MD, Principal Architect - Cybersecurity Strategies
I started my career as a systems engineer. I moved into security engineering/architecture over time, and I was in the industry for around 12 years before I got into management consulting.
I now specialize in enterprise security architecture, technologies, and business processes to increase cyber resiliency. My experience ranges from process re-engineering and organizational change management to complex technology deployments and compliance initiatives.
Summarized below is a list of my career highlights:
/ Certified in information security architecture and audits with a systems/security engineering background
/ Over 20 years of diversified experience integrating various security and data protection technologies and controls cohesively to mitigate enterprise risk.
/ Managed or directed several multi-million dollar security initiatives and/or technology deployments like:
– User behavior analytics leveraging machine learning through leading UEBA solution.
– Privacy Impact Analysis to support Privileged Activity Monitoring required for HKMA compliance and Insider Threat Management
– Critical Infrastructure Remediation
– Adaptive Multi-factor Authentication
– NW Intrusion Detection/Prevention Systems
– Identity and Access Management Solutions
– BCP implementation leveraging VMWare thin client technology
/ Led multiple compliance initiatives against key industry and regulatory requirements and guidance such as SANS critical security controls for effective cyber defense, ISO 27001/2, NIST Cyber Security Framework, NIST SP 800-53, COBIT, HKMA, FFIEC CAT, NYS-DFS 23 NYCRR 500, etc.
/ Managed enterprise programs to mitigate IT operational risk and perform independent reviews against core infosec control areas
/ Helped clients adopt Enterprise Risk Management frameworks and operationalize their internal controls assessment processes.
Areas of Specialty
Information Technology and Services