Examples of Work I Like

  • Translating ideas from thought to execution
  • Improving privacy and security
  • Enabling consumer and employee trust
  • Conducting investigations
  • Defining security, privacy, and governance frameworks to protect and secure digital assets
  • Seeking insight with data
  • New products, services and business creation with hands-on approach to development
  • Constructing analytics and data governance frameworks and solutions
  • Building and securing applications and data—particularly data about people
  • Training others on analytics and data literacy
  • Establishing operations and infrastructure
  • Developing ethical and trusted computing environments and information practices

Experience

Security

  • Advising organizations on practical security and incident response programs for data center, cloud and third-party application services.
  • Advising on data risk and handling for governance, compliance and security assessments.  Data risk supplements information security risk.
  • Integrating security and privacy into business operations and infrastructure. All third-party services and applications including Google Analytics and Optimizely should have security and privacy practices.
  • Building, securing, and auditing applications and data—particularly data about people
  • Development of internal and external threat monitoring programs to improve business intelligence and reduce risk
  • Advisement on next generation privacy and security risks such as cloud-based architectures, DevOps, and data-as-a-service
  • Proactive vulnerability assessment and remediation for IT, applications, and data

Analytics

  • Development of analytic protocols and systems to identify individuals and their personal information –across several industry sectors and technology platforms.
  • Modeling of structured and unstructured data to profile users, establish identity, confirm personal data, and other characteristics
  • Define data architecture models and specifications in healthcare, insurance claims, fraud, and customer management systems (CRM)
  • User behavior surveys, habits, and practices studies to develop new products and services
  • Modeling adjusters’ decision-making in legal liability assessments
  • Developing analytics systems to classify and value bodily injury and auto accident damages

Product Development and Management

  • Collaborating on new technologies and services to deliver better assurance of privacy and security practices
  • Creating analytics services tools for use by consultants in information security and liability assessments
  • Developing and selling  software solutions such as events management
  • Advising firms on implementing privacy and security practices into product development and management processes.
  • Advising on use, protection, and release of healthcare data in online research and consumer applications.

Investigations and Discovery

  • Data breaches, theft of trade secret, and employment forensic investigations
  • Online investigations into cyber-threats, fraud and synthetic identity
  • Recovery and re-construction of lost, deleted and stolen data
  • Electronic discovery and text analytics
  • Website and cloud security and vulnerability assessment
  • Data technology and analytics consulting in litigation

Education

Currently Studying:

  • MS, Cybersecurity (Graduating Dec 2017), The University of Maryland, Adelphi, MD
  • MS, Data Science (Graduating Dec 2018), The University of Wisconsin, Green Bay, WI

Prior Studies:

  • BS, Chemical Engineering (1987 – 1991), Worcester Polytechnic Institute, Worcester, MA
  • MBA Candidate, Marketing (1992 – 1994) , Xavier University, Cincinnati, OH
  • Certificate, Strategic Information Systems (1998). University of California, Berkeley, CA
  • GIAC Computer Forensics Investigations – Windows  (2012). The SANS Institute, Monterey, CA
  • GIAC Web Application Pen Testing and Ethical Hacking  (2013). The SANS Institute, Monterey, CA
  • Privacy Foundations and CIPP/US Training  (2013). International Association of Privacy Professionals, San Francisco, CA
  • GIAC Network Intrusion and Log File Analysis (2014). The SANS Institute, San Diego, CA
  • Certificate of Cloud Security Knowledge (CCSK) Training (2015). Cloud Security Alliance, Las Vegas, NV

Certifications:

  • Certified Fraud Examiner (CFE # 587128), Association of Certified Fraud Examiners
  • GIAC Certified Forensic Examiner (GCFE # 722), Global Information Assurance Certification
  • GIAC Certified Web Application Pen Tester (GWAPT # 4139), Global Information Assurance Certification
  • Certified Information Privacy Technologist (CIPT # 1008411), International Association of Privacy Professionals
  • Certified Information Privacy Manager (CIPM), International Association of Privacy Professionals

Publication

Presentations

  • California Health Information Association (2016) – “Uncover Hidden Gaps in Data Management and Achieve Better Information Security”
  • CalCPA Tax Audit Section (2015) – “Overview of fraud in business, detection and prevention techniques”
  • AG Gallagher Axis Pro seminar (2015) – “5 Things Hackers Don’t Want SMBs to Know”
  • California Health Information Association (2014) – “PII/PHI Exposure Exists in Your Organization”
  • CalCPA Litigation Section (2014) – “Putting Forensics and eDiscovery to Work”
  • myLawCLE live webinar (2013) – “Legal & Technical Issues Concerning Evidence in Data Breach”
  • Women in eDiscovery: San Francisco chapter (2012) – “Privacy and Hackers: How what you don’t know can hurt you”
  • Wave University webinar (2011) – “Still on Stage: Boolean Search”
  • ACI Conference Institute (1997) – Building a customer satisfaction survey program

Publications

  • “Good Data Quality is Better Security”, Kivu Labs Blog (November 2015)
  • “Forensic Analysis Reveals Data Leaks in HIPAA Compliant Software”, 2015 Kivu White Paper with Law Firm Epstein Becker (October 2015)
  • “Security Guidance for Early Adopters of the Internet of Things (IoT)” (Review only), Cloud Security Alliance (April 2015)
  • “Identifying the Presence of Encryption”, Kivu Labs Blog (February 2015)
  • “Using Web Pages in Forensics Investigations”, Kivu Labs Blog (January 2015)
  • “Gambling with InfoSec in the Cloud”, Kivu Labs Blog (December 2014)
  • “Information Security of HIEs – Are Humans the Weakest Link?”, ID Experts Blog (January 2014)
  • “Analytics May Reduce PHI Exposure Risk in a Healthcare Data Breach”, ID Experts Blog (April 2013)
  • “Security Guidance for Critical Areas of Mobile Computing version 1.0”, contributing author for Mobile Authentication Risk, Cloud Security Alliance (November 2012)
  • “Solid State Drives: Forensic Preservation Issues”, [In]Secure Magazine (June 2012)
  • “Quicken: Deleted Data Has Hidden Traces”, Digital Forensic Investigator News (August 2011)
  • “Virtual Machines: Added Planning to the Forensic Acquisition Process”, [In]Secure Magazine (March 2011)