The Shyft Group
October 2021 – Present
- Managed IT system, network, and application security
- Directed technical projects aligned with Shyft’s cybersecurity goals and objectives
- Responsible for the creation of the Shyft Group’s strategic and tactical cybersecurity roadmap
- Lead Shyft’s IT governance efforts in the development of policies, standards, and procedures
- Lead Incident Commander of Shyft’s incident response program
Risk and Compliance Manager
Allen Park, MI
June 2018 – October 2021
- Responsible for the development of Aptiv’s governance, risk, and compliance program with an emphasis on NIST 800-30, NIST Cybersecurity Framework, Centers for Internet Security Top 20, and ISO 27001/27002.
- Function as the Data Privacy Officer for Connected Services, responsible for managing the divisions General Data Protection Regulation (GDPR) and California Consumer Protection Act (CCPA) programs.
- Manage and mentor employees related to risk management, software development, and incident response.
- Ensure the security of Connected Services software development, cloud-based server/serverless IT systems, PKI, and product lines.
- Develop information technology policies, standards, and procedures.
vCISO Executive Advisor
Data Protection Partners
March 2020 – October 2021
- Perform audits to identify gaps in cybersecurity programs.
- Develop cybersecurity programs based upon the Centers for Internet Security Top 20 Security Controls.
- Provide executive leadership to information technology and security teams.
Chief Information Security Officer
Merit Network, Inc.
Ann Arbor, MI
October 2015 – June 2018
- Created Merit’s Community CISO program which performed risk assessments for member organizations. The team evaluated administrative and technical controls based on the use of Open Source Intelligence, NIST Cybersecurity Framework, and the Centers for Internet Security Critical Security Controls.
- Responsible for Merit’s internal governance, risk, and compliance program.
- Co-chaired the development of Merit Network’s Cyber Defense Portfolio which provided managed security services to its membership.
- Developed content for workshops and presentations which have been given throughout the country.
- Hired and managed Merit’s cybersecurity team providing feedback on performance, gave direction and follow up tasks, and had weekly 1 on 1 meetings with individual staff members.
- Created training workshops for internal employees on various security related topics.
Enterprise Security Architect
State of Michigan
March 2012 – October 2015
- Perform key security roles assisting state agencies in architecting new or existing systems, identify risks, and develop compensating controls and remediation plans.
- Ensure agency systems met federal, state, and 3rd party regulatory compliance requirements.
- Lead security architect for projects related to federated identity management and deployment of internal cloud services.
- Create and modify State of Michigan security-related policies, standards, and procedures.
- Co-chair of the Enterprise Audit team and a member of the PCI, Enterprise Architecture, Solution Design Team, and Medicaid Compliance Project core teams.
- Conduct preliminary audits for the state’s IRS and Affordable Care Act programs to ensure they meet Publication 1075 and NIST SP 800-53 control objectives.
- Develop continuing education for internal staff.
- Conducted Department of Technology, Management, and Budget control evaluations using CobiT 4.1 governance framework.
Senior Systems Engineer
Keystone / Millbrook Printing Company
Grand Ledge, MI
June 2010 – March 2012
- Developed and executed a project to redesign the company’s data center to provide high availability for the company and its customers.
- Lead systems engineer for managed hosting services of external customers which included web, email, and database hosting.
- Simplified desktop and server configuration along with implementing centralized identity management.
- Improved Linux deployment and management by creating customized scripts, implemented centralized conﬁguration management services, and custom RPM development.
Ferris State University
Big Rapids, MI
May 2007 – June 2010
- Lead high profile security projects which included multifactor authentication and full disk encryption.
- Deployed hard drive and removable media encryption software to high risk users.
- Migrated the university’s LDAP servers while adding multimaster replication for high availability, SSL encryption, and roaming user home directories.
- Developed new server builds based on industry standard security guidelines along with creating tools to streamline the process.
- Supervised student employees who worked for the enterprise technology services department. Responsible for assigning projects, mentoring, and giving yearly reviews to those employees.
Ferris State University
Big Rapids, MI
Master of Science
Information Systems Management
Advanced Studies Certificate In Information Security and Network Management
Graduated: May 2009
Central Michigan University
Mount Pleasant, MI
Bachelor of Science
Major: Information Technology
Minor: Media Design, Production, and Technology
Graduated: May 2007
Certified Information Systems Security Professional (ISC2)
AWS Certified Cloud Practitioner (AWS)
Certified Security Web Application Engineer (Mile2)
Certified Penetration Testing Engineer (Mile2)
ITIL v.3 Foundation (AXELOS Ltd.)
CobiT v.4.1 Foundation (ISACA)