What is a CISO

A Chief Information Security Officer (CISO) is the senior-level executive within an organization responsible for establishing and maintaining the enterprise vision, strategy and program to ensure information assets and technologies are adequately protected. The CISO directs staff in identifying, developing, implementing and maintaining processes across the organization to reduce information and information technology (IT) risks. They respond to incidents, establish appropriate standards and controls, manage security technologies, and direct the establishment and implementation of policies and procedures. The CISO is also usually responsible for information-related compliance.

Who am I

I am the founder and president of Working Security, Inc. With over 25 years experience in the information technology field, I’ve designed, implemented, and managed I/T systems, managed I/T teams, and developed policies and processes for organizations around the globe. I’m a Certified Chief Information Security Officer (C|CISO ec-Council), a Certified Ethical Hacker (C|EH), and Certified Information Systems Security Professional (CISSP).    

In my work, I’ve represented many organizations, acting as their advocate or leading operational teams, in the performance of security tests, and responding to information security audits. Through these efforts, I’ve helped clients identify vulnerabilities, develop risk mitigation strategies and practices to meet and exceed compliance mandates under HIPAA, SOX, PCI-DSS, SSAE-16, NERC and other standards.

I’ve served as an engineer, architect, and project manager within multiple business lines at IBM Global Services, security director of a U.S. cloud hosting provider, and a consultant for a U.S. information technology value added reseller. I provide I/T consulting services to organizations ranging from startups through Fortune 100 across multiple expertise domains.

My direct project experience includes over 150 engagements across multiple industries:

  • Financial: Retail Banking, Financial Markets, Insurance
  • Energy and Communication: Energy/Utility, Media, Telecom
  • Product and Distribution: Consumer Products, Retail, Travel and Transportation, Wholesale Distributors
  • Industrial: Air and Defense, Automobile, Chemical, Electrical
  • Public: Education, Health Care, Government, Life Sciences

I hold the following certifications:

  • Certified Chief Information Security Officer – EC-Council
  • Certified Ethical Hacker – EC-Council
  • Certified Information Systems Security Professional (CISSP from ISC2)
  • GIAC Certified Forensics Analyst (SANS Institute)
  • Missouri Licensed Private Investigator (#2014024060)
  • Information Technology Infrastructure Library (ITIL v3)
  • Project Management Professional (PMP from Project Management International)
  • Certified Scrum Master (Agile Project Management)

My work has been featured in print, online and in broadcast media including CBS/KMOX, The St. Louis Metropolitan Medical Journal, Hakin9 Magazine and SearchSecurity. I regularly speak to professional organizations in I/T security, finance, health care, and the community about maintaining secure systems through effective use of human resources, technology and policies.

I am a SANS mentor, member of the International Association of Privacy Professionals (IAPP), the St. Louis Chapter of InfraGard (FBI/Private Industry), and an Assistant Scoutmaster in the Boy Scouts of America.

What I can do for you

I believe improving privacy and security for the public includes sharing information when possible. In addition to services offered through my company, Working Security, I am available to speak or serve on panels.

Media Interviews

Articles, Blog and Newsletters Contributions