Security outcomes that are measurable, defensible, and built for real-world operations.

Management-track cybersecurity leader with a strong audit and risk foundation. I lead security programs, coordinate cross-functional stakeholders, and turn requirements into operational execution—controls, evidence, metrics, and continuous improvement.

🔒 Identity & Access 🧭 Program Management 📡 Risk & Assessments 🧾 Audit Readiness 📄 Policies & Evidence

🚀 View work 💼 Hiring inquiries 📄 Download resume ↗

18+

Control domains covered

2000+

Security artifacts authored

1000+

Tooling integrations

100

Security programs built and operationalized

Availability

Open to full-time

Actively interviewing

🏅

Program leadership • Risk & compliance • Incident readiness

✅

Evidence-driven delivery with metrics and accountability

🛡️

Stakeholder alignment across IT, engineering, and leadership

📍Based in

North Carolina (remote-friendly)

About Me

A quick snapshot of how I work and what you can expect when you bring me in.

🛡️Approach

Practical security engineering and governance that reduces risk without breaking the business.

🔒Strengths

Program execution, identity controls, secure baselines, vulnerability management, and audit-ready documentation.

📄Deliverables

Clear artifacts: policies, procedures, responsibility matrices, evidence maps, reporting, and remediation plans.

Impact

How I apply audit discipline and operational risk thinking to build security programs that are both effective and defensible.

🧾

Audit-minded delivery

I build security with “proof” in mind—what the requirement is, what evidence demonstrates it, who owns it, and how it’s reviewed over time.

🎖️

Risk calculation under real constraints

I communicate risk in plain language—likelihood, impact, and business effect—so leaders can make decisions.

🛠️

Engineer the mitigation path

I translate risk decisions into execution: prioritize, plan, implement controls, and keep evidence current.

🤝

Security that works across people

I align stakeholders, de-escalate friction, and drive adoption so controls stick in real operations.

Leadership

Management-ready leadership style: program ownership, stakeholder alignment, and execution with measurable outcomes.

Program Ownership & Execution

›Security program management: scope, priorities, delivery cadence, and measurable outcomes
›Operational risk management: risk decisions, remediation planning, and leadership reporting
›Audit coordination: evidence mapping, control validation, and continuous readiness

Program Management Control Ownership Metrics & Reporting

People Leadership & Stakeholders

›Player-coach leadership: set standards, mentor others, and deliver alongside the team
›Cross-functional alignment: drive adoption across IT, engineering, vendors, and leadership
›Clear communication: translate technical risk into decision-ready updates for executives

Stakeholder Management Mentorship Change Enablement

Experience

Roles and responsibilities, focusing on outcomes and scope.

Cyber Risk and Compliance Lead Engineer

Managed Security Services Provider (MSSP)

💼 2022 – Present 📍 Remote / Massachusetts, USA

Security Program Delivery Risk Assessments Audit Readiness Stakeholder Management Policy & Procedures

✅Led security assessments and maturity evaluations across access control, incident response, vulnerability management, and secure configuration domains.
✅Owned remediation planning and execution tracking—prioritizing work by risk, impact, and operational feasibility.
✅Coordinated stakeholders (IT, leadership, vendors) to implement MFA, least privilege, logging/monitoring, and hardened baselines with audit-ready evidence.

Prior Roles: Senior Cybersecurity Auditor, Cybersecurity Analyst, US Army Information Technology Specialist (25B)

Projects

Representative examples of security programs and initiatives I’ve led, described at a level appropriate for public review.

Enterprise Security Program Build-Out

Brought an organization from informal security practices to a documented, auditable security program aligned to modern compliance and risk expectations.

Result: a security program leadership could explain, defend, and sustain.

›Designed access control, incident response, and vulnerability management procedures
›Established evidence mapping and review cadence tied to operational owners
›Prioritized remediation of high-risk gaps such as MFA and insecure remote access
›Enabled leadership to demonstrate security posture without ad-hoc effort

GRC Program Design Audit Readiness Risk Management

Risk Register & Scoring Model

Designed and operationalized a risk register and scoring methodology that enabled leadership to prioritize security risk using consistent, decision-ready language.

›Defined likelihood, impact, and thresholds tied to business impact
›Mapped technical findings to operational and mission risk
›Integrated risk decisions into remediation planning and reporting

Risk Leadership Reporting Decision Support

Secure Configuration Baselines

Created secure configuration and hardening standards that balanced industry best practices with operational constraints.

›Defined baseline standards aligned to CIS and regulatory expectations
›Established exception and compensating control workflows
›Improved consistency and reduced audit findings

Hardening Secure Baselines Compliance

Incident Response Playbooks & Exercises

Developed incident response playbooks and tabletop exercises to ensure teams could respond effectively and preserve evidence under pressure.

›Built IR runbooks with roles, severity tiers, and escalation paths
›Conducted tabletop exercises based on real-world scenarios
›Captured lessons learned to improve controls and readiness

Incident Response Operational Readiness Evidence Preservation

Secure Remote Access Modernization

Reduced attack surface by modernizing remote access patterns while maintaining usability for distributed teams.

›Identified and eliminated insecure remote access paths
›Implemented MFA and least-privilege access models
›Improved monitoring and access accountability

IAM Remote Access Zero Trust

“Security by Design” Change Management

Embedded security directly into the change management process so risk is evaluated, controls are validated, and evidence is created as part of normal operations.

›Defined security review gates aligned to risk level and system impact
›Integrated security testing and approval criteria into change workflows
›Ensured changes generated audit-ready evidence automatically
›Shifted security from reactive approvals to built-in engineering workflows

Change Management Security by Design Risk Review Audit Evidence

Next Role

I’m pursuing a management role where I can lead people, own programs end-to-end, and scale security outcomes across the organization—building toward broader strategic responsibility over time.

Target Path: Manager → Director

›Security Manager / Security Program Manager — lead teams, set standards, and ensure consistent execution
›Cyber Risk & Compliance Manager — own risk decisions, audit readiness, and leadership reporting
›Director of Security / GRC / Risk — accountable for program strategy, maturity, and cross-functional alignment

People Leadership Program Ownership Operating Rhythm Metrics

What I Bring to a Management Role

›Lead and mentor teams with clear priorities, accountability, and measurable outcomes
›Translate requirements into execution: controls, evidence, validation, and reporting
›Run risk discussions with leadership using likelihood, impact, and tradeoffs
›Align security across IT, engineering, vendors, and business stakeholders

I operate as a player-coach today and am ready to take on formal people leadership with increasing program ownership.

Community & Coaching

Leadership outside of work: mentoring, conflict resolution, and building high-trust teams.

Volunteer Baseball Coach

I volunteer as a youth baseball coach, helping kids build skills, confidence, and teamwork. I focus on fundamentals, discipline, and a growth mindset—especially when players hit setbacks.

›Coaching & mentoring: structured guidance to help players overcome obstacles and stay focused
›Conflict resolution: mediate disagreements, reset expectations, and reinforce respectful communication
›Team leadership: build an accountable culture where every player contributes and improves
›Communication: adapt to different personalities and learning styles to build trust quickly

Mentorship Coaching Conflict Resolution Team Building

How It Translates to Security Leadership

Security programs succeed when people align on priorities and execution. Coaching reinforces the same skills required in security management: listening, de-escalation, setting standards, and building trust across different perspectives.

›Drive adoption by communicating expectations clearly
›Resolve friction between stakeholders and keep work moving forward
›Create accountability and continuous improvement
›Lead under pressure while staying outcome-focused

People Leadership Stakeholder Alignment Change Enablement Culture

Skills

Grouped skills to help hiring managers scan quickly.

📡Security Domains

Security Program Management Risk Assessment Audit Readiness Access Control (AC) Identification & Authentication (IA) Incident Response (IR) Vulnerability Management

🖥️Platforms & Tooling

Entra ID / Azure AD Intune baselines Endpoint protection Disk encryption SIEM / SOC workflows Firewall / VPN Ticketing / Change management

📄Governance

Policy & procedure authoring Evidence & audit readiness Control validation Leadership reporting Third-party risk considerations

Certifications

🏅

CISSP

ISC2 • Current

🏅

CISA

ISACA • Current

🏅

CySA+

CompTIA • Current

🏅

PenTest+

CompTIA • Current

🏅

Security+

CompTIA • Current

Education

🎓

Master of Science, Cybersecurity and Information Assurance

Western Governors University • 2025

🎓

Bachelor of Science, Cybersecurity

American Military University • 2024

Degree verification is available upon request.