My role
I lead the internal practice of security for LogRhythm. My teams include: governance, risk and compliance (GRC), application security (AppSec), security operations center (SOC), and physical security. This concentration in security practice, tools, and operations enables the team and I to ensure that the we provide a safe foundation to build the security platforms of the future while protecting employees, systems, and ultimately our clients who will use our products.
My story
I went over to the “dark side” of information technology by joining security while at PepsiCo. A new CISO had hired a white-hat hacking company and when they peeled the company like an orange, they brought me over to build the portfolio of programs required to fix all of the findings. I never looked back.
In my career, I have been a security architect for large organizations (Federal Reserve Bank of Dallas and Federal Reserve System). As a CIO, I have transformed mid-sized companies completely, including the security systems that they used (Allhealth Network). I’ve had fun as a CISO, where I built security organizations from scratch (Evariant). I have been a line of business information security officer (BISO) where I provided application security for 45,000 developers (Bank of America).
My philosophy
Security can no longer be the group that says “no.” They are the team that says “Yes, and this is how we can do this securely…” Security only wins when the company wins and we can provide significant value add to any organization including a positive impact to the bottom line.
My qualifications
BS Computer Information Systems (eBusiness) University of Phoenix, CISSP, PMP, ITILv3, OCISO (pending test).