Sign in

Information Security Customer Service

Danville, California, 94526, United States
September 12, 2018

Contact this candidate



Chief Information Security Officer (CISO)

Master Strategist and IT Leader builds robust IT systems, processes, and practices to mitigate risk, improve IT service delivery, and enhance operational efficiency; drives the transformation of IT to be a highly responsive and responsible organization. Establishes focus on effective governance, organizational transparency, visibility into IT costs and value, and long-term planning, with the use of performance metrics to aid in decision-making.

Graciously and with good humor, guided the organization through the turmoil of the trial and conviction of an insider threat and subsequent rebuilding of the infrastructure.


Nissan North America, Mountain View July, 2017 – Present

Chief Information Security Architect July, 2017 – Present

Promoted to Chief Information Security Architect in July 2017. Role included all previous duties and added responsibility for oversight of Privacy and Security Architectures for Customer Finance Groups, Nissan Mexico, Customer Facing systems and applications, Nissan Canada, manufacturing and connected vehicles, application development projects.

Challenge: Create a Secure Development Lifecycle

Established program to manage secure development of applications and infrastructure

Rolled out companywide amongst all North American and Latin American regions

Leveraged NIST 2018 Framework and OWASP ASVS controls to establish an objective set of security requirements.

Challenge: Ensure that technical privacy standards and regulations are met

Worked with other business areas to develop a systematic review of data and guide business owners in proper categorization of the data.

Worked with Purchasing Organization to ensure that all of the privacy requirements are met by third party vendors

Standards include EU’s GDPR, New York Department of Financial Services Cybersecurity Law, Canada’s PIPEDAHIPPA, and other regulations that apply to Nissan’s Business concerns in the United States, Canada, and Latin America.

Challenge: Create a training and awareness program for Privacy

Established a program overview and syllabus

Working with IS staff to form the program and target training to the technical audience

Nissan North America, Sunnyvale, CA June, 2016 – July, 2017

Sr. Information Security Officer June, 2016 – July, 2017

Took the new role of Sr. Information Security Officer for the Vehicle Security Group within the Information Security function. Role includes assisting in the development of the new Vehicle Security Program.

Challenge: Create a training and awareness program for vehicle security

Established a program overview and syllabus

Working with engineering staff to form the program and target training to the engineering audience

Challenge: Develop a secure design and coding standard

Establish a secure design and coding standard following industry best practices

Challenge: Develop Reporting and communications for all organizational levels

Develop standardized reporting program that communicates and reports group team results and information to all organizational levels

Challenge: Partner and Third Party integration

Develop standards for vendors and suppliers to follow when providing electronic devices to Nissan

Work with Nissan Legal and Procurement to ensure standards are followed and provided for in the contract language

Monitor to make sure supply chain for electronic units is safe

Challenge: Digital Forensics

Establish a vehicle Incident Response plan for the management of incidents relating to consumer facing products

Provide digital forensic support

California Water Service, San Jose, CA April 2014 – June, 2016

IT Security and Compliance Manager April 2014 – Present

Took on the challenging role as the first IT Security Manager for the California Water Service, CalWater. Manage two existing staff and all IT Security and Compliance for CalWater technology assets including Corporate Network, Applications, SCADA, and Data Centers across 31 districts in 4 states. Budget of $5M over 3 years.

Challenge: Create an IT Security Program Strategy

Established a governance structure to manage development and implementation of a security program

Create 5 year IT Security Roadmap with tactical delivery plans

Challenge: Implement new IT Training Program and Policies

Visited all 31 districts to roll out security training for all employees with SANS Securing the Human Training for all employees.

Implemented new controls around software installation, personal use of company technology assets, and incident management.

Created Application Security Review process to review and test applications for security.

Revamped Security Architecture to use newer more modern tools including IPS/IDS, DLP, and Log Aggregation

Challenge: Disaster Recovery and Business Continuity

Created DR/BCP Steering Committee for IT Recovery.

Worked with Emergency Operations and Corporate Safety to integrate IT and technology into the CWS Emergency Plans and Operations Center.

Implemented an outside logistics services contract for emergency office space, fuel, transportation, and communications for the entire company.

Challenge: Build an Incident Response Team and Incident Response Plan

Wrote the corporate Incident Response Plan with flow charts to direct staff in immediate response.

Created Incident Response Contract with outside vendor for large-scale response.

Created quarterly Incident Response Exercises held with IT staff, IT Managers, Legal, Corporate Communications, and Emergency Response and Safety Department.

Implemented Incident Response Continuity Plan for all critical systems so business operations can continue in a major incident.

City and County of San Francisco, Department of Technology, San Francisco, CA June 2005 – April 2014

Chief Information Security Officer and Director of Disaster Recovery Projects August 2010 – April 2014

Promoted to a new role as City’s first CISO with oversight of all IT security city wide with a $3.5M budget and a 13-member security team. Restructured IT security budget with a 5-year budget projection to align with City’s ICT plan; includes consolidation of IT security monitoring solutions and reduction of city wide redundant systems footprint by 30%. Defined and executed a multiyear, strategic initiative to transform the IT organization.

Challenge: Create an IT Security Governance Program.

Established a governance structure to manage development and implementation of a security architecture, as well as policies and procedures.

Formed and chaired City wide Security Working Group, a vital communications platform to discuss IT security policy, new technologies, and direction of enterprise IT security. Seated member of IT Governance Council’s (aka COIT) performance subcommittee to review IT projects and create new IT security policies.

Established IT performance metrics with action plans for deviations from expectations.

Managed and coordinated installation of security plans with vendors, administrators, users, programmers, analysts, and engineering staff.

Challenge: Provide greater visibility into City’s networks by monitoring and controlling network traffic, with a cohesive and consolidated view into all systems.

Worked with CIO to set clear ground rules that delivered an enterprise monitoring solution that met department’s need for minimal disruption and cost, and complied with labor union’s privacy regulations.

After a successful Proof of Concept (POC), engaged vendor to install Splunk Enterprise Security solution. Deployed tools that included a Security Event and Information System (SEIM), Solar Winds Monitoring System, Palo Alto firewalls, and a TippingPoint IPS.

Led team to build a security dashboard for efficient monitoring.

Customer Service Division: Serving as interim Director (2010–2013) for new Customer Service Division, including Project Management Office, customer service desk, applications, and database administration. Responsible for additional staff (40+) and budget of $11M.

Challenge: Provide a transparent view of IT services, service rates, and service engagement process.

Defined and categorized charge-back services through a master SLA. Worked with business stakeholders to create a structured approval process for finite and ongoing services.

Led team to deliver an ITIL-based service structure, with the Service Catalog (SC) synchronized with the City’s budget process. Enabled IT staff to consistently scope projects and services.

Along with CFO, met with each of the 67 client departments to ensure understanding of delivery structure.

Implemented and managed Project Management Office and PMO Standard.

Challenge: Implement Application Development Lifecycle, Policies and Procedures.

Defined and cataloged the departments supported applications.

Created standards for Code Development that used the Software Development Lifecycle.

Included code formatting.

Offsite Code safe.

Implemented code review process.

Security and Engineering Manager March 2008 – August 2010

Led 20+ staff, with a $6.5M budget, in support of over 300 enterprise server systems, including financial systems, public safety systems, and directory services. Responsible for all networks and systems architecture, and the security of City wide networks and systems.

Challenge: Secure City’s vulnerable network after a much publicized insider threat.

Assumed a highly-visible leadership position in the publicly debated case, People V. Terry Childs.

Worked with the SFPD, the District Attorney, and the Secret Service to collect evidence, and forensically examine systems and networks. Prepared staff for court testimony.

Ran incident-command and network recovery, and took over management of the network operations center and network engineering.

Completed an end-to-end infrastructure assessment, restructured all engineering functions, and conducted penetration and vulnerability testing of all networks and systems.

Challenge: Re-architect the City’s IT networks to gain efficiency in network management, to increase performance, and to minimize the risk of further politically embarrassing incidents.

Led network and systems engineering team to redesign core infrastructure to create a true carrier-class MPLS network, and to collapse and remove network redundancies.

Worked with systems team to architect a private VMware cloud architecture and to virtualize all 300 servers to a Cisco/EMC Vblock system. Reduced Oracle spend on licensing by $550K/year.

Negotiated with vendors for substantial discounts or structured payments over time.

Challenge: Mitigate risk by gaining control of sensitive information released for Freedom of Information requests.

Collaborated with senior management to develop a consistent and well-defined process that maintained confidential data, with 100% compliance no data mishaps since inception.

Senior IS Engineer June 2005 – March 2008

Managed 3 staff members in support of over 200 enterprise-level servers, with highly-sensitive data. Designed systems security and an architecture that complied with SDLC project standards and CA Dept of Justice security requirements.

Selected to manage a high-visibility project for a law enforcement system to monitor gunshot activity. Overcame issue of complex logistics for wireless sensors and base station locations.

Led the build of a separate, fiber network for the system and created a private network back to the servers and monitoring system. Beat launch deadline with a well-received system.

Became an Active Directory and Citrix expert, during implementation of a case-management system for 5 criminal justice departments to communicate and share information. With minimal training and no vendor support, successfully completed project (with one other engineer) for a system still in use 5 years later.

Developed a new recovery procedure for hot site in a virtualized VMware environment that reduced recovery time by over 60%, with zero failures.

Created the Citywide SharePoint Environment with Project Management Server. Programmed all workflows and on-line forms used by the site in visual basic. Managed the site from inception through three upgrades and managed to migrate the City’s intranet to the SharePoint environment.

Contra Costa County Clerk-Recorder, Martinez, CA June 1999 – June 2005

Network Technician I/II

Managed IT staff, budget ($1.5M), and all departmental IT functions for 150+ users. Responsible for IT security, including creation and maintenance of Business Continuity Planning (BCP) and Disaster Recovery (DR) plans.

Created organizational units to enforce a tiered user security policy structure. Developed, obtained approval, and monitored compliance to security policies, standards, guidelines, and procedures.

Participated in IT Security Committee to develop county wide security policies later adopted by California County Information Services Directors Association (CCISDA) as “Best Policies”.

Created and taught Computer Security Course to over 200 users with a course curriculum that was later adopted by other county departments as part of the new hire package.

Allied Signal/Honeywell, Livermore, CA November 1997 – June 1999

Electronics Technician III

Assigned to Lawrence Livermore National Laboratory. Held U.S. Department of Energy Security Clearance.


ISC2 Certified Information Systems Security Professional (CISSP) #118611

ISACA Certified in Risk Information Systems Control (CRISC) Certification #1110134

IAPP Certified Information Privacy Professional – United States

SANS GIAC Certified Incident Handler (GCIH)

CLETS Clearance through SF Police Department and SF Sheriff

Superior Court of California, County of San Francisco, Certified Expert Witness in Network Security and Network Connectivity

Department of Homeland Security, Continuity of Operations (COOP) Certified Planner and Trainer

FEMA ICS Command Trained

IACRB Certified SCADA Security Architect


B.S., Bachelor of Science in Information Technology, University of Phoenix, Walnut Creek, CA, 2004

G.P.A. 3.98/4.0, Graduated with Honors

A.A.S, Electronics Technology, Heald Institute of Technology, Martinez, CA, 1996

G.P.A. 3.96/4.0, Graduated with Honors

Contact this candidate