Troy’s professional experience in security began at American Family Insurance where he worked as a security analysis, engineer, architect and leading Information Security Team for five years. After twelve years, he went to TIAA starting in IT risk and then spending the greater part of his tenure with the Cyber Forensic Investigations Unit. Troy also spent several years volunteering with a team of international experts writing, reviewing and revising CISM and CRISC certification exam questions and answers for ISACA. After working as an Information Security Architect and SME for information security specific contract language, working with legal counsel and procurement for 3 years, Troy was promoted to CISO in 2019.
Motivated individual with strong technical expertise implementing and operating security solutions in heuristic IT environments with 20 years’ specializing in Enterprise Information Security Architecture, Insider Threat mitigation, Cyber Forensic investigations , information security engineering, incident response, vulnerability assessments, security operations, audit – regulatory response and IT risk management. Successfully managed Information Security Unit comprised of 24 direct reports for fortune 300 full line insurance Corporation for 5+ years. Managed Cyber Forensic Unit for fortune 100 financial services company. Proven ability to establish strong working rapports and manage relationships to help achieve business objectives. Leveraged ISO 27002, NIST standards, CobIT and ITIL frameworks to successfully establish policies, standards, and controls required to implement and manage an Information Security program for fortune 100 financial services firm. Managed the associated risk and successfully demonstrated adherence to Industry standards and regulatory mandates including PCI, NACHA, HIPAA, GLBA, MAR,SOX, etc. for both insurance and financial services industries.
Core competencies include:
Insider Threat Program Management / Digital Forensics
Business Relationship Management / Continuous Process Improvement
Risk Management / Assessments/ Mitigation / Vulnerability Assessments
Incident Response / Data Analytics / Penetration Testing
Business Continuity / Disaster Recovery / Security and Privacy Policies
Strategic Planning and Governance / Compliance Management