Jedi magic.

These are just a few recent projects that demonstrate how I use my own Jedi magic to meet and exceed expectations, delivering exceptional value to my team and organization. I'm steadfast in my commitment to excellence, and that is demonstrated in the work I deliver everyday.

Security awareness transformation

In my first six months as an Information Security Analyst at Slalom, I designed and implemented a custom security awareness training course that used actual incidents, events, and questions as the foundation for the content. The content was delivered globally and the feedback was overwhelmingly positive. I've since transformed this single course into a full security awareness program, with tailored content based on new and evolving threats, role-based content including secure code developer training, and project-specific security training to incorporate clients' individual training needs. I also partnered with cross-functional teams to build a complete brand for the information security team including a distinct writing voice, SLAs, and an InfoSec mascot.

These efforts have significantly improved training completion rates and reduced employee-generated security incidents The work of this program has helped to create a culture of secure vigilance and fearless escalation throughout the organization, and the unique recipe I've spearheaded is in the process of being delivered to clients around the globe.

Offboarding Access Management

I spearheaded the development and deployment of a comprehensive Identity and Access Management (IAM) strategy tailored to streamline the offboarding process for departing employees, prompted by a notable surge in security incidents during their last two weeks of employment. To address this challenge, I crafted a series policies to mitigate the risk of data loss and security events by departing employees.

These policies included:

Custom DLP policies to manage cloud-based exfiltration
An external storage device policy to combat saving to USB and external hard drives
An Azure Conditional Access policy that restricted access to company systems solely from devices under company management

To ensure the policies were applied consistently and only to users with an "Upcoming Departure" persona, policy application was managed via an Azure Active Directory Security Group.

Due to unique limitations preventing a direct integrations between the company's HRIS system and Azure AD, I had to get creative to automate the solution. Using a custom daily report from the HRIS detailing upcoming terminations, I wrote a PowerShell script paired with Task Scheduler to execute the task seamlessly. This automated workflow added accounts with the upcoming departure persona to the designated Azure AD Security Group, thus applying the restrictive access controls and protecting Company and client data.

Data Governance Program Creation

In response to escalating data complexities and regulatory requirements, we embarked on a comprehensive data governance program development project. After conducting a thorough assessment of our existing data landscape, we partnered closely with stakeholders from IT, data architecture, legal, compliance, and business units to create a tailored data governance framework aligned with industry best practices and regulatory standards such as GDPR, HIPAA, and CCPA. This framework encompassed policies, procedures, and controls governing data classification, access, usage, retention, and disposal, ensuring compliance and mitigating risks associated with data breaches and privacy violations. Additionally, we established clear accountability structures, appointing data stewards and champions to oversee data domains and facilitate ongoing governance activities.

The project included implementing robust controls in our Snowflake, Azure, and AWS environments to support our data governance and protection initiatives, as well as creating extensive training and awareness programs for employees at all levels to understand their roles and responsibilities in upholding data governance principles and practices. Ultimately, the successful implementation of the program not only enhanced data quality, consistency, and trustworthiness but also positioned our organization to derive greater value from its data assets while safeguarding privacy and regulatory compliance.

DLP Program Development

I developed a successful DLP program strategy including executive buy-in and reporting, employee communications plans, IT Usage Policy updates, logical rule creation, and ongoing monitoring. As part of this extensive effort, I assisted the company in successfully transitioning from an "allow and react" to a "protect and enhance" DLP posture.

The project was uniquely rewarding and challenging, given the organization's frequent use of client-privisioned accounts and applications from company-managed devices. This necesitated crafting policies and controls using a scalpel where we'd otherwise use a hammer in order to effectively protect company and client intellectual property, while also allowing employees to seamlessly work on client accounts and applications without interruption.

disney-castle-title-screen-banner1 (1).jpg

Up next

GRC Jedi at The Walt Disney Company

My ultimate goal is to become a Security GRC Jedi at The Walt Disney Company. I am eager to contribute to Disney's mission of creating magical experiences while ensuring the security and integrity of its data products and assets. After Cast Member onboarding, you will see an immediate value add, such as:

First 3-6 months: In this time, I will gain a comprehensive understanding of the team and organizational structures, as well as Disney's unique and vast data landscape. The time will be used getting a strong foundation of the team's working and communication norms, ensuring a successful transition for both myself and the team. I'll also spend time developing quality connections with teammates and key stakeholders, which will help me to effectively navigate the organization and make an impact on relationships.
Within 6-12 months: I will deliver at least one high-impact project, based on what I learned and saw in the first 6 months. This project will likely be some sort of process improvement, and will increase our security posture through proactive risk management. By this point, I will have a solid grasp of my daily work, and will be able to perform it successfully with little to no oversight. Because of the strong network I've built, I'll know who to reach out to for help, and will have a well-documented contact tree. I will also have settled into my role within the team's dynamic, keeping things fun and energetic while performing at an elite level.
After the first year: By this point, I will have firmly established myself as someone who can be depended on to find solutions and effect positive change. Team members will know they can count on me for coverage and support, and partners will look to me as a trusted advisor. Once I've developed a strong working knowledge of my role and responsibilities, I'll invest time in other internal initiatives such as BERGs and cross-functional projects. I'll be seen as a peer leader and look forward to raising the bar for the team and organization.