Bank of the West
01/2021 – Present: Vice President | Head of Production Security Architecture | BNP Paribas Americas
06/2018 – 12/2020: Vice President | Principal Cybersecurity Architect | Bank of the West
Expand Bank of the West
In my role as Head of Production Security Architecture | BNP Paribas Americas:
- Responsible for the successful delivery of secure solutions architecture for BNP Paribas Americas, through partnerships with BNPP global architecture team, ensuring compliance to regulatory requirements to enable the business to securely deliver Banking products/solutions to customers.
- Directed the security architecture team to perform infrastructure architecture reviews, recommend and design solutions, and improve security in the areas of network segmentation, network security analytics & anomaly detection, endpoint malware protection and EDR controls, data loss prevention (DLP), database activity monitoring, endpoint application allow-listing, insider threat and behavior analytics.
- Directed risk-based prioritization activities for security within technology roadmaps and managed multiple security remediation efforts and improvement initiatives
In my role as Principal Cybersecurity Architect | Bank of the West:
- Provided technical leadership across various cyber security domains, collaborate with senior business leadership (CIO, CTO, CISO) on key initiatives and special high visibility projects, influence and communicate strategic and tactical information security direction, and balance business requirements against security risk in order to enable the business to succeed and execute on their vision and mission with a security conscious methodology.
- Key contributor to the overall technology strategy to ensure the realization of goals such as reuse, infrastructure simplification, cost management, and flexibility.
- Developed cyber technology strategies that promote an integrated customer experience and leverage common services and capabilities across the enterprise.
- Created security architecture implementation roadmaps aligned to standards and controls, and provide technical security design and architectural guidance, reference architectures and patterns, including documenting and diagramming the logical, physical, and process views across multiple technology domains.
- Hand-selected by CIO and CISO to provide security leadership on a strategic-focused team working to design an all-new digital cloud banking platform.
- Led security efforts for public and private cloud reference architecture, and developed cloud security requirements for the BNPP global “Cloud Ring” architecture group.
- Created standardized templates for implementation strategy guides to be used as an architectural blueprint for engineering teams to deploy solutions according to approved architecture patterns.
Past Employment Experience
01/2016 – 06/2018: Enterprise IT Security Architect
07/2012 – 12/2015: Security Engineer II
Expand First Data
First Data is the #1 merchant acquirer providing credit card processing services for small/large businesses and national financial institutions. The company’s portfolio includes merchant transaction processing services; credit, debit, private-label, gift, payroll and other prepaid card offerings; fraud protection and authentication solutions; electronic check acceptance services; as well as Internet commerce, mobile payment solutions and PIN-secured debit acceptance at ATM and retail locations.
In my role as Enterprise IT Security Architect:
- Delivered innovative, sustainable and secure network security architectures, primarily in the focus areas of perimeter defense design, cloud-based security and governance solutions, and ensuring newly acquired companies can transition into security requirements of the enterprise.
- Reviewed IT, IS and business projects for security concerns, provided security consulting and guidance to business partners, engineering teams, and governance and support teams on security risks and developed business cases for the adoption of new technology, standards and processes to address business risk and need.
- Created an internal JIRA/Confluence portal and workflow for inbound proof of concept requests for the security architecture team, which streamlined the process to initiate and complete evaluations of potential security solutions and resulted in better evaluation management and reduced time to acquisition by 50%.
- Contributed to the development of annual security road map in support of security strategy, and provided detailed input into the creation of annual information security budget.
- Created standardized templates for implementation strategy guides to be used as a required output blueprint for engineering teams to deploy solutions according to approved architecture patterns.
- Performed gap analysis and security tool rationalization projects to ensure complete coverage and mature implementation and usage of deployed security solutions
In my role as Security Engineer II:
- Led security governance efforts for many network security technologies and engineered network IDS/IPS, malware analysis and network anomaly detection, and provided research, design and engineering support of enterprise class information and network security solutions.
- Designed and deployed an advanced malware protection service with a heavy emphasis on shared threat intelligence throughout deployed security toolsets to help teams identify and respond to malicious events in the environment. The solution was integrated with web proxies to ensure blocks were registered as such for quicker incident response correlation, and also informed endpoint agents of network attacks traditionally not able to be seen via endpoint. This led to fewer false positives, and higher number of
proactive blocking by endpoint agents.
- Worked tightly with security operations/monitoring and cyber threat intelligence groups to ensure that detection tools were in the correct locations with the correct visibility, and tuned correctly to provide the highest amount of actionable alert data with the lowest amount of background noise or false positives.
01/2012 – 07/2012: Security Solutions Engineer
10/2010 – 12/2011: Network Security Engineer
Visa is a global payments technology company that connects consumers, businesses, banks and governments in more than 200 countries and territories, enabling them to use digital currency instead of cash and checks.Visa has built one of the world’s most advanced processing networks. It’s capable of handling more than 24,000 transactions per second, with reliability, convenience and security, including fraud protection for consumers and guaranteed payment for merchants. Visa is giving more people in more places access to electronic payments. From the world’s major cities to remote areas without banks, people are increasingly relying on digital currency along with mobile technology to use their money any time, make purchases online, transfer funds across borders and access basic financial services. All of which makes their lives easier and grows economies.
In my role as Security Solutions Engineer:
In my role as Network Security Engineer:
- Provided network security infrastructure design, management, and configuration support for firewalls, internet proxy / WAN optimization devices technologies, and Intrusion Detection and Prevention technologies.
- Aligned proxy technologies to industry and vendor best practices, and enhanced user experience through the use of proxy “splash” and “coaching” pages, which paved the way for integration with the VISA security awareness training program with regards to safe web usage to better protect the user and the company from accidental data loss events, or other accidental issues.
G4S Technology (Formerly Adesta, LLC)
01/2008 – 10/2010: Network Security Engineer
06/2005 – 12/2007: Network & Systems Engineer
Headquartered in Omaha, Nebraska, Adesta is a G4S Technology company managed by executives from the telecommunications, construction and security industries. Adesta is a leader in providing innovative, turnkey solutions for advanced communication and security systems, having deployed over two million fiber miles in more than 150 rural and metropolitan areas and completed over 1,000 electronic security systems projects in the United States, Europe, Asia, Central America and the Middle East.
SDM – 17th Annual Top Systems Integrators Report lists G4S (Formerly Adesta) 10th in the annual ranking of the nation’s top 100 security systems integrators, sponsored by SDM Magazine.
In my role as Network Security Engineer:
- Designed, implemented, and managed firewalls, routers, WAN accelerators, content filters, switches, and managed 30+ Linux servers that provided various core network services, infrastructure monitoring utilities, as well as intranet and extranet services.
- Researched, designed, and managed the effort that led to the use of open source operating systems for core services like DNS, DHCP, NTP, FTP, and file storage, which reduced the total cost of data center operations to 10% of previous operating cost.
In my role as Network & Systems Engineer:
Computer Hardware Inc
Grand Island, Nebraska
10/2001 – 06/2005: Lead Sales and Service Technician
Expand Computer Hardware
Computer Hardware, Inc. is a computer retail and warranty service center for HP/Compaq, Apple, and Acer, and is south central Nebraska’s leading Apple Computer specialist. Computer Hardware Inc., currently has five locations and is growing every year.
Computer Hardware Inc. clients range from individual users and small businesses, to large automotive resellers, law firms, department store chains, and large architectural design firms.
In my role as a Lead Sales and Service Technician:
- My responsibilities included the sales and manufacturer-authorized warranty service and repair of many computer manufacturers and associated peripheral devices. Duties ranged from basic computer and printer repair, to network design and configuration, to application support.As part of my responsibilities with Computer Hardware, Inc.
- Computer Hardware Inc. also had a contract to provide field service technicians (FST) for the Cardinal Health – Pyxis Corporation, providing technical on-site support for secure automated medication control and delivery systems, and bio-metric authentication systems for many hospitals and health care facilities in the Nebraska, Kansas, Iowa and Missouri region. I was a part of this program as an FST for 3 years.
05/1998 – 19/1998: Deskside Support Technician
Headquartered in Sidney, Nebraska, Cabela’s is a direct marketer and specialty retailer of hunting, fishing, camping and related outdoor recreation merchandise. It’s direct marketing operation is one of the largest in the United States with over 13,000 employees, and a reported 2009 revenue of $2.63 billion.
In my role as an IT Support Technician:
- My responsibility was to provide tier-2 desk-side pc, printer, and network support to staff working out of the corporate office in Sidney, NE, including support calls, tickets, device installs, upgrades, repairs, PC rebuilds and/or PC cloning.