I have been in IT and Security for more than 25 years, running the gamut of jobs from network operations, to service management, project management, managing data centers, finally landing in information security, and currently obsessed with IoT and product security, especially medical devices.
For a number of years I was the Chief Information Security Officer of a multinational manufacturing corporation, ensuring the information security for the US and Canada. I have also been a consultant for several years, providing CISO services, risk management and security assessments among other things. I have a lot of experience with strategic planning and execution, building security programs and budgets, mergers and acquisitions, vendor management and lots of corporate alignment activities. My key focus centers on my team, the business and my customers.
I am a strong community advocate, and I volunteer at many infosec community events, such as BSidesLV and DEF CON. I have been public speaking for many years and you will likely see me at various cons spouting the virtues of community, customer service and other things. I also volunteer in my personal life, as I feel that giving of time is one of the most precious gifts you can give or receive.
Conferences and Talks
H-ISAC Tokyo (2019)
- A talk on building product security programs
DEF CON 2018: D0 No H4RM: A Healthcare Security Conversation
– A panelist on a Fireside Hax panel on the state of IoT devices in healthcare
Cyber Security Summit Healthcare & Medical Device Series (2018)
– Panelist on a panel discussing IoT and device inventory
G2G Marketplace Technology Conference
– A talk to local governments on secure controls within their organizations
Eastern Michigan University IASA (2018): (Security Careers)
-A talk to current EMU students that describes careers in information security.
RSA 2018 Alternate (2018): (Security Strategy, The Things You Should Already Be Doing Defensively)
-A “blue team” talk for security professionals describing what good foundational security practices are, and how to build those foundations into more mature security posture. NOTE: This talk was selected as an alternate was not delivered.
High Technology Crimes Investigative Association (2018): (Current Threat Landscape)
-A talk on current cybersecurity threats including CFAA violations, IoT, DDoS, botnets, physical attacks, malware and ransomware.
Infragard (2017): (Darknets and the Dark Web)
-A talk for members of Infragard that described the dark web and illicit crimes and current threats to the enterprise.
Integr8, panel member (2017): (Cloud Security)
-A panel on manufacturing and automation. My part was on cybersecurity and the manufacturing industry.
American Institute of Certified Public Accountants (2017): (Small Office Security)
-A talk for non-technical accountants on good security practices for small offices and Small to medium businesses.
GRRCon (2017): (Risk Management: Space Shuttle Columbia Disaster)
-Part 2 of the talk on learning lessons from NASA’s failures of the shuttle program. This focus was on the Columbia disaster and how the failures here were the same failures as challenger.
BSides Las Vegas (2017): (My Struggles With Mental Health)
-A talk on my personal journey with mental health.
BSides Detroit (2017): Keynote (Decision Making)
-A talk on how to recognize good and bad decision making, using UX design as a standard.
CircleCity Con (2017): (Risk Management)
-A talk on managing risk in small to medium enterprises.
GRRCon (2016): (Risk Management)
-A talk on managing risk in small to medium enterprises.
Dept of Defense (2016): (Risk Management)
-An unclassified briefing on managing risk in a governmental organization, and how to address high risk findings using accepted compliance standards.
Ohio Information Security Forum (2016): (The Attackers Dictionary)
-A talk on honeypots, and using the data gathered from them to reveal how attackers are creating specific lists of information used in brute force attacks.
Dept of Defense Panel (2016): (Current Information Security Threats)
-A unclassified panel talk on current state of information security.
BSides Las Vegas (2016): (Risk Management: Space Shuttle Challenger Disaster)
-Part 1 of a talk on failures in risk management, using the NASA space shuttle Challenger disaster as an example.
Bsides Las Vegas (2016): (Mental Health)
-A joint talk on how mental health is adversely affecting the infosec space, and how the taboos around speaking about it are causing more harm.
Bsides Detroit (2016): (Risk Management)
-A talk on risk management pitfalls, using various examples of risk management failures.
GRRCon (2015): (Data Breach Protection)
-A talk on the reality of data breaches, using the Sony attack as an example of how corporations are perceiving these as more of a cost of doing business than a cybersecurity problem.
Bsides Detroit (2015): (Risk Management)
-A talk on how to address and manage risk for security practitioners of any discipline.
US Army TACOM HQ UCMC (2014): (Networking Fundamentals)
-A talk on networking fundamentals, and how to create secure, layered defenses within organizational networks.
GRRCon (2014): (Security Basics)
-A talk on the first 5 Critical Security Controls, used as a basis for creating a sound foundation for security.
Infragard (2014): (Networking Fundamentals)
-A talk on networking fundamentals, and how to create secure, layered defenses within organizational networks.
GRRCon (2013): (Security Awareness)
-A talk on a highly successful security awareness campaign I created, managed and executed.
GRRCon (2012): (Security Awareness)
-A talk on security awareness and the importance of addressing user behaviors.
Washtenaw Community College Guest Speaker (2011): (The Cloud)
-A talk for a non-IT audience on cloud computing, mobility and how it will shape future services and platforms.