My career spans over two decades across security architecture, engineering, operations and governance roles in both enterprise and MSP environments. Early experiences integrating security into infrastructure projects in Germany and the U.S. built my foundation in secure-by-design thinking.

At firms like Bank of America and ESI, I drove large-scale security initiatives and compliance efforts. These cumulative experiences shaped a pragmatic, business-aligned security philosophy that I brought to Newrez LLC. Here, I lead as Senior Director of IT Security with a focus on risk-based, scalable and embedded security practices across the enterprise.

Ensuring Agile and Adaptable Risk Management Practices

I maintain adaptability by embedding security into the SDLC and IT operations, continuously improving threat modeling and vulnerability management processes, and aligning practices to frameworks like NIST CSF and MITRE ATT&CK.

I also lead threat intelligence and incident response programs, enabling rapid response and mitigation. My governance approach ensures policies and controls are regularly reviewed and updated, informed by threat trends and business context.

Aligning Third-Party Vendors with Internal Frameworks

At Newrez and prior organizations, I implemented vendor risk management processes that include contract negotiation with security clauses, regular assessments and audits aligned to our internal controls. I oversee MSSP relationships and ensure knowledge transfer and quarterly reviews are built into contracts. We align all vendors with our compliance frameworks (e.g., NIST, ISO 27001), and enforce security baselines for tools such as Akamai, Skyhigh and BeyondInsight.

“Building a feedback loop between threat analytics, incident response and strategic planning helps ensure our cybersecurity approach is proactive and threat-informed.”

Operational Benefits of Digital Tools in Cybersecurity

Within the realm of IT security operations, adopting digital tools like Cribl and centralized SIEM platforms has delivered operational efficiencies, improved visibility and enhanced incident response capabilities. It is analogous to how digitalization benefits operational efficiency in other industries.

Building Impactful Information Security Strategies

I stay ahead of information security trends by engaging with industry frameworks (e.g., NIST, MITRE), participating in threat intelligence exchanges, and leading internal security consulting initiatives. I also maintain certifications and stay involved with professional networks. Building a feedback loop between threat analytics, incident response and strategic planning helps ensure our approach is proactive and threat-informed.

Advice for Cybersecurity Industry Leaders

Focus on business alignment. Security cannot be effective in a vacuum. Build relationships across IT, DevOps and business units to embed security early. Invest in people and culture just as much as in tools. Foster transparency and continuously educate stakeholders.

Lastly, lead with metrics. Define, track and communicate success in ways that resonate with both technical and executive audiences.