Examples of Work I Like
- Translating ideas from thought to execution
- Improving privacy and security
- Enabling consumer and employee trust
- Conducting investigations
- Defining security, privacy, and governance frameworks to protect and secure digital assets
- Seeking insight with data
- New products, services and business creation with hands-on approach to development
- Constructing analytics and data governance frameworks and solutions
- Building and securing applications and data—particularly data about people
- Training others on analytics and data literacy
- Establishing operations and infrastructure
- Developing ethical and trusted computing environments and information practices
Experience
Security
- Advising organizations on practical security and incident response programs for data center, cloud and third-party application services.
- Advising on data risk and handling for governance, compliance and security assessments. Data risk supplements information security risk.
- Integrating security and privacy into business operations and infrastructure. All third-party services and applications including Google Analytics and Optimizely should have security and privacy practices.
- Building, securing, and auditing applications and data—particularly data about people
- Development of internal and external threat monitoring programs to improve business intelligence and reduce risk
- Advisement on next generation privacy and security risks such as cloud-based architectures, DevOps, and data-as-a-service
- Proactive vulnerability assessment and remediation for IT, applications, and data
Analytics
- Development of analytic protocols and systems to identify individuals and their personal information –across several industry sectors and technology platforms.
- Modeling of structured and unstructured data to profile users, establish identity, confirm personal data, and other characteristics
- Define data architecture models and specifications in healthcare, insurance claims, fraud, and customer management systems (CRM)
- User behavior surveys, habits, and practices studies to develop new products and services
- Modeling adjusters’ decision-making in legal liability assessments
- Developing analytics systems to classify and value bodily injury and auto accident damages
Product Development and Management
- Collaborating on new technologies and services to deliver better assurance of privacy and security practices
- Creating analytics services tools for use by consultants in information security and liability assessments
- Developing and selling software solutions such as events management
- Advising firms on implementing privacy and security practices into product development and management processes.
- Advising on use, protection, and release of healthcare data in online research and consumer applications.
Investigations and Discovery
- Data breaches, theft of trade secret, and employment forensic investigations
- Online investigations into cyber-threats, fraud and synthetic identity
- Recovery and re-construction of lost, deleted and stolen data
- Electronic discovery and text analytics
- Website and cloud security and vulnerability assessment
- Data technology and analytics consulting in litigation
Education
Currently Studying:
- MS, Cybersecurity (Graduating Dec 2017), The University of Maryland, Adelphi, MD
- MS, Data Science (Graduating Dec 2018), The University of Wisconsin, Green Bay, WI
Prior Studies:
- BS, Chemical Engineering (1987 – 1991), Worcester Polytechnic Institute, Worcester, MA
- MBA Candidate, Marketing (1992 – 1994) , Xavier University, Cincinnati, OH
- Certificate, Strategic Information Systems (1998). University of California, Berkeley, CA
- GIAC Computer Forensics Investigations – Windows (2012). The SANS Institute, Monterey, CA
- GIAC Web Application Pen Testing and Ethical Hacking (2013). The SANS Institute, Monterey, CA
- Privacy Foundations and CIPP/US Training (2013). International Association of Privacy Professionals, San Francisco, CA
- GIAC Network Intrusion and Log File Analysis (2014). The SANS Institute, San Diego, CA
- Certificate of Cloud Security Knowledge (CCSK) Training (2015). Cloud Security Alliance, Las Vegas, NV
Certifications:
- Certified Fraud Examiner (CFE # 587128), Association of Certified Fraud Examiners
- GIAC Certified Forensic Examiner (GCFE # 722), Global Information Assurance Certification
- GIAC Certified Web Application Pen Tester (GWAPT # 4139), Global Information Assurance Certification
- Certified Information Privacy Technologist (CIPT # 1008411), International Association of Privacy Professionals
- Certified Information Privacy Manager (CIPM), International Association of Privacy Professionals
Publication
Presentations
- California Health Information Association (2016) – “Uncover Hidden Gaps in Data Management and Achieve Better Information Security”
- CalCPA Tax Audit Section (2015) – “Overview of fraud in business, detection and prevention techniques”
- AG Gallagher Axis Pro seminar (2015) – “5 Things Hackers Don’t Want SMBs to Know”
- California Health Information Association (2014) – “PII/PHI Exposure Exists in Your Organization”
- CalCPA Litigation Section (2014) – “Putting Forensics and eDiscovery to Work”
- myLawCLE live webinar (2013) – “Legal & Technical Issues Concerning Evidence in Data Breach”
- Women in eDiscovery: San Francisco chapter (2012) – “Privacy and Hackers: How what you don’t know can hurt you”
- Wave University webinar (2011) – “Still on Stage: Boolean Search”
- ACI Conference Institute (1997) – Building a customer satisfaction survey program
Publications
- “Good Data Quality is Better Security”, Kivu Labs Blog (November 2015)
- “Forensic Analysis Reveals Data Leaks in HIPAA Compliant Software”, 2015 Kivu White Paper with Law Firm Epstein Becker (October 2015)
- “Security Guidance for Early Adopters of the Internet of Things (IoT)” (Review only), Cloud Security Alliance (April 2015)
- “Identifying the Presence of Encryption”, Kivu Labs Blog (February 2015)
- “Using Web Pages in Forensics Investigations”, Kivu Labs Blog (January 2015)
- “Gambling with InfoSec in the Cloud”, Kivu Labs Blog (December 2014)
- “Information Security of HIEs – Are Humans the Weakest Link?”, ID Experts Blog (January 2014)
- “Analytics May Reduce PHI Exposure Risk in a Healthcare Data Breach”, ID Experts Blog (April 2013)
- “Security Guidance for Critical Areas of Mobile Computing version 1.0”, contributing author for Mobile Authentication Risk, Cloud Security Alliance (November 2012)
- “Solid State Drives: Forensic Preservation Issues”, [In]Secure Magazine (June 2012)
- “Quicken: Deleted Data Has Hidden Traces”, Digital Forensic Investigator News (August 2011)
- “Virtual Machines: Added Planning to the Forensic Acquisition Process”, [In]Secure Magazine (March 2011)


