I started my career as a systems engineer. I moved into security engineering/architecture over time, and I was in the industry for around 12 years before I got into management consulting.

I now specialize in enterprise security architecture, technologies, and business processes to increase cyber resiliency. My experience ranges from process re-engineering and organizational change management to complex technology deployments and compliance initiatives.

Summarized below is a list of my career highlights:

/ Certified in information security architecture and audits with a systems/security engineering background

/ Over 20 years of diversified experience integrating various security and data protection technologies and controls cohesively to mitigate enterprise risk.

/ Managed or directed several multi-million dollar security initiatives and/or technology deployments like:

– User behavior analytics leveraging machine learning through leading UEBA solution.

– Privacy Impact Analysis to support Privileged Activity Monitoring required for HKMA compliance and Insider Threat Management

– Critical Infrastructure Remediation

– Adaptive Multi-factor Authentication

– NW Intrusion Detection/Prevention Systems

– Identity and Access Management Solutions

– BCP implementation leveraging VMWare thin client technology

/ Led multiple compliance initiatives against key industry and regulatory requirements and guidance such as SANS critical security controls for effective cyber defense, ISO 27001/2, NIST Cyber Security Framework, NIST SP 800-53, COBIT, HKMA, FFIEC CAT, NYS-DFS 23 NYCRR 500, etc.

/ Managed enterprise programs to mitigate IT operational risk and perform independent reviews against core infosec control areas

/ Helped clients adopt Enterprise Risk Management frameworks and operationalize their internal controls assessment processes.