Cybersecurity

He began in web and application engineering roles as a Web Developer, Developer, and Full Stack Engineer. During this period, he developed a deep understanding of application architecture, data flows, and system integrations, including how sensitive data is collected, processed, stored, and transmitted across distributed systems. This engineering foundation established a practical approach to privacy rooted in secure coding, access control, and minimizing data exposure.

He later transitioned into a Technical Solutions Engineer role within Sales Operations, where he bridged engineering and business functions. In this capacity, he worked directly with enterprise clients to design and implement solutions aligned with both technical and regulatory requirements. This role required frequent engagement with contract language, data protection obligations, and security requirements, establishing strong experience in contract review and the legal aspects of privacy and cybersecurity.

He went on to found and lead an integrations team as a Product Manager, sourcing and defining work, scoping engagements, and authoring Statements of Work (SOWs). He architected integration solutions and either implemented them directly or guided engineering teams, leveraging both custom scripting and enterprise platforms such as SnapLogic and Apache Airflow. His work emphasized secure, auditable data movement, system interoperability, and automation as a mechanism to reduce human error and enforce privacy controls.

As Information Security Officer and Data Protection Officer, he built and scaled global cybersecurity and privacy programs across organizations and cloud environments. He implemented governance frameworks, technical controls, and automation strategies to protect sensitive data and operationalize compliance with global privacy regulations. His responsibilities included deep involvement in contract review, ensuring that data protection agreements, cross-border transfer mechanisms, and security commitments aligned with both legal requirements and system capabilities.

He is multi-cloud proficient, with experience across Azure and Oracle Cloud Infrastructure (OCI), and deep expertise in AWS. His cloud work focuses on secure architecture design, identity and access management, centralized logging, and enforcing consistent security and privacy controls across distributed environments.

He has served as the Information System Security Officer (ISSO) supporting federal government contracts, including GSA, U.S. Courts, the U.S. Senate, NIH, DOT, and the Department of Defense. In this capacity, he ensured systems met stringent federal requirements aligned with NIST 800-53 and NIST 800-171, including control implementation, continuous monitoring, and system authorization.

His experience extends significantly into audit and compliance leadership. Over the course of his career, he has led nearly 60 security audits and participated as a key stakeholder in many more, overseeing large, globally distributed teams across organizations operating on every continent except Antarctica. Across these efforts, he has received only a single audit non-conformity. He has played a central role in scaling security programs during mergers and acquisitions, rapidly maturing acquired organizations' security posture to achieve certifications such as NIST 800-53 alignment, SOC 2 Type II, ISO 27001, and Cyber Essentials.

He has also conducted thousands of annual and procurement-related client security reviews and has responded to more than 200 RFPs and tenders over a four-year period, maintaining an approximate 70% win rate. This work required translating complex security and privacy controls into clear, defensible responses aligned with both regulatory expectations and customer requirements.

In addition to governance and technical controls, he has developed and led security awareness and training programs, ensuring that employees across all levels understand their role in protecting sensitive data and maintaining compliance. His approach integrates training into operational workflows to reinforce secure behavior at scale.

He is an active member of the OWASP¹ Leaders Group and the National Capital Region CISSP² community, one of the most established cybersecurity groups. With long-standing experience working at the intersection of emerging technologies and security, including early exposure to AI-driven systems, he is focused on contributing to OWASP¹ initiatives related to AI security and governance in 2026.

¹ OWASP — The Open Worldwide Application Security Project is the preeminent international authority on web application security. Its standards, including the OWASP Top 10, define the baseline for how secure software is built, tested, and audited worldwide.

² CISSP — The Certified Information Systems Security Professional, administered by ISC2, is widely regarded as the gold standard in cybersecurity certifications. It requires a minimum of five years of professional experience across eight security domains, a rigorous examination, and ongoing continuing education — recognized globally as the benchmark for senior security leadership.

Across all roles, his work consistently integrates privacy into engineering, legal, and operational domains, treating data protection as a system-level discipline embedded directly into architecture, processes, and organizational culture.