About Me

Security and Technology Expertise: Over 20 years of information security leadership, management, and innovation. Active member of information security community and recognized information security thought leader.

Proven Leadership: Outcome-based servant leader that helps team members achieve goals. Demonstrated success in steering organizations through security issues, mergers and acquisitions, and shifts in technology.

Effective Governance: Demonstrated success of compliance programs for regulatory regimes including: GDPR, PCI DSS, HIPAA, SOX, J-SOX, TISAX, NIST 800-53, as well as ISO and NIST frameworks.

Articulate Communicator: Board ready dynamic and energetic personality with excellent written and verbal communication skills honed by years of board presentations, internal town halls, and public speaking engagements.


Latest News

Blog

Toots

  • Brief #introduction: >10 years >20 years I am a pragmatic security executive. I enjoy #whiskey, #bbq, #reading and listing to that feature an eclectic mix of history, philosophy, sci-fi, and #management books. I mainly play story-driven #RPG (like #Witcher), #Destiny2, #NoMansSky, and #Minecraft. Interests/expertise includes: #Governance #Tech #Economics #Philosophy #History […]

Executive Experience

Vice President, Chief Information Security Officer (2019 – Present)
NTT DATA Services, Plano, Texas

  • Accountable for the information security vision and strategy that is aligned to organizational priorities and facilitates the organization’s business goals.
  • Drive the direction and lead the execution of all security control technologies, as well as consult on and provide technical consultation for the overall IT strategy and technology solution architecture.
  • Provide regular reporting on the status of the Information Security program to enterprise risk teams, senior business leaders, NTT DATA board members, and other NTT operating companies.
  • Provide risk-mitigating directives for projects, including the appropriate application of controls.
  • Manage information security incidents and events to protect IT assets, intellectual property, regulated data, and the company’s reputation for both corporate and delivery environments.

Selected Accomplishments

  • Closely partnered with innovation and delivery teams to ensure strategic digital and cloud offerings are secure by design, have security built into agile and DevOps lifecycles, and are compliant with all international regulations.
  • Implemented advanced zero-trust security architecture to ensure only authenticated and authorized assets and users can reach and interact with internal systems and applications from anywhere in the world without the need of traditional VPN technology.
  • Designed automated DevOps workflows within security engineering and operations to increase accuracy of changes, deploy changes faster, lower our incident response times, and increase protection of organizational data assets.
  • Led IT automation and modernization efforts to streamline employee and asset onboarding, enable remote asset imaging/configuration, provide tools to quickly diagnose and resolve employee IT issues, application self-service to install third-party applications
  • Accurate budget and spending forecasting discipline (less than 2% annual variance).

Director, Chief Information Security Officer (2012 – 2018)
American Airlines, Fort Worth, Texas

  • Accountable for the Information Security vision and strategy that is aligned to organizational priorities and facilitates the organization’s business goals.
  • Drive the direction and lead the execution of all security control technologies, as well as consult on and provide technical consultation for the overall IT strategy and technology solution architecture.
  • Provide regular reporting on the status of the Information Security program to enterprise risk teams, senior business leaders, and American Airlines board members.
  • Provide risk-mitigating directives for projects, including the appropriate application of controls.
  • Manage information security incidents and events to protect IT assets, intellectual property, regulated data, and the company’s reputation for both corporate and delivery environments.

Selected Accomplishments

  • Founded the office of the CISO at AA. Drove cyber risk visibility to AA’s board of directors as well as established board-level charter to report quarterly to Audit Committee. Founded and chaired Information Security Council which consisted of executive stakeholders.
  • Launched enterprise technology risk and governance processes to align information security capabilities to corporate risk-tolerance levels.
  • Executive sponsor and active participant of DevOps initiative at AA including driving a “shift-left” mentality, automation, “governance as code,” and aligning substantial budget and processes to drive transformation.
  • Established industry-first penetration testing program focused on IoT, aircraft components, and the aircraft engineering lifecycle to identify and help remediate risks.
  • Founder and Board member of Aviation-ISAC, RSA Conference program committee member, numerous Customer Advisory Boards, as well as local DevOps and information security groups.
  • Accurate budget and spending forecasting discipline (less than 3% annual variance).

Other Employment Experience

American Airlines – Manager, Network Engineering & Delivery (2012 – 2012)
American AirlinesManager, Information Security Architecture and Consulting (2011 – 2012)
American AirlinesPrincipal Architect, Information Security (2009 – 2011)
American AirlinesSenior Architect, Information Security (2007 – 2009)
University of North TexasData Center Network and Security Manager (2005 – 2007)
University of North TexasUNIX & Messaging Systems Administrator (2003 – 2005)
University of North TexasInformation Security Analyst (2002 – 2003)
Tetra PakSenior Security, Infrastructure, Network Engineer (2007)
PepsiCo Help Desk Analyst (2001 – 2002)
Nortel NetworksFinancial Analyst (1998 – 2001)
Federal Reserve Bank of DallasBank Research Analyst (1997 – 1998)


Education & Relevant Certifications

MS Information Technology ManagementUniversity of North Texas – 2003
BBA Finance University of North Texas – 2000
BBA EconomicsUniversity of North Texas – 2000

Certified Information Systems Security Professional (CISSP)


Volunteer & Advisory Experience

Aviation Information Sharing Analysis Center – Co-Founder & Member, Board of Directors
RSA Conference – Advisory Committee, CISO Boot Camp Governing Board, ESAF
mWISE Conference – Advisory Committee
North Texas Performing Arts – Member, Board of Directors
Tanium Advisory Board
Zscaler Advisory Board
Microsoft Advisory Board
Oracle Advisory Board
CloudVector Advisory Board
Agari Advisory Board
Trend Micro Advisory Board
Fortify Advisory Board
CA Advisory Board
HPE/HP/EDS Advisory Board


Selected Public Speaking

Making the Shift to Zero Trust – RSA Conference ESAF
Master of Ceremony, opening and closing keynote speaker, panel participant – RSA Conference CISO Boot Camp
How-To for Innovators and Entrepreneurs – RSA Conference
ROAD to DevSecOps – DevOps Days San Francisco & Austin
ROAD to Rugged DevOps – RSA Conference DevOps Connect
Clear Skies: American Airlines’ Journey Toward Connectivity in the Clouds – Global CIO Summit
Securing Critical Infrastructure & the Internet of Things – Dallas CISO Summit
Mergers & Acquisitions: Where do CISOs Fit In? – Global CISO Summit
Security Architect Survival Guide – Security B-Sides Conference
Back to Basics – Security B-Sides Conference


Awards & Recognition

Dallas 500 – D Magazine – 2018
Member, Technical Staff – American Airlines Global IT – 2009