What do you focus on?

My focus is on helping clients to protect their critical assets, safeguard sensitive information (PII, PHI, CHD), improve their security posture and programs, and ultimately achieve and maintain regulatory compliance.

My background is in professional services consulting, governance, risk and compliance, IT Management, Systems Administration, and IT Help Desk.   My experience in IT and Information Security affords me the ability to help simplify compliance for organizations, provide guidance and remediation recommendations, perform security and compliance related assessments (e.g. PCI DSS), with a commitment to professionalism and delivering a high-quality work product.

I have served as a trusted advisor and partner to clients of all sizes from small to medium-sized businesses to global enterprises, across multiple industries including retail, healthcare, state and local government, higher education, utilities, airline, gaming, and software.

Expertise in Regulatory Controls and Frameworks

• Payment Card Industry Data Security Standard (PCI DSS)
• Payment Card Industry Point-to-Point Encryption (PCI P2PE)
• HITRUST Common Security Framework (HITRUST CSF)
• Control Objectives for Information and Related Technologies (COBIT)
• NIST Risk Management Framework (SP 800-53)
• NIST Cybersecurity Framework (NIST CSF)
• Center for Internet Security Common Security Controls (CIS CSC)

Certifications

• Payment Card Industry Qualified Security Assessor (PCI QSA)
• Payment Card Industry Professional (PCIP)
• HITRUST CSF Practitioner (CCSFP)
• HITRUST Quality Professional (CHQP)
• Certified Information Systems Security Professional (CISSP)
• Certified Information Systems Auditor (CISA)
• Certified Ethical Hacker (CEH)
• AWS Cloud Practitioner
• AWS Solutions Architect Associate
• Retired CompTIA Network+
• Retired CompTIA A+

Affiliations

• Information Systems Audit and Control Association (ISACA)
• Information Systems Security Association (ISSA)