·   Principally responsible for providing security, compliance and strategic advisory in support of Microsoft’s business & engineering groups’ cloud offerings

·   Developed and drove strategic direction and architecture for emergent cloud, mobile and big data trends and technologies and provided advisory to the Cloud & Enterprise senior management in alignment with Microsoft’s Mobile First, Cloud First strategy. Delivered results by aligning strategic direction with operational requirements through the prioritization of initiatives and continual analysis of business needs

·   Direct line of reporting on progress readouts to senior leadership teams comprising of Corporate VPs, General Managers and Senior Directors in support of next generation cloud initiatives most notably the Azure Government Community Cloud (GCC)

§ Led people within workstreams responsible for cultivating relationships between Microsoft Public Sector, Sales, Business and Engineering groups. Assisted in the generation new revenue streams from government agencies looking to onboard onto the Windows Azure I/PaaS cloud platform

§ Partnered with the Azure Security, Compliance & Privacy team to develop strategies that helped build secure services for Azure’s I/PaaS cloud offerings for both commercial and public sector customers within Microsoft’s datacenters

§ Provided executive advisories on security risks and the development of risk mitigation or acceptance strategies pertinent to the implementation of I/PaaS environments

§ Leveraged industry trends, identified value generating opportunities while executing strategic plans in support of Microsoft’s Cloud First vision

§ Budgeted, forecasted and monitored capital (CAPEX) and operational expense (OPEX) in consideration of cloud deployment models

§ Collaborated across multiple Microsoft groups/organizations including product groups, business groups and other internal Microsoft stakeholders to drive the adoption and deployment of online security services, policies, frameworks and methodologies. Stakeholders included Legal, compliance teams for the various business groups, HR, security operations & engineering teams, Enterprise Architects, Physical Security, etc.

Selected Contributions/Achievements:

§ Planned, architected and delivered a suite of cloud security & compliance services in support of the Azure GCC I/PaaS build out. This suite of services were delivered ahead of schedule which led to an earlier than planned private preview and General Availability release of the Microsoft Azure GCC offering.

§ Led a diverse team with both technical and business solution architects accountable for planning, designing, implementing and delivering cloud solutions and services in support of the Azure and O365 Cloud & Enterprise engineering groups.             

§ Developed cloud adoption strategy and penned its whitepaper for the Microsoft Consulting Services Public Sector practice 

§ Achieved FedRAMP Authority to Operate (ATO) for 5 cloud enabled datacenters

§ Designed and developed the GFS Personnel Screening Program used by the product groups for all personnel related screening exercises. The Risk Assessment methodology built into the screening program is based on the NIST Risk Management Framework (Special Publication 800-37), was endorsed by the O365 online services group and is currently being used to screen O365 support staff in support of its government community cloud offerings.

§ Instrumental in the creation of a Microsoft Cloud Security Service Provider Framework.

Contila Consulting Services’ Engagements                     12/2008 – 7/2012

Trusted Security Advisor for all lines of business for a global distribution system (GDS), primarily responsible for assessing the threat landscape and security posture of the enterprise, developing and maintaining deep relationships with various business units.  Maintained compliance with business goals, corporate policy and industry regulations with minimal impact to organizational profitability. Managed a diverse team of Cyber Security Officers.

Principal Security Consultant/Senior Manager                                      

§ Led engagement team responsible for conducting security risk reviews & assessments, threat and vulnerability management, penetration testing, security application (SDLC) and implementation services, policy and program development

§ Led the development of information security strategies and implemented security solutions to assist businesses with the assessment and improvement of their security infrastructure. Developed & set information security strategy and monitoring changes in legislation. Liaised with management teams across the enterprise to ensure alignment of security with key business drives

§ Built inter-organizational relationships and managed internal and external customer expectations

§ Provided trusted information security advisory to all senior leadership & executive team and strategic partners

Selected Contributions/Achievements:

§ Built an information security program responsible for managing the balance between information security and business risk appetite through risk and impact management, data privacy, governance & compliance, enterprise risk assessment, PCI remediation and certification, application code review and the adoption of ISO 27001 framework as a security standard.

§ Created an IT Risk Assessment framework and supporting methodology.  The program provided a top-down process to drive the continuous identification, prioritization, and mitigation of critical risks associated with high-value and regulated business information assets.

§ Provided executive level thought leadership to the enterprise IT risk management and information security organizations including the redefinition of the information security program to be more adaptable and agile in addressing strategic business priorities and the development of certification guidance for pursuing ISO/IEC 27001 certification.

Principal Security Consultant                                       

Led Centers for Disease Control and Prevention (CDC) Compliance & Education (C&E) cyber security team with 5 direct reports whose mission was to ensure security compliance of CDC contracts and contractor network connections, manage and report yearly FISMA privacy compliance of CDC information systems and public facing websites, develop and implement security awareness, training and educational IT security campaigns.             

§ Provided leadership for C&E team of the Office of the Chief Information Security Officer (OCISO) responsible for ensuring all CDC public facing websites were Machine Readable Privacy Policy (MRPP) compliant in accordance with yearly FISMA and OMB requirements and milestones.  Led team efforts to ensure Computer Security Plan (CSP) milestones and deliverables were met ahead of yearly FISMA audit schedule

§ Provided security thought leadership and guidance to CDC C&E Program Manager

§ Developed incident response standard operating procedures (SOP) and provided guidance and fore thought for the implementation of CDC PII Breach Incident Response requirements

§ Oversaw delivery of Risk and Privacy Impact Analysis (PIA) reports to external auditors in compliance with OMB directives and timeline

Selected Contributions/Achievements:

§ Achieved 98.41% MRPP compliance for 507 public facing CDC websites within 2.5 months of assuming responsibility and 46 days ahead of FISMA deadline

§ Developed and implemented security awareness and educational IT campaigns across the enterprise in compliance with yearly awareness and training requirements.  Metrics that measured the effectiveness of the security awareness and educational IT campaigns exhibited a reduction of internal threats by 22%

Sr. Global Director, Information Security                                                          

Developed an information protection & security program for a global travel management company with operations in 90 countries, a combined workforce of 13,000 employees and generating $14 billion in total sales. Developed and deployed global-wide security awareness & security policies in compliance with overall corporate policy. Led and coordinated activities of team that enabled client to increase efficacy of core security function.                       

§ Led team responsible for the development, management and response to security based Response for Proposals (RFP) that generated up to a $1 billion dollars in new client sales

§ Led the identification and delivery of a wide variety of information systems security services that supported the corporate security strategy.  Services included security policy development, risk assessments of key business platforms, network penetration testing, intrusion detection and cyber crime response. Led the analysis and development of risk assessment reports while providing guidance concerning compensating controls and mitigating actions and assisted in the leveraging of internal opportunities in accommodation of discovered gaps

§ Identified and implemented process changes & efficiencies that aligned security functions with the client’s business strategy and ensured compliance with PCI-DSS. These changes resulted in the client obtaining its first ever PCI-DSS Report on Compliance (ROC) attestation.

§ Reviewed and signed off on all client's Security Service Level Agreements (SSLA), security Request For Proposals (RFP) and Master Service Agreements (MSA) for current and prospective clients

Selected Contributions/Achievements:

§ Implemented cost effective security controls that resulted in reducing RFP turnaround time and increasing response time efficiency by 40%.

§ Provided vision & leadership that resulted in the development of a global wide information security awareness program that reduced internal threat vectors by 77% all within 90 days of assuming role.

Accenture, LLC.                                         8/2007-12/2008

Senior Information Security Consultant