused methods. My philosophy centers on capability-driven strategies, quantitative risk management, and the integration of diverse management principles.
If you're interested in discussing innovative, capability-focused approaches to information security, exploring quantitative risk management, or sharing insights about integrating diverse management principles into cybersecurity, I'd be delighted to connect. Together, we can work towards creating more resilient, adaptive, and effective security frameworks for organizations worldwide.
Key Aspects of My Approach:
• Advocating for capability-focused methodologies like C2M2 and CMMC
• Prioritizing quantitative risk management in security processes
• Integrating quality management, and agile approaches into information security
My career has equipped me with extensive knowledge of diverse computing and networking systems. This allows me to:
• Assess system architectures and organizational capabilities
• Identify vulnerabilities and capability gaps
• Evaluate risks using quantitative methods
• Recommend tailored strategies to enhance security capabilities
I believe effective information security extends beyond technology, encompassing:
• Capability-driven security policies
• Efficient processes aligned with organizational goals
• Flexible security controls adaptable to changing threats
Leadership and Communication:
• Lead teams in implementing capability-focused initiatives
• Communicate complex risk management concepts to diverse stakeholders
• Analyze security challenges through a quantitative lens
I see the future of information security as:
1. Shifting from compliance-centric to capability-driven security models
2. Embracing quantitative risk management for informed decision-making
3. Seamlessly integrating security capabilities into business processes
4. Fostering a culture of continuous improvement in security practices
Continuous Evolution and commitment to:
• Exploring new methodologies in quantitative risk management
• Advocating for data-driven, capability-focused security practices
• Integrating cross-disciplinary approaches to enhance security
I actively contribute to the information security community through:
• Mentoring professionals in capability-focused and quantitative approaches
• Participating in industry conferences to share innovative methodologies
• Collaborating on research to advance effective security strategies
Profile Photo
