Over 25 years of technology and information security experience in a wide range of regulated industries including healthcare, banking, manufacturing, and the ¬payment card industry.
Designed and managed the development of a software platform intended to assist global organizations with measuring, managing, and improving application security through a combination of maturity frameworks, data analytics, and innovative risk management methodologies.
Regional to Global Scale
Recently served as CISO of a fast-growing regional technology and cloud provider, leading the organization up the security and compliance maturity curve. Before this, spent 16 years consulting, bringing technology and security expertise to organizations of all sizes ranging up to Fortune 50 enterprises.
10+ years of leadership experience managing IT and security teams, including strategic planning and P&L responsibilities. Noted ability to clearly convey complex ideas and influence non-technical stakeholders, including boards and executive leaders. Passionate about coaching and developing talent.
Security Thought Leadership
Regularly invited to present at regional, national and international conferences on topics including security metrics, application security program development, and security and privacy regulatory requirements. Regularly publish white papers and blogs, and advocate for development and adoption of OWASP’s Software Assurance Maturity Model.
HENNEPIN HEALTHCARE (HCMC), MINNEAPOLIS, MN
Director of Information Security
February 2020 – Present
Senior leadership role managing the Information Security & Identity and Access Management teams. Responsible for setting the strategy, KPIs, and execution of multiple cross-functional Information Security initiatives. Accomplishments include:
- 43% Improvement of the FISA score in 1 year
- Successfully supported the organization as the Interim-CIO during an organizational realignment
- Created and operationalized an Ongoing Risk Management Model successfully demonstrating efficacy and efficiency through multiple 3rd party audits
- Successfully supported Information Security needs via multiple presentations to the Executive Leadership Team and the Board of Directors
CONCORD, HOPKINS, MN (CONTRACTING)
Information Security Architect
March 2019 – February 2020
Provide advisory services focused on Information Security Leadership, Audit Management and Regulatory Compliance, and Application Security.
TRUONIX, MINNEAPOLIS, MN (STARTUP)
Chief Technology Officer / Chief Information Security Officer
February 2018 – March 2019
Responsible for the delivery of all products and services including design of the primary application security management platform:
- Designed and documented software requirements for the development of the TruRisq application.
- Hired an offshore team of developers and managed the day-to-day development efforts, bringing the project to a successful production launch.
- Provided program-level application and information security advisory services to multiple leadership teams for several organizations.
ATOMIC DATA, MINNEAPOLIS, MN
Chief Information Security Officer
July 2015 – February 2018
Responsible for all aspects of information security, privacy and regulatory compliance for this regional technology and cloud provider, growing at 40% per year.
- Led the organization in passing the SOC audit with zero exceptions for two years in a row after increasing the scope of the audit by 60% to include the entire organization.
- Built an effective security team, coaching team members to successfully develop new skills and capabilities including Incident Response, Internal Audit, and Insider Threat Detection.
- Built internal security program into a competitive differentiator in the increasingly commoditized cloud provider space.
- Led the organization through the security and compliance maturity curve including creating a catalog of security controls, implementing a data classification model, deploying a GRC solution, establishing meaningful security metrics, and creating security policies and incident response procedures.
NETSPI, MINNEAPOLIS, MN
Compliance & Advisory Practice Lead
August 2008 – July 2015
Managed Audit and Compliance Advisory consulting practices, focusing on building organizational programs to support security and compliance needs.
- Developed an application security prioritization framework, leveraging generally accepted risk management practices and the OWASP SAMM model, enabling many organizations to benefit from this open source offering. Trained multiple organizations to apply it.
- Developed an application security roadmap for one of the top 5 banks in North America, enabling measurement, management, and prioritization of application security risks.
- Performed threat, security, risk and compliance gap assessments (HIPAA, DEA EPCS, PCI, NIST, and ISO); helped teams understand the nature of any compliance gaps and advised on remediation plans.
- Frequently invited to speak to executive leaders at clients’ organizations due to noted ability to explain technical challenges and opportunities and influence non-technical stakeholders, including Boards of Directors.
CHRISTENSEN FARMS, SLEEPY EYE, MN
Director of IT
July 2006 – January 2008
Responsible for all aspects of Information Technology for this midsize agricultural company. Responsibilities included setting IT strategy, managing IT team and maintaining fiscal responsibility.
- Built an efficient, dynamic and agile team through regular team operating mechanisms and coaching in order to support the company’s growth.
- Created a disaster recovery strategy to comply with the results of the Business Impact Analysis, ensuring recovery time objectives support business needs.
- Increased organization’s security posture via performing HR/Payroll System Controls analysis, performing a complete security assessment of every system, and designed a secure, tiered network architecture in the company headquarters.
LBL TECHNOLOGY PARTNERS, MINNEAPOLIS, MN
Manager / Sr. Consultant
January 2000 – July 2006
COMPUWARE, BLOOMINGTON, MN
Sr. Network / Systems Engineer
August 1998 – January 2000
SOLUTION DESIGN GROUP, BLOOMINGTON, MN
Sr. Network / Systems Engineer
April 1997 – August 1998
AEROTEC, BLOOMINGTON, MN
Network / Systems Engineer
September 1996 – January 1997
REGIS UNIVERSITY, DENVER, CO###
B.S., MANAGEMENT INFORMATION SYSTEMS
Concentration in Information Security
Suma Cum Laude - 3.954 GPA
CIDSP, CSSLP, CISM, CISA, HITRUST Practitioner, PCIP, QSA
- Secure360 Conference (2010, 2011, 2012, 2014, 2016, 2017, 2018, 2019)
- Cyber Security Summit (2019)
- International Open Security Summit (2015, 2017, 2018, 2019)
- MN ISACA Chapter (2014, 2017, 2018)
- MN OWASP Chapter (2014,2017, 2018, 2019)
- MN ISSA Chapter (2014, 2018)
- USIGCON14 (2018)
- National HITRUST Conference (2012)
- Regional ISC2 Conference (2012)
- NY OWASP Chapter (2012)
ISC2, ISACA, OWASP, ISSA
COVID-19 Pandemic made maintaining CPEs for all certifications nearly impossible ↩︎