Obsessed with immersing myself across disciplines, in my career and personal life I dive in headfirst. Growing up, my first passion was technology, watching Apple keynotes, learning how to emulate games, and refreshing technology blog sites to learn about the latest and greatest. As I've grown up that passion hasn't dimmed in the slightest, I work in cybersecurity, helping my clients secure their environment while constantly learning about the latest technology and security developments. I started this site partially as a blog, partially as a connected way to organize my thoughts, and partially to help share what I've learned with others. If I could narrow down my career and personal life's objective to one word, it would be translator. My goal is to help translate complicated topics and make them approachable. I think my strengths lie in quickly grasping difficult topics and then effectively breaking down the information for absorption. I continue to refine the skills which make this possible day in and day out, being the first to jump on the difficult projects and bring order to what sometimes can only be described as chaos.
Pre-college, my first job was as a janitor at a YMCA. It wasn't the appeal of janitorial work that excited me, rather, the $8 an hour that was above the $7.25 minimum wage. Although I came for a paycheck, I ended up learning a lot about hard manual labor and met a lot of great people whose varied backgrounds and histories gave me perspective into the goals I wanted to set for myself. I had a few "gigs" throughout high school, making money here and there but the janitor work was always my main job. These gigs were mostly around website design, I started by playing around with HTML. Eventually I was making websites for friends, companies, and eventually even convinced a company to buy me Adobe Dreamweaver so I could try my hand at CSS. I didn't make much money doing it but I loved it, trial and error, banging your head against the wall for hours until the code just works, nothing is more satisfying.
During college, I was pretty focused on finishing my degree but I did have a few jobs. To pay rent I delivered pizzas for Pizza Hut which I absolutely loved. Driving around listening to music and collecting tips, it was a great job and I met some great friends throughout. I also worked at my college's hospital for a while, taking orders and delivering food to patients. At its base, it involved taking into account dietary restrictions and delivering food but in reality, delivering food to people who haven't had a conversation in days and are craving human interaction was extremely rewarding. Finally, I had a small job at a pallet repair and distribution plan, oddly enough, sorting oil filters. I was given the authority to hire who I wanted as long as I hit certain revenue targets, which I hit while coming in under-budget. Noone had given me that type of opportunity so having my first management experience be a success made me feel like I was cut out for people management.
Post-college, I started at Ernst and Young (EY) in Seattle, the same place I interned during my senior year in college. I worked with most of the largest Seattle based companies in some capacity, helping them test and monitor their internal controls for SOX 404, PCI, and state regulatory compliance. My longest stint was at one of the largest telecommunication providers, leading a team of consultants in the U.S and a separate team in India, and reporting directly to senior management. Through EY I also became involved with the Latino Professional Network (LPN) and began mentoring college students at Seattle University and the University of Washington. Although I was learning a lot, I wanted to become more technical and dive into cybersecurity. I ended up moving to Coalfire, a cybersecurity consulting company. My first job was to respond to a security incident in Switzerland for a large retail company. I was immediately engaged to help lead global response and recovery efforts and to navigate compliance considerations. After that I worked on enterprise risk assessments, control assessments, incident response, and general cybersecurity consulting and advisory work. Through the last few years I've been exposed and helped clients navigate NIST 800-171, HIPAA, PCI, CIS Top 20, state breach reporting laws, SOC, ISO; I've had my hands in almost every cybersecurity framework and regulatory requirement. What I really gravitated towards was incident response and with my Director's support was able to formalize our offerings in incident response. Later, I'd expand these offerings to encompass business continuity, disaster recovery, and testing of those offerings under what is now called Resiliency Services. In my current role I lead development of ten different offerings, co-lead about five others, sell offerings, and lead teams of consultants to deliver on those offerings. As a virtual CISO for a number of companies I get to rub elbows with executive teams to really understand their pain points in security. This really melds nicely into one of my goals, which is to be an effective translator for topics which are considered highly technical. As in everything, I want to make the complicated a little more approachable and put those tools into the hands of smart people.
As you can see by this website, I like to learn about new technology and write. It's important to me to stay on top of what's going on across politics, technology, and even pop culture. I dabble in playing the piano and guitar and actually grew up playing bass. Just being in nature is great but hiking and exploring little known spots is my favorite. Although I currently don't own a car I like to research cars and watch reviews (Doug Demuro is a favorite). Non-computer activities like painting and seeing if I can fix something around the house is always fun. If I can listen to music or a podcast while doing it even better. I workout pretty consistently and at the end of a long day like to settle in and watch movies, television, and play video games.