Developed numerous risk management and security programs for financial institutions and large companies, including operational risk programs, IT security programs, information security frameworks, disaster recovery policies, and intrusion detection systems policies. Provided consulting services related to risk assessment, security controls, and regulatory compliance. Established new business lines and sales channels in cybersecurity insurance and developed assessment tools to rate insurability. Delivered over 500 audit training classes to over 4,500 professionals on topics like integrated auditing, client/server systems, and distance learning. Conducted numerous security, audit, and risk-related presentations to executives, regulators, and professional organizations.

1. Professional AchievementsProfessional Achievements
Operational Risk, IT Infrastructure and Security ConsultingOperational Risk, IT Infrastructure and Security Consulting
Developed an online Enterprise wide Operational Risk and Mitigation Program for Financial Services
(Banks, Thrifts, and Credit Unions). Developed an IT Security and Control Self-Assessment Program
with a focus on Sarbanes Oxley Act (SOX) (Corporate and IT Governance). Developed Information
Technology Enterprise Wide Risk Program based upon the Control Objectives for Information and
related Technology. Developed and implemented a Global Computer Incident Response Team (CIRT).
Project managed the implementation of a Global Intrusion Detection Program including a Security
Operations Center. Developed an IT Security Control Self-Assessment Program that incorporated a Risk
Mitigation Process. Developed a Global Disaster Recovery Policy and related standards for a multi-
billion dollar international natural resource company. Developed Intrusion Detection Systems Policy for a
multi-billion dollar company. Developed a Credit Risk Program subscription services that focused on
Loan Portfolio Management. Developed an Enterprise-Wide Risk Assessment and Mitigation Program
for an $8 Billion Bank. Developed and conducted GLBA 501b Assessments. Developed a managed
security service offering. Recruited experts in wireless, IDS, manage security services, cyber insurance,
sales, project management, resource deployment, product and service development, and computer
forensics to create a unique organization in the Southern Region of the US. Program managed the
development of a cost effective online security/privacy/underwriting assessment tools. Established a
cyber risk division that provided unique service offerings to insurance carriers. Consulted numerous net
generation and click and mortar companies regarding information security. Managed the development of
the IT security infrastructure for all of IBM’s Business Innovation Centers. Directed the e-Risk program
for IBM. Effectively managed the insurance carrier channel cyber risk insurance offering. Achieved an
annual revenue target of 5 million within six months. Prepared and presented statements of work to IBM
clients seeking security and privacy services. Conducted security assessments of companies seeking
hacker insurance – loss control services for the cyber world. Developed an Audit Compliance Program to
assist Information Services management in the assessment and closure of risk observations stemming
from security reviews. Planned and conducted Security Architectural Discoveries of Information Services
environments. Developed an InfoSec Framework for Information Services. Planned and conducted
Architectural Compliance reviews of Oracle Financials/Human Resources and PeopleSoft Financials and
Human Resources applications.
Sales and Marketing / ManagementSales and Marketing / Management
Established teaming relationships with law firms to delivery security and privacy services under
attorney/client privilege to their clients. Developed an online assessment tool used by insurance carriers
to rate the level of insurability of companies seeking cyber insurance. Created a new sales channel by
partnering with Insurance carriers that resulted in paid sales calls and qualified prospects. Program
managed the development of a patented software application to deliver via the Internet surety bonds for
online auction sites. Developed marketing and sales strategy for start up companies (ActivCard - within 3
months of implementation resulted in $1,300,000 in sales of products and services. Participated in
commission planning and territory allocation. Established and managed major accounts. Designed
products and services collateral. Created Channel Program for OEMs, Sales Consultants, Resellers, and
Distributors. Provided service, problem solving, and account research. Designed product enhancements.
Prepared articulate and professional sales presentations. Managed daily sales operations with direct
supervisory responsibility for sales team. Designed the sales process. Created client-survey instrument
to expedite the lead qualification process. Developed operational and administrative procedures.
Established job descriptions for sales team. Implemented mentor program for sales team.
Audit Training and DevelopmentAudit Training and Development
Developed and implemented a strategic training and development plan. Designed and delivered
programmed courseware (workbook/audio and Computer Based). Designed and implemented a needs
analysis process. Developed a program that promoted the transfer of training from the classroom to the
workplace. Implemented a Client / Server training curriculum to promote the integrated auditor approach.
Consulted Senior Audit management on organizational development issues. Designed and delivered
over 500 instructor led audit classes to over 4,500 professional internal auditors. Implemented a
distance-learning program. Negotiated contracts that resulted in substantial savings of over $400,000.
Facilitated sessions that produced audit guidelines for UNISYS and UNIX based platforms. Sponsored
conferences for Information Systems Auditors and Senior Audit Management.

2. Audit Management and PracticeAudit Management and Practice
Develop a key indicator program for earlier detection of the degradation of controls. Designed a liaison
program that improved communication between auditees and auditors. Conducted operational audits that
resulted in improved processes within various operational areas. Designed a mentor program for new
auditors. Conducted fraud investigations. Participated on a task force that developed a Risk Assessment
Process.
Presentations and InstructionPresentations and Instruction
Presented to over 280 CEOs of Banks at the State of New Jersey Commissioner’s Symposium.
Regular presenter at IBM’s Executive Briefing Centers. Presented at the Federal Financial Institutions
Examination Council’s Emerging Issues Conferences to over 7,000 regulatory examiners on subjects
such as: Electronic Banking, Electronic Commerce, Electronic Cash, Network Security, Internet Security,
Encryption, Smart Cards, User Authentication and PKI, Privacy (GLBA). Presented at the Annual
Supervision and Regulation Conference at the Federal Reserve Bank of Cleveland on the subject of
User Authentication. Presented at ISACA Jacksonville and Tampa Chapter Meetings. Presented at the
GARUG Meetings. Presented at the FDIC Electronic Banking Primer Conference. Presented Making
Training Work for Small Audit Shops at the General Audit Conference sponsored by the Institute of
Internal Auditors. Taught the Integrated Auditor class for the Institute of Internal Auditors.