Cybersecurity Professional CISSP Penetration Tester
Started in IT. Figured out the security problems were more interesting. Haven't looked back since.
About Me
IT background. Security focus. Genuinely curious about how things break.
I came up through IT and networking. Somewhere along the way I realized the more interesting question wasn't how to keep systems running. It was how someone would get in if they wanted to.
That shift led me to security full time, backed by a Master's from Trine University and a Bachelor's in Cyber Defense from Davenport University. I work across security architecture, penetration testing, and GRC, helping organizations understand their real exposure and not just their audit score.
Trine University
Information Security & Technology Management
Davenport University
Cyber Defense & Security Operations
The best time to find a vulnerability is before someone else does. I lean into threat modeling and red-team thinking so organizations stop playing catch-up with adversaries.
NIST and ISO 27001 aren't just there to make your auditor happy. They're blueprints for actually reducing risk. I help turn compliance requirements into controls that hold up in the real world.
You can have perfect tooling and still get phished by a fake invoice. Security culture is the layer that makes everything else work, starting with making sure every person in the org knows their role.
Areas of Expertise
Deep technical knowledge paired with strategic thinking across the full security lifecycle.
Designing layered, defense-in-depth security architectures that align with business objectives and scale with organizational growth.
Conducting authorized offensive security assessments to identify vulnerabilities before malicious actors can exploit them.
Translating complex regulatory frameworks into actionable security programs that satisfy auditors and reduce real-world risk.
Applying machine learning techniques to threat detection, anomaly detection, and security automation while securing AI systems themselves.
Collecting, analyzing, and operationalizing threat intelligence to inform defensive posture and proactive countermeasures.
Leading coordinated responses to security incidents — from initial detection through containment, eradication, and post-incident review.
Credentials
Validated expertise across security domains, governance, and offensive security practices.
CISSP
Certified Information Systems Security Professional
(ISC)²
CC
Certified in Cybersecurity
(ISC)²
Security+
CompTIA Security+
CompTIA
PenTest+
CompTIA PenTest+
CompTIA
CNVP
Certified Network Vulnerability Professional
CompTIA
CPT
Certified Penetration Tester
GAQM
IBM
IBM Cybersecurity Certification
IBM
Proofpoint
Proofpoint Security Certification
Proofpoint
XM Cyber
XM Cyber Attack Path Management
XM Cyber
9 active certifications across 5 issuing bodies
Projects
Practical tools built to demonstrate applied security concepts — not demos, actual things you can use.
Insights
Practical perspectives on security architecture, emerging threats, and building resilient programs.
Enabling multi-factor authentication is one of the most effective controls you can deploy. It is also not nearly enough on its own, and attackers figured that out a while ago. Here's what MFA actually stops, what it doesn't, and what comes after.
The average enterprise vulnerability scanner returns tens of thousands of findings. Treating them all equally is operationally impossible and strategically wrong. Here's how to build a prioritization model that focuses your team on the vulnerabilities that are actually going to get you.
I write phishing emails for a living. I've sent thousands of them to employees as part of authorized engagements. I know every trick in the playbook. And one got me anyway. Here's what happened and why it matters.
The most common finding in cloud security assessments isn't an exotic zero-day. It's a checkbox that defaulted to public, an IAM role that was supposed to be temporary, and a storage bucket named after an internal project sitting fully exposed to the internet.
Every year, employees click through the compliance module. Every year, people still get phished. The annual training checkbox is not a security control. Here's what actually changes human behavior in ways that hold up under real attack conditions.
Eight characters, one uppercase, one number, one symbol. Changed every 90 days. Completely useless. Here's why your password policy is training users to create worse passwords, and what to do instead.
Physical penetration testing is the part of security assessments nobody wants to think about because the findings are deeply embarrassing. A look at how alarmingly easy it is to walk past $2 million worth of security technology with a smile and a pastry.
Zero Trust has become one of the most overused terms in enterprise security. Here's what it actually means and what it takes to implement it in a way that reduces real risk.
Most Zero Trust programs stall after the first phase. The reason is almost never technical. Here's how to build a roadmap that survives contact with your organization.
Machine learning in security operations creates as many false positives as it prevents. Here's how to tune your detection models and build analyst workflows that scale.
Large language models introduce a new class of vulnerabilities that traditional security controls weren't designed to catch. Here's what security teams need to understand now.
The updated framework introduces a new Govern function and expands scope beyond critical infrastructure. A practitioner's guide to mapping your existing controls to the new structure.
A penetration test is not a vulnerability scan with a human attached. Here's what a real engagement looks like from scoping to final report and what separates useful findings from checkbox compliance.
Get In Touch
Available for consulting engagements, speaking opportunities, and strategic security advisory roles.
Whether you need a security architecture review, a penetration test scoped for your environment, or a keynote that makes compliance genuinely interesting — reach out and let's talk.