Experienced 25-year veteran of IT/IS and highly technical Information Security Analyst, Design Architect/Assessor specializing in Business Systems/Impact Analysis. Through an understanding of business needs in relation to protecting business critical data (Brand Protection), he assists organizations in achieving their desired business outcomes. He has consulted in nearly every vertical and marries a strong technical background with outstanding creativity, communication skills, leadership, team building/teamwork skills and business acumen. Technology Background and Skillsets • Enterprise Security Architecture • Red/Purple Team Penetration Testing (PTES utilized) • Adversary Emulation • Threat/Vulnerability/Identity Management • Monitoring and Incident Response • Threat Intelligence • Threat Modeling • Data Classification Business Background and Skillsets • Business Owner/President/CTO • Business Systems Analysis • Adversary Analysis • Business Impact Analysis (FAIR utilized) • 3rd party Risk Management • Advanced Business/Security Metrics Development • Outcome Oriented Strategic Business Initiatives
Case Western Reserve University, BA, Computer Science Currently none of the 30+ certifications achieved in the past 25- year career, including GSEC, GCIH and GSNA, are active. Actively working towards OSCP and EMBA.
President, Secure Cleveland; Governing Board Cleveland CISO Executive Summit; BSides Cleveland Conference Organizer; Infragard member (since 1998); SANS GIAC GSEC Mentor (taught three times); Cisco Partner Technology Advisory Board, Security
Security Conference Speaker at DerbyCon, GRRCon, CircleCityCon, RVASec, CONVerge Detroit, ShowMeCon, Information Security Summit, BSides Boston/Rochester/Cleveland/Detroit, Ohio ETech
Even before my first computer at the age of 12 (Apple II+) I have been fascinated and drawn towards figuring out how things work and if they can be made to do “other” things. Early exposure to a computer quickly led to changing settings on games with sector editors and programming rudimentary programs in BASIC. These gateway drugs led me to Case Western Reserve University to study Computer Science, where I was lucky enough to be introduced to Dr. Peter Tippett and interned at his company Certus International in 1992. Certus was one of the first Anti-Virus companies (later sold to Norton) and once I was exposed to the underground BBS world of computer virus sharing, reverse engineering and creating malicious Assembly code there was no turning back. My Network, Systems and Scripting basics were honed in the 90’s where I was the first employee of one of Ohio’s first ISPs. In 2000, I started my own security services focused company where I honed the higher-level skills of penetration testing, incident response, and forensics as well as jumping into the fire of owning and running a business. After we sold that company in 2007 I continued to hone those technical skills, but my attention started leaning towards the business side of infosec. Why is security so hard? Why does the business look at security as an obstacle rather than an enabler? How does this relate to basic human nature? Risk became an obsession and I started realizing the ties to group theory, natural systems, and adaptation. The past decade I have been working these theories out (with others) and applying them in real-world enterprises as a strategic and tactical advisor. This stuff is fascinating and I believe weaving these theories in with a solid Enterprise Security Architecture model provides the most value to our clients and sets us apart from other consultants who are not looking at the larger client business outcomes. Don’t get me wrong – I still love a good DNS TXT C2 Beacon and the rush of breaching a physical target. Just don’t ask me what 8086 DOS Int 21 does these days unless I can Google it.