Resume

Executive Summary

Multi-Industry Experience

Over 25 years of technology and information security experience in a wide range of regulated industries including healthcare, banking, manufacturing, and the ¬payment card industry.

Innovation

Designed and managed the development of a software platform intended to assist global organizations with measuring, managing, and improving application security through a combination of maturity frameworks, data analytics, and innovative risk management methodologies.

Regional to Global Scale

Recently served as CISO of a fast-growing regional technology and cloud provider, leading the organization up the security and compliance maturity curve. Before this, spent 16 years consulting, bringing technology and security expertise to organizations of all sizes ranging up to Fortune 50 enterprises.

Organizational Leadership

10+ years of leadership experience managing IT and security teams, including strategic planning and P&L responsibilities. Noted ability to clearly convey complex ideas and influence non-technical stakeholders, including boards and executive leaders. Passionate about coaching and developing talent.

Security Thought Leadership

Regularly invited to present at regional, national and international conferences on topics including security metrics, application security program development, and security and privacy regulatory requirements. Regularly publish white papers and blogs, and advocate for development and adoption of OWASP’s Software Assurance Maturity Model.

Experience

HENNEPIN HEALTHCARE (HCMC), MINNEAPOLIS, MN

Director of Information Security

February 2020 – Present

Senior leadership role managing the Information Security & Identity and Access Management teams. Responsible for setting the strategy, KPIs, and execution of multiple cross-functional Information Security initiatives. Accomplishments include:

  • 43% Improvement of the FISA score in 1 year
  • Successfully supported the organization as the Interim-CIO during an organizational realignment
  • Created and operationalized an Ongoing Risk Management Model successfully demonstrating efficacy and efficiency through multiple 3rd party audits
  • Successfully supported Information Security needs via multiple presentations to the Executive Leadership Team and the Board of Directors

CONCORD, HOPKINS, MN (CONTRACTING)

Information Security Architect

March 2019 – February 2020

Provide advisory services focused on Information Security Leadership, Audit Management and Regulatory Compliance, and Application Security.

TRUONIX, MINNEAPOLIS, MN (STARTUP)

Chief Technology Officer / Chief Information Security Officer

February 2018 – March 2019

Responsible for the delivery of all products and services including design of the primary application security management platform:

  • Designed and documented software requirements for the development of the TruRisq application.
  • Hired an offshore team of developers and managed the day-to-day development efforts, bringing the project to a successful production launch.
  • Provided program-level application and information security advisory services to multiple leadership teams for several organizations.

ATOMIC DATA, MINNEAPOLIS, MN

Chief Information Security Officer

July 2015 – February 2018

Responsible for all aspects of information security, privacy and regulatory compliance for this regional technology and cloud provider, growing at 40% per year.

  • Led the organization in passing the SOC audit with zero exceptions for two years in a row after increasing the scope of the audit by 60% to include the entire organization.
  • Built an effective security team, coaching team members to successfully develop new skills and capabilities including Incident Response, Internal Audit, and Insider Threat Detection.
  • Built internal security program into a competitive differentiator in the increasingly commoditized cloud provider space.
  • Led the organization through the security and compliance maturity curve including creating a catalog of security controls, implementing a data classification model, deploying a GRC solution, establishing meaningful security metrics, and creating security policies and incident response procedures.

NETSPI, MINNEAPOLIS, MN

Compliance & Advisory Practice Lead

August 2008 – July 2015

Managed Audit and Compliance Advisory consulting practices, focusing on building organizational programs to support security and compliance needs.

  • Developed an application security prioritization framework, leveraging generally accepted risk management practices and the OWASP SAMM model, enabling many organizations to benefit from this open source offering. Trained multiple organizations to apply it.
  • Developed an application security roadmap for one of the top 5 banks in North America, enabling measurement, management, and prioritization of application security risks.
  • Performed threat, security, risk and compliance gap assessments (HIPAA, DEA EPCS, PCI, NIST, and ISO); helped teams understand the nature of any compliance gaps and advised on remediation plans.
  • Frequently invited to speak to executive leaders at clients’ organizations due to noted ability to explain technical challenges and opportunities and influence non-technical stakeholders, including Boards of Directors.

CHRISTENSEN FARMS, SLEEPY EYE, MN

Director of IT

July 2006 – January 2008

Responsible for all aspects of Information Technology for this midsize agricultural company. Responsibilities included setting IT strategy, managing IT team and maintaining fiscal responsibility.

  • Built an efficient, dynamic and agile team through regular team operating mechanisms and coaching in order to support the company’s growth.
  • Created a disaster recovery strategy to comply with the results of the Business Impact Analysis, ensuring recovery time objectives support business needs.
  • Increased organization’s security posture via performing HR/Payroll System Controls analysis, performing a complete security assessment of every system, and designed a secure, tiered network architecture in the company headquarters.

LBL TECHNOLOGY PARTNERS, MINNEAPOLIS, MN

Manager / Sr. Consultant

January 2000 – July 2006

COMPUWARE, BLOOMINGTON, MN

Sr. Network / Systems Engineer

August 1998 – January 2000

SOLUTION DESIGN GROUP, BLOOMINGTON, MN

Sr. Network / Systems Engineer

April 1997 – August 1998

AEROTEC, BLOOMINGTON, MN

Network / Systems Engineer

September 1996 – January 1997

Education

REGIS UNIVERSITY, DENVER, CO###

B.S., MANAGEMENT INFORMATION SYSTEMS

Concentration in Information Security

Suma Cum Laude - 3.954 GPA

Inactive Certifications1

CIDSP, CSSLP, CISM, CISA, HITRUST Practitioner, PCIP, QSA

Speaking Engagements

  • Secure360 Conference (2010, 2011, 2012, 2014, 2016, 2017, 2018, 2019)
  • Cyber Security Summit (2019)
  • International Open Security Summit (2015, 2017, 2018, 2019)
  • MN ISACA Chapter (2014, 2017, 2018)
  • MN OWASP Chapter (2014,2017, 2018, 2019)
  • MN ISSA Chapter (2014, 2018)
  • USIGCON14 (2018)
  • National HITRUST Conference (2012)
  • Regional ISC2 Conference (2012)
  • NY OWASP Chapter (2012)

Professional Associations

ISC2, ISACA, OWASP, ISSA


  1. COVID-19 Pandemic made maintaining CPEs for all certifications nearly impossible ↩︎