EXPERIENCE

HAZEL, INC, Santa Barbara, CA

Information Security and Privacy Strategist and Consultant (1/10 – present)


INDEPENDENT HEALTH, Buffalo, NY

Privacy and Information Security Officer (5/04 – 1/10)

  • Achieved HIPAA security rule compliance for $1.6B health care insurance company, within one year of hire.
  • Restructured security and privacy programs to be enterprise risk-focused and consolidate multiple projects.
  • Delivered risk information to company executives for better decision making, improved risk governance.
  • Sponsored and promoted ITIL-based IT practices and supporting software for effective issue tracking, formal change authorization, increased uptime, more efficient processes.
  • Created and presented net positive value of privacy and security efforts, leading to hire of critical staff of five.
  • Led SAS 70 IT General Controls audit efforts to retain key clients in highly regulated industries.
  • Developed and led ongoing (continuous) IT risk assessment and control improvement processes.
  • Regularly reported to Board of Directors, risk committee of Board of Directors, company executives.
  • Key member of decision team for $1 million IT security capital budget; responsible for $500,000 department budget.

SCHOOL OF ACCOUNTING AND LAW, State University of New York at Buffalo

Adjunct Instructor (1/04 – 6/07)

  • Developed and taught Information Systems Audit (MGA 410 / 610) as combined theory and practice course. 

COMPUTER TASK GROUP, Buffalo, NY

Senior Information Security Consultant (6/02 – 5/04)

  • Consulted for health care, insurance, and manufacturing clients throughout U.S. on management practices in both technical and non-technical aspects of information security.
  • Performed interviews, on-site investigations and reviews, technical and physical testing of systems and processes.
  • Presented and implemented information security and disaster recovery programs for manufacturing clients.

Manager, Global Security and Infrastructure (3/01 – 6/02)

  • Created systems, network, and security architectures; developed and analyzed security strategies; established policies and practices for security, network, system, software, configuration management; trained staff.
  • Responsible for $700,000 operating budget, $2.9 million telecom budget, and staff of eight.

Corporate Systems Advisor / Corporate Security Advisor (1/99 – 3/01)

  • Wrote internal information security policy, performed incident response and analysis, coordinated with FBI and US CERT; engineered, installed, administered firewalls; designed network and server security systems.

PROFESSIONAL ACTIVITIES

Information Systems Security Association: President & Founder Buffalo Niagara Chapter (4/03 – present); Ethics Committee, Certification Program Committee, Standards Committee (6/02 – 6/03); Member (11/00 – present); Information Systems Audit and Control Association: President Western New York Chapter (6/04 – 01/05), Program Coordinator (4/03 – 6/04), Board (3/02 – 1/05), Member (2/01 – present); International Association of Privacy Professionals: Member (6/09 – present); Institute of Internal Auditors: Member (6/09 – present); Association for Computing Machinery: Member (2/97 – 1/06)

COMMUNITY ACTIVITIES

Leadership Buffalo: Board (1/05 – 12/06), Community Facilitation Team (7/03 – present; Chair 1/05 – 6/07); FBI InfraGard: Member (2/01 – 6/05); Buffalo Photography Meetup: Co-founder & organizer (4/06 – present)

EDUCATION

Bachelor of Science, Computer Science, State University of New York at Buffalo; President, Computer Science Undergraduate Student Association; Personnel Manager, Computer Science Department Student Labs