Download PDF

Career Profile

Governance, Risk, and Compliance Lead with 8+ years of experience in cybersecurity and compliance. Proven track record in planning and leading audit engagements to earn certifications such as FedRAMP, ISO 27001, and SOC2. Skilled in developing and improving security frameworks, writing security policies, and managing compliance programs. Experienced in AWS security capabilities and implementing automated security controls. Committed to ensuring security in fast-paced, innovative environments.

Work Experience

CirrusMD

July 2023Present

Cybersecurity Program Manager

  • Managed and matured CirrusMD's compliance program, achieving and maintaining FedRAMP, ISO27001, HIPAA, and SOC2 certifications, enhancing customer trust at scale.
  • Oversaw the cybersecurity training program, ensuring all employees were versed in security protocols and compliance requirements, mitigating risks.
  • Acted as the information security lead for IT and business project teams, identifying potential threats and implementing solutions to mitigate risks.
  • Led the development of significant change request documentation, including SCR forms, supplemental narratives, and diagrams, improving process efficiency.
  • Gathered, assessed, and mapped evidence to compliance requirements.
  • Created and updated documents relevant to Federal authorizations, such as SSP and POA&M, ensuring continuous compliance with regulatory standards.
  • Supported third-party assessments of critical security controls for the company's cloud-based applications.
  • Partnered cross-functionally to implement technical, management, and operational controls required to deliver and operate a FedRAMP environment, contributing to increase in customer trust.
  • Supported sales and customer enablement activities, including responding to RFPs, negotiating contracts, and participating in client-led security assessments.
  • Coordinated and led annual security and compliance assessments, including table-top exercises, optimizing processes to ensure compliance with industry standards.
  • Developed and executed the annual audit plan, successfully managing multiple simultaneous audits and certifications within CirrusMD.

As Cybersecurity Program Manager, I led CirrusMD to achieve FedRAMP Authorization:

  • Challenge: CirrusMD was progressing toward FedRAMP authorization but needed a cybersecurity manager to take over and lead the final stages of the process. This required collaboration with key stakeholders, including federal partners, to meet the remaining requirements and achieve full authorization.
  • Context: I was hired in July 2023 to manage CirrusMD’s cybersecurity program with a specific focus on driving the FedRAMP authorization process to completion. The Department of Veterans Affairs was a primary stakeholder, and Austin’s role was pivotal in ensuring all standards and requirements were met.
  • Action:  I took over the existing process, coordinating closely with the Department of Veterans Affairs and CirrusMD’s internal teams. I focused on maintaining rigorous security practices, responding to VA requirements, and facilitating any final assessments and adjustments needed for compliance.
  • Result: CirrusMD successfully achieved full FedRAMP authorization on October 23, 2024. My leadership and focused coordination with the VA enabled CirrusMD to complete the authorization, expanding the company’s potential to serve federal clients and strengthening its commitment to regulatory compliance.

FormAssembly

Sep 2021Present

Senior Security and Compliance Engineer

  • Optimized compliance processes and reduced audit preparation time.
  • Coordinated annual audit plans with internal and external auditors, successfully achieving certifications such as FedRAMP, ISO 27001, and SOC2, maintaining 100% compliance.
  • Acted as the security lead for IT and business projects, ensuring the integration of NIST 800-171, ISO 27001, and SOC2 security frameworks into project lifecycles.
  • Streamlined the approval process for significant change requests by developing and managing documentation.
  • Achieved a first-pass success rate in audit submissions by gathering, assessing, and mapping evidence to compliance standards.
  • Enhanced security controls by supporting third-party assessments and managing remediation tasks.
  • Ensured all departments met stringent federal standards for FedRAMP compliance, contributing to increase in customer trust.
  • Enhanced and contributed to revenue growth through strong compliance assurances, supporting sales and customer activities such as RFPs, contracts, and assessments.

Driving Growth Through Trust: Transforming Sales with Safebase.io Implementation

As Senior Security Compliance Engineer, I led the transformation of the Security Sales Enablement Pipeline: 

  • (Challenge) In 2021, we faced growing complexity in managing customer trust and compliance documentation, with increasing demands for transparency. The manual process for sharing security documents caused delays, impacting our ability to close deals quickly and maintain competitive growth.
  • (Context) I collaborated with Security, Sales, and Legal teams to address the issue. Close cooperation was essential, as each played a key role in delivering the needed transparency. As we scaled, rising client inquiries made manual processes unsustainable.
  • (Action) I implemented Safebase.io, an automated platform for sharing our Trust Center and security documents in one place. This let clients access needed documents easily, reducing sales friction. I worked with Security and Sales to ensure the platform provided up-to-date, compliant reports like SOC 2 and ISO 27001. We tracked engagement metrics to assess effectiveness and made updates based on feedback.
  • (Result) The implementation of Safebase.io dramatically streamlined our document sharing process and improved deal velocity, resulting in year-over-year growth in security-impacted revenue (customers using safebase) and customer engagement metrics:
    • 2021, we secured $863K from 107 deals, averaging $8,068 per deal.
    • 2022, we increased this to $1.46M, with an average of $13,800 across 106 deals.
    • 2023, $1.9M from 146 deals, reflecting strong growth in volume and revenue.
    • 2024 (as of October), we have already reached $1.92M across 152 won deals.
    • Document engagements surged from 52 in 2021 to 513 in 2022, then to 2,190 in 2024.

Mitigating Risk with Precision: Reducing Vulnerabilities for Enhanced Security Compliance

As Senior Security Compliance Engineer, I led a comprehensive vulnerability remediation initiative under the TX-RAMP compliance framework:

  • (Challenge) In July 2024, I was tasked with improving the security posture of our organization as part of the TX-RAMP Plan of Action and Milestones (POAM) initiative. At the start of the process, we identified 214 open vulnerabilities, including 91 high and critical vulnerabilities that posed significant risk to operations.
  • (Context) I collaborated with cross-functional teams, including IT security, compliance, and operational departments, in an environment requiring stringent adherence to state-level compliance standards. Our goal was to remediate vulnerabilities without disrupting service delivery or exceeding budgetary constraints.
  • (Action) I spearheaded a comprehensive remediation strategy by prioritizing vulnerabilities based on risk impact. My approach included coordinating remediation tasks, assigning clear ownership, and integrating automated tools to monitor progress. I implemented weekly review sessions to ensure transparency, providing leadership with real-time insights on our progress. I also ensured that teams had the resources and guidance needed to meet aggressive remediation deadlines.
  • (Result)
    • By October 2024, we successfully reduced the total number of open vulnerabilities from 214 in July to just 1 in October.
    • Notably, we achieved a 100% reduction in high and critical vulnerabilities, completely eliminating the 91 high-risk items identified in July.
    • This outcome substantially improved our compliance standing with TX-RAMP and strengthened our organization’s overall risk management posture.

From Chaos to Clarity: Streamlining Evidence Collection for Framework Compliance

As Senior Security Compliance Engineer, I spearheaded the creation of AuditBuddy, an automated solution for evidence collection and management designed to fill critical gaps left by existing compliance tools:

  • (Challenge) As our organization scaled, we faced increasing challenges in collecting and managing compliance evidence across multiple cloud platforms and security tools. Traditional tools like Vanta fell short in gathering certain evidence types, particularly for frameworks like FedRAMP and CIS. This gap hindered our ability to maintain continuous compliance transparency and traceability, while also making audits more labor-intensive.
  • (Context) I led the development of AuditBuddy, an open-source tool designed to automate the collection, management, and tracking of compliance evidence. I worked closely with security, DevOps, and compliance teams to design a solution capable of gathering evidence that existing tools were not built to collect, such as complex data from cloud platforms and security configurations.
  • (Action) I built AuditBuddy to automate evidence collection using APIs and SDKs from various cloud providers and security tools. The system integrates into CI/CD pipelines, allowing users to specify their target framework (e.g., FedRAMP, CIS) in a GitHub Action workflow. I developed control mapping logic to dynamically determine the type of evidence needed based on the framework and control being assessed. This data is extracted, formatted into populations, configurations, rules, and samples, and committed to the repository for full traceability and transparency during audits. The tool also ensures that evidence is continuously updated and available for audits, reducing manual interventions.
  • (Result) The implementation of AuditBuddy streamlined the evidence collection process, closing the gap left by tools like Vanta. It significantly reduced the time spent on manual evidence collection, while enhancing audit transparency and traceability. By providing automated evidence collection and formatting, we ensured that compliance data was consistently accurate and readily available, improving overall audit readiness and compliance standing across frameworks.

Secure Compliance Solutions

Feb 2020Sep 2021

Senior Security Operations Engineer

  • Monitored security events using Elastic SIEM and AlienVault, investigating significant incidents and generating detailed reports to ensure timely threat resolution and compliance.
  • Maintained and optimized security services (SIEM, incident response, endpoint security), consistently meeting SLAs and enhancing overall security posture.
  • Administered Atlassian products (Jira, Agile, Confluence) for team collaboration and project management, improving workflow efficiency and cross-functional communication.
  • Assessed security incidents, followed triage procedures, escalated critical issues, and conducted vulnerability scans (OpenVAS), providing remediation recommendations to mitigate risks.
  • Developed customer-focused roadmap initiatives (SOC 2, PCI, CMMC, ISO 27001), guiding clients through compliance assessments, control implementation, and successful audits.
  • Evaluated and improved clients' internal compliance, drafting policies aligned with industry standards, ensuring robust compliance frameworks.
  • Educated clients on compliance requirements, providing regulatory guidance and fostering positive client relationships to build trust and ensure adherence to standards.

Prevail Health Solutions

Dec 2018Sep 2019

IT System Operations and Security Manager

  • Managed IT systems and security for both cloud and local environments, ensuring robust protection and compliance with industry standards.
  • Initiated and oversaw a company-wide information security program, enhancing security posture and achieving compliance with relevant regulations.
  • Led compliance and risk management initiatives, successfully mitigating risks and ensuring adherence to security and compliance frameworks such as ISO 27001 and SOC2.

Alight Solutions

2017 2018

Cyber Security Analyst

  • Managed 10-20 monthly client security questionnaires, supervised audits, and documented remediation actions, ensuring client compliance and satisfaction.
  • Facilitated security reviews and audits, aligning client requirements with security operations to maintain robust compliance with industry standards.
  • Developed a comprehensive security program, covering all critical business security segments.

American Academy of Orthopaedic surgeons

20152017

Technology and Data Services Coordinator

  • Conducted financial management tasks, including budget maintenance and cost tracking, ensuring efficient allocation of resources and adherence to fiscal policies.
  • Managed budgets exceeding $4M, maintaining strict adherence to fiscal policies and optimizing financial performance.
  • Coordinated team actions and prepared detailed reports, boosting project efficiency and ensuring timely completion of compliance-related tasks.

Information Security Analyst

20082015

United States Navy

  • Resolved security incidents, protected data integrity.
  • Resolved security incidents, ensuring data integrity and minimizing downtime, which contributed to maintaining a secure operational environment.
  • Evaluated and fortified information system protections, strengthening defenses against potential threats and vulnerabilities.
  • orted policy adherence.
  • Evaluated and fortified information system protections.

Projects

Posts

Presentations

ElasticON Global 2021

[Oct 5-7, 2021]

  • Evaluations and Direction for Elastic Security

Contribution

Certifications

    Certified Security Analyst (ECSA)

    • November 2018

    Certified Ethical Hacker (CEH)

    • April 2018

    CompTIA Project +

    • Feb 2015

    CompTIA A+

    • Nov 2005

    Education

    Master of Information Systems (Cyber Security) 

    • Robert Morris University | 2015 - 2016

    Bachelor of Arts 

    • Eastern Illinois University | 2012 - 2013

    Skills

    Cybersecurity, Risk Assessment, Compliance, Governance, Security Audits, Information Security, ISO 27001, HIPAA, GDPR, SOC2, FedRAMP, PCI DSS, SIEM, Change Management, Cloud Services, Risk Management