Past Speaking Engagments
- Nov 6-8 2024, Del Mar, CA "Lets Talk Security Conference", Fairmont Grand Del Mar
Panelist: Cyber Risk Management Will be a Top Priority for Business Leaders in 2024"
- Nov 12-14 2023, Monterey, CA "2023 Cybersecurity, Privacy and Data Protection Retreat", Montery Plaza Hotel & Spa
Panelist: Privacy isn't about compliance, it's about the economy [Final agenda]
[Prelimary Agenda]
- Jan 22-25 2018, Orlando, FL, "IoT Evolution Expo"
Role Based Access Control
- Oct 25 2016, Webinar "Best Practices for IoT Security and Privacy"
I bring together expertise in the areas of Cyber Security, Data
Privacy and Engineering Management.
It's still unusual to find cyber security and data privacy in-depth knowledge
in one individual - though that will likely slowly becoming more commonplace.
And for good reason, as these two issues have quite a lot of overlap
and commonality. If you also need engineering/executive management
experience in the startup B2B SaaS environment - I may well be your unicorn!
I understand the engineering and operational management process - something
that can be significantly impacted by a security program.
I work with (not against) your executive staff as a business enabler,
rather than the person saying "NO" to business initiatives that have
security implications.
I'm accustomed to working with senior executive staff, mid-management,
and individual contributors, as well as with customers, and
technical auditors. I'm also well versed in working with legal
counsel, both external and internal.
I have hired and managed development and support engineers, program
managers, QA managers, and certification engineers in the US, EU,
Japan and India.
My main focus is on helping business leaders in small & medium size
businesses, and especially technology startups, right-size their
security and data privacy practices. I help them understand their
current situation, and then plan their security program goals and
timelines based on how we expect the company's risk, risk loss threshold,
and growth "curves" to look over the foreseeable future.
Sometimes, rather than security being a "loss" center, I can help
use security information as a business enabler. This can be highly
dependent on the market a particular business is in.
Experience
I have 10 years experience implementing, and running security and
data privacy programs. I drove the preparation for an IoT backend provider's
ISO 27001 and SOC2 audit program, later adding ISO 27018. I defined
the product and procedural changes needed to help them meet the GDPR, and
later CCPA requirements.
My early career began in the Design Automation field. I then
held numerous engineering and engineering management positions
with Sun Microsystems, and SafeNet. At Sun, I began my management
career in the company's JavaSoft arm, running a team that helped
Java licensees porting the smaller Java implementations (JavaOS,
JavaCard, EmbeddedJava) onto their own hardware. Later, I ran a
group working to get an OEM and Licensing LOB up and
running for the SunRay thin-client hardware and server product.
My final 6 years at Sun I managed the Solaris Security group's
efforts including Kerberos, PAM, making the OS "Secure by Default",
supporting a TPM, and the merger of what had been "Trusted Solaris"
into the main Solaris release as a configuration known as "Trusted
Extensions". "Trusted" was Sun's configuration used by US and allied
Govenments (mostly the spooks).
At SafeNet
I managed hardware selection and software development for the KeyManager and
KeySecure rack-mount products.
I participated as a member of UC/Chico's Advisory Board for their
"Cybersecurity for Executives" program.
I hold a BS in Computer Engineering from Case Western Reserve University's
Case Institute of Technology, and currently hold the following professional
credentials:
(ISC)ˆ2 Information Security Certificate:
IAPP Privacy Certificates:
