Principal Consultant | CISSP
With over 15 years of experience in Governance, Risk, and Compliance (GRC), I help organizations protect their most critical assets while meeting regulatory and business requirements. My approach is straightforward: cut through the jargon, focus on what matters, and deliver security programs that actually work.
Areas of Depth
While I serve clients across industries, my deepest experience lies in:
- Healthcare: HIPAA, HITECH, patient data privacy, and electronic health record security.
- Energy & Utilities: NERC CIP and critical infrastructure protection.
These are high-stakes environments where security failures have real-world consequences. That perspective shapes how I approach every engagement, regardless of industry.
Credentials
- CISSP (Certified Information Systems Security Professional)
- 15+ Years in GRC across healthcare, energy, and enterprise environments
- Team Lead experience managing cross-functional security initiatives
- Specializations: Risk Assessment, Compliance Readiness, Policy Development, Incident Response Planning, Vendor Risk Management, Supply Chain Risk Management
My Philosophy
I believe security is a continuous process, not a checkbox. Transparency, pragmatism, and collaboration are the foundation of every engagement. If you want the full story behind how I approach this work, check out my Ethos page.
Giving Back
I actively mentor newcomers to the cybersecurity field because the next generation of defenders needs guides, not gatekeepers.
Outside of Work
When I’m not analyzing risk matrices, you’ll find me playing Magic: The Gathering, competing in security Capture the Flag tournaments, or tinkering with open-source tools and privacy-preserving technologies.
Let’s Connect
I’m always happy to discuss cybersecurity challenges or how we can strengthen your organization’s defenses.