Current Activities

Providing a local non-profit organization with:

  • PCI DSS compliance guidance
  • Syspro support and integration with third party systems
  • Technology assessment and coordination

Director of Marketing for the Kentuckiana Chapter of the Information Systems Security Association (ISSA)

Chair of the 2014 Louisville Metro InfoSec Conference


Recent Activities


The High Risk of Low Risk Applications - DerbyCon 2013

A case study demo of an actual application that was rated "low risk" because of its low business effect that actually had some high risk factors due to the very common technololgy used.

SQL injection with SQLMAP - DerbyCon 2013

How to use SQLMAP to easily (and sometimes not quite so easily) perform SQL injection exploits on web sites.

NIST and your risky application - Louisville InfoSec Conference 2013

A well executed risk assessment is a crucial element in an effective security program; good risk assessments will help prevent security incidents from occurring. This interactive session will engage the audience in an overview of the NIST risk management procedures. We will discuss an example (eCommerce) covering the key concepts: assessing risk, responding to risk, and monitoring risk.


2010 to 2014: Vulnerability assessments, risk assessments, risk management guidance, and penetration testing of web applications for the Commonwealth of Kentucky.

2008 to 2010: Management and direction for all non-departmental databases and programs at the American Printing House for the Blind, including ERP (Syspro) and eCommerce.

2005 to 2008: Consulting and audit/assurance services to a variety of private and government sectors, including water/wastewater, petrochemical production, and manufacturing.