It's not a matter of IF you will get attacked, it's a matter of how you will respond when it happens.
Senior Cyber Security Architect & SME
Eagle Scout ∙ US Navy Veteran ∙ Family Man
My Background
Innovative IT Security Architect with over 18 years of experience in analyzing, designing, and implementing security solutions to protect over $30 billion in IT assets for clients in the Oil & Gas, Cloud Services, Financial, and Telecommunications industries, as well as the US Navy. A subject matter expert known for advising senior leadership on PCI DSS/NIST/CIS compliance, cloud/container and on-premises cybersecurity approaches, resolving complex issues, and architecting highly effective risk mitigation solutions to guard against known and zero-day threats. Qualifications include certifications in Cybersecurity, Network Security, and Networking, along with experience in all eight CISSP domains, threat hunting, CI/CD pipeline security, and secure software development lifecycle management for cloud, containerized, and traditional IT systems. Recognized as a strategic leader for spearheading enterprise-level initiatives, building high-performance teams, driving continuous improvement, reducing security costs, and delivering results for industry-leading organizations such as VMware, H&R Block, Visa Inc., Chevron, Orange Business Services, Accenture, EOG Resources, and the US Navy.
My Experience
Senior Staff Security Architect/Engineer - VMware by Broadcom - Remote
May 2022 - Current
Led all aspects of the organization’s container security and vulnerability management program for 16 releases of the Tanzu Kubernetes Grid solution, each comprising over 100 components and hundreds of packages per release. Collected detailed information from over 30 teams and 100+ component code repositories to analyze and assess over 2,000 critical and high vulnerabilities, determining exploitability, impact, likelihood, and remediation/mitigation strategies.
Senior Security Architect/Engineer - H&R Block - Remote
Nov 2020 - May 2022
Coordinated with cross-functional teams to gather architectural, procedural, policy, and technical information to design and implement robust cybersecurity solutions, strengthening enterprise infrastructure and significantly enhancing defenses against known and zero-day threats. Developed and presented comprehensive documentation to educate all organizational levels on the value of investing in cybersecurity technologies, including the designs, processes, and procedures for implementing and operationalizing these solutions. Calculated the current and projected ROI for each deployed technology.
Cyber Security Architect - Visa - Remote
Mar 2020 - Sept 2020
Conducted security assessments and security architecture design reviews in a high-tempo environment for over 50 cloud-based applications and their associated infrastructure. Led multiple teams, including SSDLC, Penetration Testing, Mobile Security, PCI Assessment, IAM, Third Party Risk, and Cyber Engineering, to ensure all aspects of new and existing applications were evaluated for risk, and developed remediation initiatives to address each identified risk.
Senior Security Architect/Engineer - AT&T - Austin, TX
Sept 2019 - Nov 2019
Evaluated NIST and HIPAA compliance for DADS applications under the HHSC umbrella. Identified the controls required for the 39 DADS applications to meet NIST medium system category compliance and HIPAA overlays.
Data Loss Prevention Architect - State of Texas - Austin, TX
May 2019 - Sept 2019
Designed and implemented the Data Loss Prevention (DLP) program for the Office of the Comptroller’s enterprise network, collaborating with multiple divisions to secure data at rest, in motion, and in use through Exact Data Matching (EDM), custom regex matching, proximity rules, data tagging, and egress thresholds. Cultivated cross-divisional collaboration and teamwork.
Cyber Security Architect - EOG Resources - Houston, TX
Apr 2018 - Sept 2018
Enhanced the cybersecurity posture of EOG Resources using the NIST Cybersecurity Framework by evaluating security needs at both architectural and granular levels, identifying gaps, and leading multiple security projects that significantly increased resilience to external and internal threats.
Information Security Operations Manager - MRC Global - Houston, TX
Dec 2017 - March 2018
Managed Security Operations for MRC Global’s advanced security platform and extensive network of vendors through strategic planning, implementation, and oversight of security systems, applications, and processes. Oversaw multiple teams and projects while providing subject matter expertise in security services, incident management, and vendor relations.
Technical Security Manager - Orange Business Services - Remote
Mar 2017 - Sept 2017
Managed IT security for Orange Business Services’ $100M platform by analyzing and optimizing security systems, applications, and processes. Led strategy sessions with customers, providing subject matter expertise on security services, incident management, and service quality.
Security & Account Management Systems Analyst -Â Chevron - Houston, TX
Apr 2016 - July 2016
Delivered IT security solutions for Chevron’s $300M global enterprise. Leveraged subject matter expertise to develop solutions and provide recommendations for both process control and business networks.
Incident Response Analyst -Â Accenture - Houston, TX
Jan 2016 - Apr 2016
Managed Intrusion Prevention/Detection Systems to secure Hess Oil’s $250M global enterprise network and implemented IT security architecture best practices and other improvements.
IT Security Analyst II -Â Dyonyx - Houston, TX
Nov 2014 - Sept 2015
Managed comprehensive security assessments and testing for DYONYX and its clients, leveraging multiple compliance standards, including NIST, STIG, and FedRAMP.
Security & Network Administrator -Â Frosch - Houston, TX
Dec 2013 - Sept 2014
Led comprehensive infrastructure security and network operations management initiatives to resolve cybersecurity incidents, investigate root causes, and implement remediation strategies to prevent future compromises.
Cyber Security & Network Manager - US Navy - Houston, TX
Sept 2005 - Nov 2013
Managed IT Security Operations, Network Security, and Cyber Threat Intelligence to protect $100M in assets for the U.S. Navy from internal and external threats. Leveraged multiple threat intelligence sources—including open source, commercial, and military feeds—to provide data inputs to specialized threat intelligence platforms.
Education
My Studies
John Foster Dulles HS
Aug 2000 - June 2004
I graduated with honors from the Texas Scholar Program which is an advanced degree. My core studies were general education and advanced computer-aided drafting.
US Navy Vocational School
This school taught me advanced networking techniques for Linux based systems used for global command and control information.
Oct 2008 - Dec 2008
US Navy Vocational School
This school taught me advanced networking and cyber security for Windows based systems primarily used for mission-critical applications.
Oct 2010 - Dec 2010
CompTIA Netork+ Certification
This is a vendor-neutral certification that proves an IT professional's expertise in managing, maintaining, troubleshooting, installing and configuring basic computer networks.
Oct 2008 - No Expiration
CompTIA Security+
Dec 2010 - No Expiration
CompTIA Security+Â is a global certification that validates the baseline skills you need to perform core security functions and pursue an IT security career. It establishes the core knowledge required of any cybersecurity role.
My Skills
Active Listening
AI Prompt Engineering
Security Design and Implementation
Cloud Security Architecture Design
Kubernetes Security
Emotional Intelligence
Strategy Development & Implementation
Critical Thinking
Creative Problem Solving
User Behavior & Entity Analytics
Data Loss Prevention
OWASP
Vulnerability Assessment & Management
​NIST CSF
Security Solution Optimization
Project Management
Cloud Security Controls Assessment
Security Initiative Prioritization
Vendor Analysis & Management
End-user Security Awareness Training
Documentation
Risk Assessment & Management
Cloud Access Security Broker
Defense Automation
Security Roadmap Development
STRIDE & DREAD Threat Modeling
Threat Intelligence & Hunting
Team Development & Coaching
CIS, PCI, GDPR, CCPA Compliance
Proxies & Traffic Decryption
Risk Assessment
Leadership
​Threat Analysis and Remediation
"Cyber-Security is much more than a matter of IT"