Executive Experience
Vice President, Chief Information Security Officer (2019 – Present)
NTT DATA Services, Plano, Texas
- Accountable for the information security vision and strategy that is aligned to organizational priorities and facilitates the organization’s business goals.
- Drive the direction and lead the execution of all security control technologies, as well as consult on and provide technical consultation for the overall IT strategy and technology solution architecture.
- Provide regular reporting on the status of the Information Security program to enterprise risk teams, senior business leaders, NTT DATA board members, and other NTT operating companies.
- Provide risk-mitigating directives for projects, including the appropriate application of controls.
- Manage information security incidents and events to protect IT assets, intellectual property, regulated data, and the company’s reputation for both corporate and delivery environments.
Selected Accomplishments
- Closely partnered with innovation and delivery teams to ensure strategic digital and cloud offerings are secure by design, have security built into agile and DevOps lifecycles, and are compliant with all international regulations.
- Implemented advanced zero-trust security architecture to ensure only authenticated and authorized assets and users can reach and interact with internal systems and applications from anywhere in the world without the need of traditional VPN technology.
- Designed automated DevOps workflows within security engineering and operations to increase accuracy of changes, deploy changes faster, lower our incident response times, and increase protection of organizational data assets.
- Led IT automation and modernization efforts to streamline employee and asset onboarding, enable remote asset imaging/configuration, provide tools to quickly diagnose and resolve employee IT issues, application self-service to install third-party applications
- Accurate budget and spending forecasting discipline (less than 2% annual variance).
Director, Chief Information Security Officer (2012 – 2018)
American Airlines, Fort Worth, Texas
- Accountable for the Information Security vision and strategy that is aligned to organizational priorities and facilitates the organization’s business goals.
- Drive the direction and lead the execution of all security control technologies, as well as consult on and provide technical consultation for the overall IT strategy and technology solution architecture.
- Provide regular reporting on the status of the Information Security program to enterprise risk teams, senior business leaders, and American Airlines board members.
- Provide risk-mitigating directives for projects, including the appropriate application of controls.
- Manage information security incidents and events to protect IT assets, intellectual property, regulated data, and the company’s reputation for both corporate and delivery environments.
Selected Accomplishments
- Founded the office of the CISO at AA. Drove cyber risk visibility to AA’s board of directors as well as established board-level charter to report quarterly to Audit Committee. Founded and chaired Information Security Council which consisted of executive stakeholders.
- Launched enterprise technology risk and governance processes to align information security capabilities to corporate risk-tolerance levels.
- Executive sponsor and active participant of DevOps initiative at AA including driving a “shift-left” mentality, automation, “governance as code,” and aligning substantial budget and processes to drive transformation.
- Established industry-first penetration testing program focused on IoT, aircraft components, and the aircraft engineering lifecycle to identify and help remediate risks.
- Founder and Board member of Aviation-ISAC, RSA Conference program committee member, numerous Customer Advisory Boards, as well as local DevOps and information security groups.
- Accurate budget and spending forecasting discipline (less than 3% annual variance).
Other Employment Experience
American Airlines – Manager, Network Engineering & Delivery (2012 – 2012)
American Airlines – Manager, Information Security Architecture and Consulting (2011 – 2012)
American Airlines – Principal Architect, Information Security (2009 – 2011)
American Airlines – Senior Architect, Information Security (2007 – 2009)
University of North Texas – Data Center Network and Security Manager (2005 – 2007)
University of North Texas – UNIX & Messaging Systems Administrator (2003 – 2005)
University of North Texas – Information Security Analyst (2002 – 2003)
Tetra Pak – Senior Security, Infrastructure, Network Engineer (2007)
PepsiCo – Help Desk Analyst (2001 – 2002)
Nortel Networks – Financial Analyst (1998 – 2001)
Federal Reserve Bank of Dallas – Bank Research Analyst (1997 – 1998)