Since March, 2012, I am the Director of Information Security for the University Information Systems department of the University of Colorado system.
From 2009 until 2012, I worked in information security within the Office of Information Technology at Emory University and Healthcare. At Emory, I was the technical lead for PCI-DSS compliance, I provide information security guidance for IT projects and contracts, I was the technical lead for the Security Information and Event Management system and I managed the campus-wide information security awareness program.
During my time as full time staff at the University Colorado at Boulder, I held three positions. From 2006 until 2008, I am working in the IT Security Office and am primarily focused on IT risk management. In this position, I developed a campus IT risk assessment program that focused on a department-level scope and I performed IT risk assessments of multiple key departments. I handled private data security issues, including tools and processes for locating private data, PCI-DSS compliance and private data security standards. I also was in charge of technical incident response, overseeing computer forensics.
From 2003 until 2006, I worked as an IT architect on messaging and courseware management projects. My messaging work was largely focused on addressing e-mail spam for the campus and completed with the successful deployment of a new anti-spam system. In courseware management, I evaluated options for updating our campus learning management system and architected the implementation of WebCT Campus Edition 6.
From 2000 until 2003, I co-managed the campus Active Directory. The campus was one of only two higher education insitutions that was a Microsoft RDP customer for Windows 2000, bringing us into the technology at an early stage. We successfully deployed and operated a campus-wide Active Directory, including the upgrade to Windows Server 2003.
I have been an active member in REN-ISAC, a higher education IT security organization, as well as a participant in other higher education oriented IT security communities like Educause SPC and Unisog.
I am a central member of the Windows in Higher Education community, co-manging the e-mail list, website and conference. This e-mail list has been at the center of the community since it's inception in 2000. The conference has been an excellent technical event for IT staff in higher education for several years.
During my years of student employment at UCB, I worked on computing lab deployment and management.