THREAT VISIONS
Profile

On the Wire.

Cybersecurity & Risk Executive. 25+ years on the wire.

I've spent two and a half decades leading enterprise-wide cybersecurity and risk programs at global financial institutions and Fortune 100 companies, building and transforming security organizations and managing budgets over $100M and teams of 300+ across four continents.

My work spans cyber strategy, insider threat, regulatory compliance, supply chain risk, and product innovation with top-tier vendors. I sit at the intersection of boards, regulators (SEC, OCC, FRB), and engineering teams — translating risk into language each can act on, and aligning technology strategy with business resilience.

Contact via Email →
25+ YR
Field Experience
$100M
Budgets Managed
300+
Teams Led
4
Continents
Entry № I

The Long Walk

1996 — present
2024 — PRESENT

Cyber Executive, Strategy & Operations

BNY

Lead global cyber strategy and operations, strengthening enterprise resilience, regulatory compliance, and next-generation engineering capabilities.

  • Manage overall cybersecurity budget with focus on spend optimization and rationalization of products and vendors.
  • Direct cyber engineering for network and server architecture, including AI-driven automation of cyber workflows to enhance detection, response, and operational efficiency.
  • Oversee insider threat, supply chain risk, incident response, and threat intelligence programs aligned with enterprise risk appetite and regulatory mandates.
  • Partner with regulators (SEC, OCC, FRB) to address findings and ensure transparent governance and sustainable compliance.
  • Advance metrics, dashboards, and executive reporting frameworks to provide real-time insights to board members and senior leadership.
  • Drive integration of AI, analytics, and automation across security operations, improving scalability and time-to-response.
2019 — 2024

Lead Cyber Executive

Merrill Lynch / Bank of America
  • Built and secured the trading environment for market-making and broker-dealing operations.
  • Managed cyber risk for Banking & Markets technology, operations, and front-line units. Led 300 professionals on four continents with a $100M annual budget, reporting into the CIO and Vice Chairman of Markets & Trading.
  • Directed global cyber operations, metrics, incident management, and executive reporting.
  • Built risk-strategy framework covering regulation, attestations, identity governance, and architecture.
  • Strengthened policy governance and transparency, elevating executive decision-making.
  • Modernized security architecture to protect trading, operations, and client platforms.
2016 — 2019

CTO & Chief Strategist

Intel Security / McAfee
  • Owned strategy and portfolio development for enterprise cybersecurity products at the largest cybersecurity company by revenue, with $8B annual ARR.
  • Advanced cloud security platforms (CASB, SASE) and endpoint protection against ransomware.
  • Championed machine learning and big-data analytics for proactive threat intelligence.
  • Scaled automation through SIEM and SOAR, improving efficiency and time-to-response.
  • Guided corporate development for acquisitions and partnerships.
2013 — 2016

Managing Director, Cyber Practice

Promontory Financial (IBM)
  • Founded and scaled the firm's global cybersecurity consulting practice; managed a team of 50.
  • Advised Fortune 100 banks on enterprise cyber strategies and regulatory compliance.
  • Delivered resilient architectures addressing operational and systemic financial risk.
  • Supported cyber due diligence and governance for multinational mergers.
2011 — 2013

Global Head of Technology Risk, Managing Director

BNY
  • Led 200+ professionals to establish the firm's global cyber risk program.
  • Directed application security, access control, and risk-architecture functions globally.
  • Developed and led the vulnerability management program.
  • Built the third-party risk management program for vendor risk across cyber and technology.
  • Built enterprise risk reporting, dashboards, and analytics for board visibility.
2008 — 2011

Chief Information Security Officer

Fifth Third Bank
  • Directed 150 staff with a $30M budget, overseeing all aspects of cybersecurity and risk.
  • Achieved compliance across PCI DSS, GLBA, HIPAA, SOX, and fraud regulations.
  • Strengthened threat intelligence, incident response, malware analysis, and fraud programs.
  • Implemented enterprise GRC system to unify risk reporting for board and regulators.
  • Enhanced disaster recovery and business continuity for mission-critical systems.
2004 — 2008

Chief Information Security Officer

ABN AMRO / LaSalle Bank
  • Directed 300 personnel across global footprint; partnered with C-level executives to mitigate technology risks.
  • Designed and deployed IT risk-assessment methodology across the enterprise.
  • Oversaw global security operations, incident response, patch/configuration, and forensics.
  • Directed architecture and application security; presented directly to board and regulators.
1999 — 2003

Manager — Red Team & Penetration Testing

KPMG LLP
  • Led the red team and penetration testing practice within Financial Services — adversary emulation, application and network pen testing, social-engineering campaigns, and post-engagement remediation guidance for major banks and insurers.
  • Ran engagements of 5–20 associates generating $7M in revenue.
  • Advised clients on SOX 404, GLBA, and IT governance compliance.
  • Designed disaster recovery and business continuity strategies for major financial institutions.
  • Delivered board-level reporting and training programs in IT risk and audit.
1998 — 1999

Information Systems Manager

Citibank · FX Systems
  • Managed security and operations for global FX trading platforms.
  • Designed security model and certificate authority for global trading systems.
  • Conducted Y2K certification and security testing for mission-critical trading.
  • Supported client trade operations, troubleshooting, and online trading security.
1996 — 1998

DoD Cybersecurity Consultant

U.S. Department of Defense
  • Contributed to modernization of defense technology infrastructure across multiple branches of the U.S. military.
  • Built and deployed the TCP/IP backbone for defense networks spanning all service branches.
  • Designed and implemented secure architectures and patterns for C2 (Command & Control) and B2 (Battlefield)–compliant systems.
  • Deployed classified data-management systems supporting weapons inventory tracking and defense readiness.
Entry № II

Education

Two campuses
B.A. / MIS

University of Mary Washington

Bachelor of Arts and Management Information Systems

Director for Student Activities department. Designed the campus-wide network for the University.

M.B.A. STUDIES

City University of New York

Master's studies in Business Administration
Entry № III

Certifications & Affiliations

Industry standing
CISMCertified Information Security Manager
CISACertified Information Systems Auditor
CISSPCertified Information Systems Security Professional
U.S. CONGRESSCongressional Advisor — House Committee on Financial Services
FS-ISACMember — Financial Services Information Sharing & Analysis Center
OWASPSteering Committee Member — Open Web Application Security Project
HI-SECSteering Committee · Hi-Sec Security Executive Council — mentorship & community leadership
Entry № IV

Languages

Beyond English
EspañolFluent
PortuguêsConversational
Entry № V

Written Work

Selected · 2010–2024
De Gruyter · 2024

Securing Artificial Intelligence in the Real World

An authoritative treatment of the practical security challenges around AI deployment in enterprise environments — governance, threat modeling, and the unique risk surface introduced by ML at scale, drawn from operational experience across global financial institutions.

Volume V · Chapter 6 · pp. 113–124
Read at De Gruyter →
U.S. Congress · 2018

Statement for the Record on Cybersecurity in Financial Services

Testimony before the House Committee on Financial Services on threats facing the U.S. financial system: public-private cooperation, the inadequacy of the SSN as a digital identity credential, and the case for modernizing federal procurement of next-generation security solutions.

"The financial sector is ready and waiting. As good a job as institutions like Bank of America and US Bank are doing, they can't be expected to deter a nation state on their own." — Statement for the Record · Subcommittee on Financial Institutions
Read full testimony (PDF) →
BankInfoSecurity · 2010

In a New Role, He Melds Business and Security

A profile on the evolving role of the CISO at the intersection of technology and business strategy — building trust with business partners, the rise of organized cybercrime targeting financial institutions, and the shift from infrastructure-centric security to business-risk leadership.

CISO Profile · Fifth Third Bank
Read profile →
BNY Mellon Perspectives

Strengthening Cyber Resilience

A discussion on the human element of cybersecurity — why people are the first and most important line of defense against social engineering and advanced threats.

Podcast transcript · BNY Mellon
Read transcript (PDF) →
Speakerpedia

Speaker Profile

Featured speaker profile covering decades of leadership across financial-sector cybersecurity and global technology risk.

View profile →
International Economic Forum of the Americas

Speaker Profile

Featured speaker profile from the International Economic Forum of the Americas, covering a career in global financial cybersecurity and work with FS-ISAC and the Federal Reserve.

View profile →