
Resume
Executive business leader with significant experience identifying and driving profitable, strategic growth opportunities. Demonstrated record of effectively leading high-performing teams to deliver strong financial and operational results in fast-paced environments. Proven ability to enable business transformation leveraging Information Security solutions. Results focused and effectual leader with additional strengths in:
- Successfully managing cross-functional teams to achieve business goals, including marketing, sales, operations, and finance.
- Creating a vision and implementing strategies to improve operational efficiency, resulting in cost savings, higher uptime, and increased profitability.
- Managing budget planning and financial forecasting to ensure the organization meets its financial targets.
- Building and maintaining strong relationships with vendors and partners to ensure the organization has resources to drive operational effectiveness.
- Conducting research and analyzing data to inform business decisions and identify risk reduction opportunities.
- Implementing processes and procedures to improve organizational effectiveness, including streamlining workflows and implementing new technology solutions.
- Leading the development and implementation of new products and services, resulting in increased revenue and market share.
- Managing customer relationships and implementation strategies to improve customer satisfaction and retention.
- Partnering with executive leadership and board members to develop and execute the organization’s strategic goals and objectives.
- Tracking and analyzing key performance metrics to identify areas for improvement and make data-driven decisions.
Experience
MEDHOST of Tennessee, Inc.
Chief Information Security Officer / Vice President
October 2018 – February 2024
Accountable for defining and delivering security strategy and capabilities across the enterprise for infrastructure, product development, technical services, and cloud services. Responsible for risk governance while strengthening productive relationships with all business unit leaders, acting as a true partner, and making security a business enabler. Key accomplishments are:
- Strategy: Advised executive leadership and board members on emerging threats and risks with potential to undermine the company’s goals and evolving needs. Recommended practical solutions for risk reduction. Reduced cyber insurance costs while preventing ransomware attacks by implementing proven controls around privileged identity management, logging and monitoring, and IT governance checks.
- Security Services: Created security services under the MEDTEAMS organization consisting of managed defense and response (MDR) and virtual CISO offerings. Reduced costs while focusing on growth by identifying opportunities to utilize existing tooling and in-house expertise and processes.
- Regulatory Compliance: Managed 4 annual System and Organization Controls (SOC) type 1 & 2 reports to assure our clients their sensitive data remained secure within the MEDHOST ecosystem.
- Team Development: Hired, developed, evaluated, rewarded, and retained a highly qualified team of security professionals. Fostered a culture of innovation, transparency, and accountability.
- Security Operations: Refined metrics and dashboards for managing security effectiveness and for measuring risk reduction efforts to drive continuous improvement. Implemented dev/sec/ops framework to reduce change defects and increase implementation velocity. Assisted IT in achieving 98% success rate on planned changes, and 99.99% uptime. Improved patch testing and automated deployment timelines to decrease risks from vulnerabilities. Implemented next-generation firewalls segmenting client traffic blocking medium, high, and critical threats.
Community Health Systems
Sr. Director, Cybersecurity
January 2016 – October 2018
Led security operations center, threat and vulnerability, and engineering teams responsible proactively identifying and mitigating risks. Utilized incident data to architect, design, and implement monitoring and controls reducing risk of a significant compromise. Key accomplishments were:
- Governance: Chaired the Security and Compliance Governance Committee responsible for security, IT strategy, and execution. Members included CFO, CIO, CISO, CTO, CMIO, General Counsel, and others. Maintained the security risk register mapping risk strategy and driving project creation. Proactive approach led facilitated improved alignment amongst teams and reduced expenditures by managing risks early.
- Security Operations: Implemented an enterprise 24 x 7 security operations center (SOC) to monitor and support applications and infrastructure, reduced operational impact by almost 1,200 events annually.
- Firewall Migration: Successfully migrated 120 firewalls from Cisco to Palo Alto networks. Inserted large, enterprise firewalls between facilities and primary data centers forcing segmentation of traffic.
- Divestures: Represented information security and security design for multiple hospital divestures as CHS reduced its portfolio from 200 hospitals to under 100.
Director, Security and Compliance
October 2012 – January 2016
Managed a growing Information Security Department for an acute care hospital system consisting of 200 hospitals that include Architecture, Engineering, Identity Management, Risk Management, Threat and Vulnerability Management, and Support Services. Key accomplishments were:
- Governance: Aligned Information Security principles through a risk management framework to assess, remediate, and mitigate enterprise risk through the solution delivery lifecycle to support the operations of the business.
- Incident Response: Responsible for coordinating incident response and subsequent controls for a 2014 data breach by a Chinese nation-state threat actor.
- Meaningful Use: Coordinated annual Meaningful Use security compliance audits and remediation of action plans across 200 hospitals and ~5,000 clinics.
- PCI/DSS: Implemented the initial PCI/DSS standards for the storage, transmission, and processing of credit card data.
- Employee Retention: Maintained the highest level of employee satisfaction results across multiple years by developing, coaching, and mentoring young leaders, providing training opportunities to close gaps in career development programs, and conducting routine evaluations.
- Windows XP migration: Led the successful migration of Windows XP to Windows 7 for 70K workstations introducing application rationalization and zero-touch automation to convert 500 machines per day.
- HMA Acquisition: Coordinated with peers to complete a $7.6B acquisition by identifying synergies and consolidating security controls.
Manager, Security and Compliance
July 2010 – October 2012
Managed multiple teams including regulatory compliance, threat and vulnerability, and engineering for a young information security department with 23 direct reports. Key accomplishments were:
- Regulatory Compliance: Identified potential issues, coached IT Directors, and implemented monitoring controls to reduce Sarbanes-Oxley issues identified by CHS internal and external auditors. Controls eliminated all medium, high, and critical SOX findings for a two-year period.
- Software Compliance: Responsible for enterprise software compliance for 70K workstations and 16K servers. Developed a portal to track software entitlements and compare against Microsoft data to reduce unexpected software audit exposure. Negotiated $10M dollar software deals with Microsoft and Oracle.
- Threat and Vulnerability Management: Rebuilt a threat and vulnerability management team who had struggled with a recent penetration test. Subsequently, the team effectively detected multiple unannounced audits reducing finds by 50%, increased security controls, and mitigated low- level malware withing the company.
HCA, Inc. Nashville, Tn.
Team Lead / Threat Engineer Level 4
July 2004 – July 2010
- Incident Response: Led the computer security incident response team (CSIRT) partnering with legal and ethics teams. Participated in uncovering a $3.5M dollar kickback scheme.
- Malware: Identified and responded to network outages resulting from network worm activity; SQL Slammer and Conficker.
- Tool Development: Developed tools to aid in detecting, tracking, and tasking security alerts. Designed and implemented a network packet broker using Cisco switches to replicate traffic to intrusion detection (IDS) devices across data centers and shared service centers. Implemented and tuned WAF, firewalls, and IDS signatures.
- Attack and Penetration Testing: Successfully detected attack and penetration testing over a 4-year span. Recruited and trained security engineers of which several are now security executives. Sr. Technical Analyst, Technical Implementations August 2000 – July 2004 Implemented on-site network changes HCA network including network redesign, frame-relay to ATM migrations, and wireless infrastructure. Developed automation to increase productivity by quickly configuring network equipment reducing defects and decreasing time to configure equipment implementation.
United States Army Reserves / TN Army National Guard
E-6 Staff Sergeant 1992 – 2006
Education and Certifications
Master of Science, Information Security and Assurance
Western Governors University, Millcreek, UT
Bachelor of Science
Middle Tennessee State University, Murfreesboro, TN
