Track Record

Outcomes

Measurable results delivered across regulated financial institutions, fintech platforms, and digital infrastructure โ€” spanning risk reduction, AI-driven security, agentic AI automation, and regulatory compliance.

92%
Phishing Reduction
Enterprise-wide awareness program; measured against pre-program baseline over 12 months.
95%
Vuln SLA Improvement
Sev 4โ€“5 vulnerabilities past SLA reduced month-over-month via risk-prioritized remediation.
85%
Privacy Incident Reduction
AI-driven endpoint security reduced accidental data exposure across a 1,200+ endpoint environment. ๐Ÿค– AI
60%
MTTR Reduction
Mean time to detect and respond to technology risk events, post incident response framework overhaul.

AI-Driven Security Outcomes

๐Ÿค– AI-Powered
85%
Endpoint Privacy Incidents โ†“
Deployed AI-driven behavioral detection across all user endpoints at DMT. Privacy incidents and accidental data exfiltration dropped 85% within 90 days of deployment.
<4hr
AI Threat Detection Latency
AI-augmented SOC workflows reduced average time from alert trigger to analyst-verified finding from 18 hours to under 4 hours across tier-1 and tier-2 incidents.
3ร—
Analyst Coverage Multiplier
AI triage and auto-classification of security events allowed a lean SOC team to effectively monitor 3ร— the prior alert volume without headcount expansion.

AI Governance Track Record

AI Policy
Authored enterprise AI Governance Policy (v2) covering tiered risk classification, acceptable use, incident response, and third-party AI vendor evaluation โ€” aligned to NIST AI RMF and emerging SEC AI disclosure expectations.
AI Risk
Evaluated and risk-scored AI security vendors (including behavioral analytics and LLM-integrated tooling) against regulated financial services risk thresholds โ€” operationalizing AI risk management before it became a regulatory mandate.
AI Agents
Developed enterprise accountability framework for AI agents and MCP (Model Context Protocol) integrations โ€” addressing the orchestration layer gap before industry standards emerged. Presented to executive leadership as a board-level risk topic.

Agentic AI & Automation Delivery

๐Ÿค– AI-Powered

Recent work at Dark Matter Technologies building and governing production agentic-AI systems on AWS Bedrock AgentCore โ€” designed to augment the security and operations teams rather than replace them, with cost discipline built in from the start.

12
Deputy-CISO Workflows Automated
Designed and deployed an agentic "DCISO" skill on AWS Bedrock AgentCore encoding 12 deputy-CISO-grade workflows โ€” from control mapping to evidence collection โ€” under an explicit "augment, don't replace" operating model presented to the Business Operations Committee.
~$1M
Annual Vendor Spend Reduction
Led vendor rationalization across an ~$11M security tooling portfolio โ€” consolidating overlapping controls and renegotiating contracts to remove roughly $1M in annual spend while preserving coverage.
RFP
Automated Response Engine
Built an AI security-questionnaire and RFP responder integrated with Freshdesk and a curated internal evidence library โ€” drafting accurate first-pass responses from approved source material and removing repetitive manual questionnaire work from the security team.

Agentic AI & Automation Track Record

AI Agents
Architected a Vendor Risk Assessment Agent on Microsoft Copilot Studio and Power Automate โ€” automating intake, control evaluation, and risk scoring for third-party reviews, while retaining human-in-the-loop sign-off for final risk decisions.
GRC Automation
Built a ZenGRC connector integration for automated vendor renewal tracking โ€” replacing spreadsheet-driven renewal management with live, system-of-record visibility into contract timelines and third-party risk status.
Secure Architecture
Led the security review and reference architecture for the Bedrock AgentCore โ†” Empower LOS integration โ€” defining sandbox/VPC isolation, least-privilege IAM, and action guardrails for agents operating against a regulated loan-origination platform.
Cloud Modernization
Designed the migration of the corporate web platform from WordPress to an AWS-native headless CMS โ€” including an authenticated client-access tier built on Ping Identity and Amazon Cognito for secure document and resource sharing.

Risk Reduction & Resilience

Vulnerability Management
95%
SLA Adherence Improvement
Built risk-prioritized vulnerability management program at Black Knight. Sev 4โ€“5 findings past SLA reduced 95% month-over-month. Program scaled across 150+ team members and 40+ annual audits.
Incident Response
60%
MTTR Reduction
Redesigned incident response and issue management framework. Mean time to detect and respond reduced 60%, with structured escalation paths to the Board Risk Committee on Key Risk Indicators.
Cloud Migration
0
Data Breaches During AWS Migration
Governed full enterprise migration to AWS at Black Knight โ€” including digital customer journeys, API ecosystems, and cloud infrastructure โ€” achieving zero data breaches following AWS Well-Architected risk principles.
Data Loss Prevention
DLP
Deployed Across All Channels
Designed and deployed enterprise DLP solution covering endpoints, email, and cloud environments at DMT. Integrated with SOC for real-time exfiltration alerting across all digital channels.

Identity, Access & Supply Chain

IAM Framework
Dark Matter Technologies
Led design and deployment of an enterprise IAM framework with least-privilege principles, RBAC, and automated provisioning. Eliminated standing access for privileged roles and reduced identity-related risk findings by over 70% in the first compliance review cycle.
Third-Party Risk
DMT & Q2 Banking
Integrated vendor monitoring directly into SOC operations at both DMT and Q2, providing continuous real-time visibility into third-party risk posture. Replaced point-in-time questionnaire reviews with ongoing behavioral and telemetry-based assessments.
Supply Chain Security
Black Knight
Established supply chain risk controls aligned to NIST SP 800-161 across a vendor ecosystem supporting SaaS platforms serving the VA and major financial institutions. Maintained clean audit posture across 40+ annual SOC 2 Type II and PCI DSS assessments.

Regulatory & Compliance Performance

40+
Audits Per Year
SOC 2 Type II and PCI DSS audits led annually at Black Knight โ€” zero material findings escalated to remediation failure.
5
Regulators Managed
OCC, FDIC, FRB, VA, and state-level examiners โ€” across banking and federal agency client obligations.
4
Frameworks Implemented
NIST SP 800-53, NIST RMF, PCI DSS, and ISO 27001 โ€” operationalized across enterprise environments, not just documented.

Regulatory Examination Track Record

โœ“ Zero enforcement actions across 12+ years of OCC/FDIC examinations at First Federal Bank
โœ“ FISMA compliance maintained for VA-facing SaaS platforms over a 10-year period at Black Knight
โœ“ NIST RMF standards enforced for federal agency partners at DMT; clean third-party audit cycle
โœ“ PCI DSS scope reduction achieved through architecture redesign, reducing cardholder data environment surface by ~40%
โœ“ GDPR and CCPA readiness programs implemented across global digital platforms
โœ“ Board Risk Committee KRI reporting delivered quarterly โ€” forward-looking, decision-grade risk intelligence

Team & Program Scale

150+
Team Built & Led
Global risk and security professionals across Black Knight โ€” including SOC, AppSec, GRC, and third-party risk functions.
$21M
Budget Managed
Annual security program budget at Black Knight โ€” allocated across tooling, staffing, compliance, and strategic initiatives.
25+
Years in Security
From CIO at a regulated community bank to CISO at publicly traded fintech โ€” across the full arc of modern financial services security.
3
CISO/CRISO Roles
Black Knight, Q2 Digital Banking, and Dark Matter Technologies โ€” each in highly regulated, complex technology environments.