In line with Echelon's value of People with Personality, we are excited to continue our Cybersecurity Champion series, where we spotlight the incredible individuals who make up our team. Each month, we share the stories of professionals whose talent, dedication, and unique perspectives help keep organizations secure.
What initially drew you to cybersecurity, and how did your path eventually lead you to Echelon?
My path into cybersecurity was not a straight line. I originally thought I was headed toward medicine, but over time I realized that my strengths were better aligned with problem solving, investigation, and technology. After discussing that shift with my family, I committed to it and began building the foundation through coursework in computers, networking, and security, along with certifications like Network+ and Security+.
That foundation opened the door to my first cybersecurity role as a data security analyst at Computer Sciences Corporation, where I joined an early security operations center environment as they were building it from the ground floor. Over the next several years, I advanced through engineering and senior engineering roles, gaining hands-on experience in security operations, infrastructure, and technical problem solving.
Eventually I moved into consulting, which accelerated my growth. I had the opportunity to work as a penetration tester and help build managed security service capabilities around vulnerability management, endpoint detection and response, security awareness training, and incident response. Over time, through industry changes, mergers, acquisitions, and org shifts, I found myself performing vCISO-level work before I officially held the title: conducting assessments, building roadmaps, advising leadership, and helping organizations mature their security programs. That experience ultimately led me to formal vCISO work and eventually to Echelon.
What stood out during the interview process was how small and connected the cybersecurity community really is through shared experiences and prior work. I quickly realized that Echelon was a place where experience, trust, collaboration, and community mattered. That resonated with me because cybersecurity is not just a technical profession for me, it's a community of people helping one another get better through collaboration.
With over 15 years in the field, you've watched the threat landscape change dramatically. Are there any cybersecurity trends or emerging technologies that you're particularly excited or concerned about right now?
The obvious answer is AI. Anyone in cybersecurity who is not paying attention to AI right now is missing one of the most significant shifts in our field. Generative AI has already changed how people work, learn, code, research, and communicate. Now, agentic AI is pushing that even further by creating opportunities for autonomous workflows, faster analysis, and increased operational efficiency.
I'm excited about what AI can do for defenders. Security teams are overwhelmed by the volume of vulnerabilities, alerts, incidents, third-party risk, and business demands. Used responsibly, AI can help security teams move faster, prioritize better, and close gaps that would otherwise remain unresolved.
At the same time, I'm concerned about the malicious use of AI. The window between vulnerability disclosure and exploitation continues to shrink and compress. What used to take weeks or months can now happen in days or even hours. AI-assisted vulnerability discovery, exploitation, phishing, social engineering, and malware development will continue to raise the stakes for defenders.
For me, the answer is not to fear AI. The answer is to adopt it responsibly, govern it properly, and use it to give security teams a fighting chance. Vulnerability management, patching, remediation, detection, and incident response will all need to evolve with AI-assisted capabilities. I do not believe AI will replace humans. However, I do believe humans with AI will replace humans without AI.
As a vCISO Manager, a big part of your role is translating complex security challenges into language that resonates with executive leadership. How do you approach that translation, and where do most security teams get it wrong?
As a vCISO, I view my role as being a business officer with responsibility for information security. That means I cannot communicate only in technical terms. When speaking with executives, boards, and business leaders, the conversation has to center around risk. Leadership wants to understand four things: what the risk is, how likely it is to occur, what the business impact could be, and what it would take to reduce that risk. The more clearly we can connect cybersecurity issues to operational disruption the more effective the conversation becomes.
I also believe in keeping executive communication concise. In many cases, five or six strong slides are more effective than twenty-plus slide technical briefings. You don't want to kill them via PowerPoint. Metrics matter, but only when they tell a story about risk reduction, program maturity, and business outcomes. If we can't measure progress, we can't manage it effectively from quarter to quarter.
Where I see security teams get it wrong is by overwhelming leadership with technical detail, talking about firewalls, malware behavior, network packets. Tool-specific reporting may be important to the security team, but it's not usually the right language for executive decision making. You have to speak the language of business. Leadership needs to know whether the organization is safe from quarter to quarter, what risk remains, and where investment or accountability is needed. A cybersecurity program should not be presented as a list of tools or activities. It should be presented as a risk reduction strategy.
Are there any resources, communities, books, or people that have been particularly meaningful in your journey?
I consider myself a lifelong learner, so I'm always looking for resources that challenge me, sharpen my thinking, and help me become a better security professional.
Several people and communities have had a meaningful impact on my journey. Dr. Eric Cole at Secure Anchor helped shape my development through his CISO-focused education; his certification program got me to believe I had the skills and depth of knowledge to do this job. Mike Chapple and Cert Mike were valuable resources during my CISSP and CISM preparation. Brian Johnson and 7 Minute Security were especially helpful as I developed further as a penetration tester, particularly during COVID when many of us were adapting and learning how to do things outside the office.
InfraGard has always been valuable for staying current on the threat landscape and understanding the broader connection between cybersecurity, critical infrastructure, and public-private collaboration. I also have a long-standing appreciation for 2600: The Hacker Quarterly, which pretty much reflects the curiosity and technical exploration that have always been part of the security community.
One book I recently appreciated was Locked Up by Zach Lewis. It provided a real-world view into a LockBit ransomware response. I value resources like that because they give security professionals a behind-the-scenes look at what actually happens during a serious incident. Those lessons are incredibly useful for security practitioners, leaders, and organizations trying to prepare before they're in the middle of a crisis.
What do you appreciate most about being part of Echelon?
What I appreciate most about Echelon is the combination of teamwork, depth of knowledge, commitment to clients, and authenticity. It is a place where people bring strong experience to the table, but we can also collaborate. We don't always have to agree, but we can collaborate. We can have honest discussions and challenge each other's thinking, that's healthy and allowed. What matters is that we work through the issue, reach alignment, and execute together for the client.
Cybersecurity consulting clients are trusting us with serious responsibilities. They need practical guidance, clear communication, and people who care about helping them reduce risk. Echelon's culture supports that, in my opinion. It allows people to be themselves while still operating as a unified team focused on client outcomes.
Outside of work, how do you like to spend your time?
Outside of work, I enjoy spending time with my wife of 30 years and going out to new restaurants. We're somewhat mini foodies; we try to go to new places together. It's something we both enjoy.
Basketball is also a major part of my life. I referee men's college basketball and volunteer with my town's youth basketball club, which has been creating opportunities for young athletes for over 20 years. I also coach one of the youth teams. In addition to all that, I serve as the lead commissioner for one of the largest boys travel basketball leagues in South Jersey, with more than about 150 teams from 4th to 8th grade.
Basketball gives me an opportunity to mentor young people, support the community, and stay connected to teamwork, discipline, and leadership outside of cybersecurity. I also volunteer refereeing basketball for Special Olympics in New Jersey. They have a regular season and state championship, and I've been doing that for about the last 15 years.
What does being a Cybersecurity Champion mean to you?
To me, being a Cybersecurity Champion means being actively engaged in a fight to make organizations, communities, and people safer. Cybersecurity is not just about tools, alerts, or compliance requirements. It is about helping people understand risk, make better decisions, and protect what matters.
As security professionals, we have a responsibility to educate, guide, and support our clients, peers, and communities. Being a Cybersecurity Champion means showing up with humility, sharing knowledge, learning from others, and contributing to a stronger security community. It means helping organizations reduce risk in practical ways, but also recognizing that our work has a broader impact on businesses, families, public services, critical infrastructure, and society.
At the end of the day, cybersecurity is a team effort. The more we help each other, the safer our clients, communities, nation, and the world become.
Curious about a career in Cybersecurity? Discover more about Echelon's team, culture and open positions.