WASHINGTON, DC  (202) 470-5372
OBJECTIVE                      Work with organizations interested in strategically implementing and leveraging enterprise
                                              risk management, governance programs and technology in an effort to increase the risk
                                              mitigation effectiveness, reduce the audit and compliance burden on the organization and
                                              facilitate effective decision making


EDUCATION                    UNIVERSITY OF MARYLAND, R.H. Smith School of Business, College Park, MD

   Master of Business Administration (MBA)

   Master of Science: Business and Management -Information Systems (MS)

                                            OLD DOMINION UNIVERSITY, Norfolk, VA

   Bachelor of Science: Business Administration – Management             


PricewaterhouseCoopers LLP (PwC) is a Big 4 accounting firm with more than 175,000 employees, $29.2 Billion (FY 2011) in annual revenue and focuses on audit and assurance, tax and advisory services.


01/2011 – Present                Manager

Description: OFS IT Controls team Manager and manage proposal/business development efforts for PSFS IT capabilities.

Duties: Manage a team of 7 and $2.5 Mil/yr in business that directly reports to the CTO and the Director of Risk and Controls Group (RCG). Rebuilt, implemented and govern the IT Security and Governance program for the Office of Financial Stability (OFS), the office in charge of managing the $475 Billion in Troubled Asset Relief Program (TARP) funds.  Leverage subject matter expertise in FISMA, A-123, NIST 800 Series, FISCAM and IT Governance Programs to continually optimize IT general control (ITGCs) processes and build out new processes as required.  Finally, manage a team that is building new business outside of our existing clients based on the new capabilities my team has developed.

Achievements: Turned around an ailing security program in 3 months to an audit ready state.  Rebuilt all core ITGC process, eliminating up to 75% in process overhead. Achieved two clean audits, both financial and ITGC, with 2012 having no IT MFCs or SDs.  Won a sole source contract for worth $8.5 Mil based on our work.  Developed a new IT Strategy and Governance capability for PSFS that has been leveraged at multiple clients.  Established a 3 year go to market strategy for PSFS IT Strategy & Governance

                                           SCIENCE APPLICATIONS INTERNATIONAL CORPORATION, Columbia, MD

Science Applications International Corporation (SAIC) is a leading provider of scientific, engineering, systems integration and technical services with more than 45,000 employees and $10.8 Billion in revenues.(Fortune 500, Rank 215 (2010))


03/2009 – 01/2011                  Senior Cyber Security Analyst


Description: Senior Subject Matter Expert (SME) and interface integration/design specialist

Duties: Manage teams of 3-5 people; Manage GUI interface and visualization design; Manage Oracle WebCenter Enterprise Portal implementation; Manage application development teams and agile development process; Technical SME for IT architectures in large Financial and Federal organizations; SME for the selection and implementation of statistical software solutions for enterprise security data modeling. Design, implement, and manage a VMware ESX 4.1 environment designed to handle 3000 virtual machines

Achievements:  Completed CloudShield Developer Training, Built and managed a successful proof of concept IT security management portal with advanced cyber analytic. Built a proof of concept ESX environment to mimic client IT environments used to test IT security products, penetration testing and new security analytic techniques.


03/2008 – 03/2009                 Information Security Analyst


Description: Project technical lead and deputy project manager for the agencies IT Security Contract

Duties: Managed teams of 8-15 people; Enterprise Risk Management (ERM) framework and program development; Certification and Accreditation (C&A) planning and implementation; Penetration testing management, IV&V management; Risk, privacy, and security incident advisory; Technical subject matter expert (SME) on IT architectures, security implementation, and control development, documentation, and implementation

Achievements: Directed the team that developed a C&A planning and scoping process that reduced delays by 75% and project timeline by 50%; Directed the team that developed and implemented a C&A process for systems utilizing RAD/Agile software development methodologies; Directed a team that developed and documented controls based on COBIT 4.1 for the bureau’s IT Governance Program


07/2007 – 03/2008                 Information Assurance Analyst


    Description: Senior Information Security/Information Assurance Consultant for federal   


Duties: Managed teams of 8-10 people; Enterprise Risk Management (ERM) framework and program development; Certification and Accreditation (C&A), risk, compliance, and controls advisor; Business process and solutions development

Achievements: Passed the SAIC Penetration testing exam and was given permission by the SAIC risk committee to perform penetration testing on our client’s networks; Developed and implemented an assessment framework for external debt collection agencies that enable the line of business managers to quantify and measure the effectiveness of their IT security programs and demonstrate compliance with government outsourcing regulations; Documented and streamlined the IV&V business process


BearingPoint, Inc.,(BE) was one of the world's largest providers of management and technology consulting services with $3.4 Billion in annual revenues and more than 17,500 employees.(Fortune 1000, Rank 604 (2006))


03/2007 – 07/2007                 Senior Consultant – IT Security


Description: Senior Information Security/Information Assurance Consultant for federal and state agencies

Duties: Managed teams of 10-30 people; Enterprise Risk Management (ERM) framework and program development; Certification and Accreditation (C&A), risk, compliance, and controls advisor; Solutions development; Infrastructure security testing and scanning   ( Nessus, Nikto, NMAP, Onesixtyone & Ophcrack)

Achievements: Project lead on a Certification and Accreditation (C&A) risk assessment project for Mission Critical and Mission Supportive systems; Automated server configuration compliance checks with Nessus reducing audit time per server from 3 hrs to 30 secs.


05/2005 – 03/2007                 Consultant – IT Security


Description: Information Security/Information Assurance Consultant for federal and state agencies

Duties: Managed teams of 5-10 people; Enterprise Risk Management (ERM) framework and program development; Subject matter expert for FISMA, A-123, and NIST 800-53; Policy creation, review, and interpretation; Disaster recovery and continuity planning; Application development; Architecture assessment and advising; Risk, compliance, vulnerability, and pre-audit assessments; Certification and Accreditation (C&A) support

Achievements: Project lead on application development project, OpenFISMA, an open source Enterprise Risk Management (ERM) tool, business process workflow, and compliance reporting application that reduced the resources required to manage the POA&M process by 50% and saved the department $8.5 Million over a three year period; Certification and Accreditation (C&A) risk assessment auditor for critical systems; Received 2 awards, the Silver Beacon and Compass Award, for my work with OpenFisma and the Judicial Branch of California



Smithfield Foods, Inc., (SFI) is the world’s largest pork processor and hog producer with $14.2 Billion in revenues and 52,000 employees (Fortune 500, Rank 163 (2010))


09/2002 – 05/2005                 Senior Analyst

Description: Systems Administrator and technology integrator for strategic Smithfield Foods, Inc., (SFI) Data Center

Duties: Managed teams of 5-15 people; Implementation and administration of Brocade, Cisco, Citrix, HP, IBM, Legato, McDATA, Microsoft, Nortel, SAP, Symantec, Oracle, Veritas, and Xiotech software and hardware products used for enterprise backup, document imaging, web server farms, database clusters, enterprise server monitoring, Virtual Private Networks (VPN), authentication authorities, and user provisioning; Disaster recovery planning and testing; Sarbanes Oxley (SOX) 404 audit and compliance support

Achievements: Consolidated and standardized IT infrastructures and server architectures, including a Windows-based disk-less server SAN environment and high availability clusters; Served as a core member of the Disaster Recovery program for SOX compliance; Designed and implemented a centrally managed and automated 14-site backup solution


03/2000 – 09/2002                 Field Service Engineer

Description: Systems Administrator for SFI Corporate Headquarters

Duties: Administration of 250 Windows PCs running Oracle Financials, Citrix, Norton Antivirus Corporate software, and various proprietary business applications

Achievements: Appointed to the Software/Hardware Standardization Committee; Received an accommodation from an external security auditor for the implementation of our virus protection process; Reduced system repair and reload time by half and enabled an increase in on-site service


CERTIFICATIONS         Project Management Institute (PMI)

PMP – Project Management Professional

PMI-ACP PMI Agile Certified Practitioner



CRISC – Certified in Risk and Information Systems Control
CGEIT – Certified in the Governance of Enterprise IT

CISM – Certified Information Security Manager

CISA – Certified Information Systems Auditor

CISSP – Certified Information Systems Security Professional
ISSAP – Information Systems Security Architecture Professional



ITIL (ITSMF) – IT Service Management Foundation Certificate


    VCP4-DCV  – VMware Certified Professional 4 - Data Center Virtualization
    VCP5-DCV  – VMware Certified Professional 5 - Data Center Virtualization
    VCAP4-DCD – VMware Certified Advanced Professional 4 - Data Center Design
    VCAP5-DCD – VMware Certified Advanced Professional 5 - Data Center Design

MCP – Microsoft Certified Professional

MCSA – Microsoft Certified Systems Administrator - Windows 2000 & Windows 2003

MCSE – Microsoft Certified Systems Engineer - Windows 2000 & Windows 2003



Network +

A +

Awards &                      Silver Beacon Award – BearingPoint Inc.

Recognition              Compass Award – BearingPoint Inc.

AFFILIATIONS               Member of PMI (Project Management Institute)

Member of ISSA (Information Systems Security Association)

Member of ISACA (Information System Audit and Control Association)

Member of ISC2 (International Information Systems Security Certification Consortium)

SPEAKING                       ISACA National Chapter Area Meeting April 2011 - Federal IT and Security

ENGAGEMENTS            Topic: Cyber Crime and Bank Fraud - Current Trends and Analysis