IT & Cybersecurity Operations Leader | Global SOC & Vulnerability Management | Cloud & Endpoint Security in Regulated Life Sciences & R&D
Overview
IT and cybersecurity executive with extensive experience designing, implementing, and leading security operations across global, highly regulated organizations. Background includes building security operations functions from the ground up, managing large security technology portfolios, and coordinating enterprise-wide vulnerability management and remediation programs. Work has spanned pharma, healthcare analytics, aerospace research, and energy technology, providing a broad perspective on securing complex, distributed environments. Known for practical, risk-based security leadership, strong vendor and stakeholder management, and a focus on repeatable processes, staff development, and measurable outcomes.
Short Bio
IT and cybersecurity leader with nearly 30 years of experience across pharmaceutical, healthcare, government research, and technology environments. Has built and led global security operations, vulnerability management, and security engineering functions supporting mission-critical and regulated operations. Brings a track record of scaling teams, optimizing security platforms, and aligning cybersecurity programs with organizational strategy.
What I Bring
-
Deep experience leading global IT security operations teams in complex, regulated environments
-
Proven ability to build and scale SOC, vulnerability management, and security technology operations from inception
-
Strong background in cybersecurity maturity assessment, planning, and execution
-
Expertise managing large portfolios of security tools, including SIEM, endpoint, and vulnerability platforms
-
Demonstrated success driving HIPAA, GMP, and FISMA-aligned security practices and compliance
-
Robust vendor management skills, including RFP creation, evaluation, contract negotiation, and transition management
-
Ability to partner effectively with CISO, IT leadership, and business stakeholders on security strategy and delivery
-
Experience integrating OT, IoT, and smart grid technologies into secure architectures
-
History of mentoring, training, and developing high-performing technical and operational teams
-
Strong communication skills bridging technical, operational, and executive audiences
Key Technologies & Product Expertise
-
SIEM platforms and cyber fusion center tools
-
Endpoint security, EDR and XDR technologies
-
Vulnerability assessment and management tools
-
Compliance scanning and configuration management tools
-
Certificate management systems and PKI
-
Security monitoring platforms and SOC toolsets
-
Desktop and server management solutions
-
Cloud platforms with emphasis on AWS and HIPAA-compliant cloud environments
-
Active Directory, including large-scale domain and identity migrations
-
Full disk encryption technologies
-
OT and IoT security controls for smart grid and industrial environments
-
Data retention, backup, and disaster recovery technologies
Titles Held
-
Director, IT Security Operations – Gilead Sciences, Inc., Foster City, CA | 2015 – 2025
-
Director of IT & Security – The Healthcare Colloquium, Columbus, OH | 2014 – 2015
-
Security Engineer – PARC, A Xerox Company, Palo Alto, CA | 2012 – 2014
-
Security Consultant – S&C Electric Company, Alameda, CA | 2012
-
Security Operations Center – Training Manager – NASA Ames Research Center, Mountain View, CA | 2010 – 2011
-
End User Services – Security Management & Engineering Lead – NASA Ames Research Center, Mountain View, CA | 2008 – 2010
-
Distributed National FOQA Archive – Sr. Systems & Security Engineer – NASA Ames Research Center, Mountain View, CA | 2005 – 2010
-
ASRS IT Manager & Security Lead – NASA Ames Research Center, Mountain View, CA | 2000 – 2005
-
Central NASA IT Services – Project Lead and Systems Administration Roles (Windows 2000 Active Directory Agency Level Pilot Project; Software Management Project Lead; Email Support and Systems Administration) – NASA Ames Research Center, Mountain View, CA | 1996 – 2000
Career Highlights
-
Established and grew a Security Operations practice from a 4-person local team to a global organization of over 100 professionals.
-
Led three major security operations towers: SOC (monitoring and incident response), Security Technology Operations (management of 50+ security systems), and Vulnerability Management Service (enterprise-wide assessments and remediation).
-
Drove full lifecycle managed services engagements, from RFP development and vendor selection through contract management and vendor transitions.
-
Served as SME for endpoint security, compliance scanning, vulnerability remediation, certificate management, SIEM, and SOC tooling for a global life sciences enterprise.
-
Acted as a senior member of a Security Risk & Compliance team, partnering with peer directors and the CISO on maturity strategy and solution delivery.
-
As part of a founding management team for a clinical predictive analytics startup, led IT and security operations and executed a HIPAA-compliant AWS cloud migration.
-
Implemented and managed enterprise-level security platforms (SIEM, certificate management, full disk encryption) within a leading research and innovation organization.
-
Performed vulnerability assessments, security planning, and system hardening for a first-to-market smart grid control center, supporting innovative energy technology.
-
Built, deployed, and managed a secure nationwide distributed data system used for aviation safety research, aligning security with diverse industry stakeholders.
-
Created IT security infrastructures and policies to bring NASA aviation safety research environments in line with NASA and NIST standards.
Education & Professional Certifications
-
Certified Cloud Security Professional (CCSP), ISC2 – 2021
-
Information Systems Security Management Professional (ISSMP), ISC2 – 2017
-
Certified Information Systems Security Professional (CISSP), ISC2 – 2007
Languages
Impact
-
Built and scaled a global security operations function that significantly enhanced enterprise detection, response, and vulnerability management capabilities.
-
Drove cybersecurity maturity improvements across life sciences and healthcare environments through coordinated strategy, technology modernization, and process optimization.
-
Strengthened compliance with GMP, HIPAA, and FISMA by embedding security controls into IT operations and partnering with risk and compliance teams.
-
Enabled secure innovation in aviation safety, smart grid technology, and predictive analytics by architecting and operating secure, distributed systems.
-
Elevated organizational cybersecurity culture through structured training programs, staff development initiatives, and cross-functional collaboration.
29
Years of Experience
Fields of Expertise
- Active Directory migration
- attack surface management
- aviation safety systems
- AWS cloud security
- certificate management
- cloud migration
- compliance scanning
- cross-functional collaboration
- cyber fusion center tools
- cybersecurity leadership
- data retention
- desktop and server management
- disaster recovery
- EDR
- endpoint security
- FISMA compliance
- GMP environments
- governance risk and compliance
- GRC
- HIPAA compliance
- incident response
- IoT security
- IT infrastructure
- IT operations management
- IT staff mentoring
- managed services vendor management
- OT security
- patch management
- predictive analytics environments
- risk management
- security engineering
- security maturity assessment
- security operations center (SOC) management
- security platform management
- security solution delivery
- SIEM
- smart grid security
- training program development
- vendor selection and RFPs
- vulnerability management
- XDR