Download PDF

Summary

SENIOR-LEVEL EXECUTIVE

A proven Senior Executive with a passion for  leadership. Over 15 years of experience in security, with 10+ years leading and developing future leaders at Fortune 50 organizations.

Global experience establishing information security strategy/direction with an emphasis on execution.  Known for the following values:

  • Leadership
  • Positive Energy
  • Accountability
  • Connecting People
  • Learning

Work History

Sept 2014Present

Senior Director, Information Security at CVS Health and Information Security Officer at Omnicare

Started at CVS Health in September of 2014.  Named Information Security Officer for Omnicare, a wholly owned subsidiary of CVS Health, in September of 2015.

At Omnicare, responsible for the development and delivery of a comprehensive information security program to ensure information assets and technologies are adequately protected. 

Responsible for all security integration efforts between Omnicare and CVS Health. Some of the projects include the following:

  • Log collection and subsequent monitoring of the Omnicare environment by the 24x7x365 CVS Health Security Operations Center.
  • Deployed a consistent end point security solution to reduce the risk of malware attacks.
  • Implemented a 2FA solution.
  • Blocked access to internet mail services.
  • Deployed Web Security Gateway to control access to internet content.
  • Implemented IDS to protect the network from cyber attack.
  • Removed Outlook Web Access (OWA).
  • Completed advanced malware assessment.

 

At Fortune 7 CVS, provide 24x7 protection of business operations. Responsible for architecture, engineering and operations for the following security services: network and perimeter defense, endpoint protection, security information and event management (SIEM), security operations center (SOC), threat intelligence, computer security incident response team (CSIRT), electronic discovery, and forensics.

  • Instrumental in developing and leading an enterprise wide development and communication of a service owner model across all security services at CVS Health providing a single point of responsibility and accountability for everything about each security service.
  • One of a select group of employees recognized by the CVS Health Business Planning Committee for my ability to positively affect the company's future growth and performance.  
  • 86% reduction in threat containment time by innovating and leveraging already procured technology. A Symantec white paper written about the process implemented at CVS Health.
  • Led effort and completed CVS' first ever advanced threat compromise assessment covering 50,000+ computer systems.
  • 96% decrease in Mean Initial Work Time and 53% decrease in Standard Deviation for security incidents.
  • 83% decrease in Mean Time to Validate threats resulting in a 660% increase in the number of proactive incidents worked by the CVS Health Security Operations Center.
  • Implemented an inline advanced threat technology to proactively defend against today's evasive and ever changing attacks.
  • Security analytics expert witness for CVS Health.  
    June 2011    Sept 2014

    Director, Johnson & Johnson

    Director, Security Operations Center (December 2013 - September 2014)

    Provide 24x7 global protection of business operations by leading a global team and managing a security service provider. 

    • Reduced Managed Security Service Provider total cost of ownership 200K year over year while increasing capabilities.
    • Responsible for management of security technologies that provided global network level security, as well as computing system protection.
    • Delivered a global incident response run book by collaborating with security officers representing 260 operating companies.
    • NIST Cybersecurity Framework gap assessment  and strategic plan to address gaps completed and briefed to J&J CTO.
    • Strategy and Leadership Credo champion nominated by IT Leadership Team to improve scores across all of J&J IT Infrastructure Services.
    • Recipient of Global IT Recognition and six J&J Encore awards for security work, business acumen, leading others, and thinking strategically.
    • Nominated by leadership and participated in the J&J Senior Leader Base program. A program targeted towards “high potential” directors or VPs.

    Director, Global Command Center (December 2012 - December 2013)

    Johnson & Johnson Security Operations and Critical Response Team Global Process Owner. Led a global team responsible for ensuring operational excellence and protecting assets for 260 operating companies in 60 countries.

    • Promoted from Senior Manager to Director.
    • Increased security incidents handled by 250% by integrating Global Security Operations with the Global Command Center (i.e., SOC / NOC integration).
    • Reduced average monthly mean time to repair (MTTR) for business critical incidents from 5.54 hour average in 2012 to 3.63 in 2013.
    • Reduced Managed Security Services (MSS) response time to security incidents by 62% and increased actionable data by 70%.
    • Led the Global IT intern program to attract, develop, and retain talent.
    • Credo champion for J&J Global Operations Center responsible for leading survey focus groups, action plans, and presentation to leadership.
    • Core member of the J&J Crisis Management Team.
    • Implemented pro-active approach to business critical incidents s in April 2013 resulting in an average of 28% of critical incidents being worked proactively. 

    Senior Manager, Security Operations (June 2011 - December 2012)

    Responsible for building the global vulnerability management and computer security incident response functions at Johnson & Johnson

    • ISE® Northeast Information Security Project of the Year Award Nominee for build out of global enterprise vulnerability management program.
    • Led effort to standardize incident response procedures across 260 operating companies; thus, centralizing security incident response.

    Jan 2005 Jun 2011

    Senior Manager, Medco

    Senior Manager, Information Assurance and Forensics (Feb 2008 - June 2011)

    Managed team responsible for technical investigations and incident response activities.  Assisted with developing/managing risk assessment programs.

    • Execution of ISO 27002 assessment resulting in standard compliance.
    • Execution of security risk assessment program resulting in a reduction of risk by assessing assets against Global Security Standards and Guidelines. 
    • Matured the supplier risk assessment process resulting in the ability to measure IT risk across vendors in a quantifiable and repeatable manner.
    • Served as a subject matter expert in client facing activities.

    Manager, Special Investigations Unit (Jan 2005 - Feb 2008)

    Managed a team responsible for technical investigations and incident response activities.

    Education

    Mar 2017

    Duke Executive Education - Transitions to Advanced Leadership

    Duke

     

    Jun 2016

    CISO FBI Academy

    Federal Bureau of Investigation
    Feb 2008    Jun 2009

    Master of Science in Information Security and Assurance

    Norwich University
    Mar 1996    Jun 2002

    Bachelor of Science, Criminal Justice

    University of Cincinnati

    Advisory Experience

    July 2017Present

    CISO Governing Board Member

    Evanta
    May 2017Present

    HHS Cyber Security Working Group

    U.S. Department of Health and Human Services

    This group drafted a scenario-based approach to cyber risk management by developing a common set of cybersecurity guidelines that are actionable, usable, and relevant to all health care providers.   

    Jan 2017Present

    FBI Healthcare Sector Co-Chief (Greater Cincinnati)

    InfraGard

    Delivered the first ever Greater Cincinnati Regional Healthcare Cybersecurity Summit in 2017.

    June 2015Present

    Cyber Security Advisory Council

    Montreat College

    Certifications

    Certified Information Systems Security Professional (CISSP) and Certified in Risk and Information Systems Control (CRISC)