As an accomplished security professional reaching back to 1993, I've focused on comprehensive, forward thinking solutions encompassing a broad spectrum of challenges and industries globally.


Dynamic information security executive with over two decades of information security experience, leadership, a history of outstanding performance and growth, business turnarounds, and global recognition for innovation in security strategies and execution. Published, internationally-recognized expert on information security and the development of solutions combining excellence in leadership, teambuilding, and operational and technical expertise in times of diverse and dynamic challenges. Resourceful, strategic leader with exceptional aptitude for discerning / analyzing threats and issues and devising / deploying groundbreaking, value-based, business-enabling solutions often later adopted as organizational best practices, including patent-winning collaborations.

Security Industry Leadership

  • Authored four books on security and contributed to sixteen other globally recognized security publications
  • Obtained multiple patents for innovative security, one evolved into communications security standards (ITU-x805)
  • Contributor to industry standards, such as Cloud Security Alliance (CSA), NIST Special Publication 800 series
  • Attained #1 ranking from the U.S. National Security Agency (NSA-IATRP), achieving an unprecedented “4 of 5” in security services
  • Subject matter expert presenting for InfoSec World, NATO, Airforce, Cisco and Microsoft events throughout Europe, Asia, and North America
  • Interviewed by Microsoft Security 360, NetworkWorld, SC Magazine, Dallas Morning News, Information Security Magazine, IT Business Edge, IDC, Gartner, and Forrester
  • Original member of the ISACA Security Metrics Standards development board
  • Former Managing Editor for the (ISC)2 Security Journal (for 2 yrs.)
  • Collaborated with chip manufacturer to develop security for high-bandwidth applications
  • Worked in concert with Cisco to refine the IPsec solution for large scale VPNs

Cybersecurity Accomplishments

  • Extensive experience in the planning, design, implementation, and optimization of comprehensive Risk Management programs spanning multiple industries
  • Planned, designed, and implemented enterprise security architectures for global organizations defining security strategy and overall security posture
  • Extensive expertise in Governance, Risk, and Compliance solutions and programs with emphasis on security metrics and business enablement
  • Created and deployed Security Services Management models for security organizations in finance, healthcare, retail and manufacturing organizations
  • Developed, deployed, and provided industry leading security capability maturity analysis solutions for multiple organizations
  • Developed and implemented large-scale security infrastructure solutions spanning perimeter, virtualization, networking, PKI, endpoint and system security
  • Extensive experience in threat management, threat intelligence, threat analysis; also in network and system penetration testing
  • Expertise in security event and information management and security operations
  • Experience in networking security and access control

Business Expertise

  • Security consulting and professional services executive with a track record of business growth and delivery excellence across several organizations and geographies
  • Vice President of Sales and Engineering resulting in significant pipeline growth and customer retention
  • Extensive finance and P&L management encompassing planning, budgeting, and strategic business plan development
  • Director of Security Product and Portfolio Management developing comprehensive security capabilities and go-to-market strategies
  • Member of the Global Executive Security Council for British Telecom
  • Member of several customer advisory boards for numerous security product organizations
  • Developed the Management of Engineering Skills and Assessments (MESA) solution in collaboration with IT colleagues; improving performance / skills oversight
  • Bolstered organization’s ability to analyze security operations and optimize decisions / strategy by devising and assisting in the institution of a security services framework
  • Developed comprehensive business processes and tools driving efficiencies in commercials management


  • Certified Information System Security Professional (CISSP), est. 1999
  • Certified Information System Auditor (CISA), est. 2000
  • Certified Information Security Manager (CISM), est. 2004
  • National Security Agency INFOSEC Assessment Methodology (IAM), est. 2005
  • National Security Agency INFOSEC Evaluation Methodology (IEM), est. 2005


  • Information Systems Security Association (ISSA)
  • Member of the advisory board for Auerbach Publications
  • Member of the Information Systems Audit and Control Association (ISACA)
  • Member of the Cisco Security Advisory board
  • Member of the Microsoft Security Advisory board
  • Member of the ISACA Security Metrics Project (Initiated January 2007)


As a lead member of the Bell Labs Security Architecture Council, a patent was produced defining an architecture process and approach to integrating security into large complex technical solutions. The work is currently the ITU-T x.805 standard. (Although I signed the patent application and listed as an inventor, I fear my name was eventually removed from the patent. However, I'm mentioned in the ITU-T standard. If you want to see a presentation I originally did for the ITU that has been updated, you can see it here.

I collaborated on two patents detailing methods and technology concerning security policy management and the interaction with employees, systems and applications. Interestingly, the industry refers to this as GRC. Here is the first and the second patent.