After nearly 25 years of IT/ InfoSec work across a vast range of industries, experience has fueled my drive to deliver a better information security consulting practice. In 2007, I started VerSprite (aka VerSprite Security) with the idea of developing a team of 'security hybrids'​ - consummate security professionals that personify both technical mastery around emerging technologies and associated threats, as well as a foundation on business processes, acumen, and overall mindset. As such, the inception of 'true spirited'​ security consulting was developed. 

Through years of both hands on network, system, and software engineering and a foundation around risk management principles, the reality set in that true security, although relative to each organization, is best managed via a risk based approach where both an understanding of data usage and functional use cases are known in the context of viable threats scenarios and supportive attack vectors.

This risk-based approach led to the mantra behind VerSprite Security as well as the PASTA threat modeling methodology (Process for Attack Simulation and Threat Analysis), a co-developed risk based threat modeling methodology that I co-authored along with accompanying book (Risk Centric Threat Modeling, Wiley 2015). 

Leading VerSprite today requires constant innovation across both technical and non-technical areas. Changes to emerging technologies, regulations, and threat landscapes forces security strategy to be tailored, not pre-fabricated or imitated. As such, I focus on ensuring that VerSprite's consulting practice develops authentic and custom solutions for our clients in consideration of their risk appetite, threat landscape, technology footprint and regulatory environment.  Beyond VerSprite, I run the OWASP Atlanta, GA Chapter and have been heavily involved in the OWASP global initiatives since 2008.