Mentor Profile

Bio

Currently I work for AccelerEd, which is a managed service provider for University of Maryland Global Campus (UMGC). I am the senior director of information security handling all cyber security for both AccelerEd and UMGC.

Some of my responsibilities cover the following:
Leadership

Responsible for the information security program. Provide guidance and counsel to the CIO and members of the IT leadership team. Work with appropriate personnel to oversee the operation of a business wide information security organization. Develop and maintain information security budgets, personnel, including hiring, training, development and performance management. Work with IT governance committees in defining policy and program direction for the business that addresses compliance requirements and cybersecurity risk.

Policy, Compliance and Audit

Lead the development and implementation of effective policies, standards, and guidelines to secure protected and sensitive data. Aligns the information security program with relevant compliance requirements from industry, local, state, and federal legislation. Lead efforts to internally assess, evaluate and make recommendations to executive management regarding the adequacy of the security controls. Coordinate, respond, and track all information technology and security related audits. Coordinate research computing security needs with stakeholders in the research community, including research containing sensitive or controlled unclassified information.

Outreach, Education and Training

Work closely with the executive management, academic leaders, administrative leaders, and the overall community on a wide variety of security issues. Maintains currency of knowledge of security threats and threat actor practices, intelligence and industry experiences, and developments in effective mitigation tools and practices. Lead education and awareness programs and advise operating units on all levels on security issues, best practices, and vulnerabilities. Work with IT leadership to build awareness and a sense of common purpose around security. Establish training programs for constituents to recognize cyber threats and respond appropriately.

Risk Management and Incident Response

Keep abreast of security incidents as they occur and act as primary control point during significant information security incidents. Continue to manage the Computer Incident Response Team (CIRT) as needed, or requested, in addressing and investigating security incidences that arise. Supervise efforts to develop and implement technical security standards and security tool sets that will address and mitigate security risk, protect data and assets, detect and respond to security incidents. Facilitate the development and sustainment of a Security Operations Center that monitors security architecture and tools for alerts to quickly respond to potentially malicious events or incidents. Assist risk management team with cybersecurity insurance renewals and processes. Develop overall risk metrics, reporting, key performance indicators, and dashboards to communicate cyber risk to senior leadership and IT governance committees

Prior Experience