Hi, I'm Nick

I'm a Vermont-based Chief Information Security Officer, system architect, self-hoster and open source enthusiast creating secure, scalable environments. Start scrolling to learn more about me.

I'm building this page as part of the Cloud Resume Challenge. It sounded like fun and not too much work. And at least one of those turned out to be true...

Scroll Down

About Me

At work, I'm a driven cybersecurity professional building and maintaining diverse security controls, always striving to minimize impact on user experience. I thrive when presented with challenges where I can leverage documentation and experimentation in equal measure.

At home, I'm using code to deploy apps and infrastructure, developing Python , Docker , and Terraform skills, and creating cloud-free home automations . Anything where I can dissect a technology and regain ownership over my data. Take a look at some of my projects. I'd love to talk about them with you.

Download Resumé

Career

BlueCross of Vermont

Chief Information Security Officer Jul. 2024 - Present

  • Develop and enforce seucirty policies, standards and procedures to protect regulated data
  • Partner with business leaders to enable secure new initiatives
  • Oversee assessment and remediations from audits, compliance reviews, and penetration tests
  • Lead cross-functional projects to integrate security controls with modern tech stacks

BlueCross of Vermont

Senior Cybersecurity Engineer Oct. 2022 - Jun. 2024

  • Design and implement certificate lifecycle management (CLM) platform and process to automate management of PKI certificates.
  • Implement email security, routing, and auditing for Exchange Online
  • Define CIS hardening baseline for Linux and Windows with recommendations for automation
  • Implemented emergency mailbox service to mitigate impact of disasters and service provider outages

BlueCross of Vermont

Senior Cybersecurity Risk Analyst Apr. 2022 - Oct. 2022
Cybersecurity Risk Analyst Apr. 2020 - Apr. 2022

  • Prioritize and remediate vulnerabilities with system owners
  • Review and implement firewall, policy, and vulnerability changes and exceptions
  • Maintain IT risk register; security policies, standards, procedures
  • Create, manage rules and policies for endpoint firewall and protection
  • Conduct and refine third-party risk program and vendor security reviews through multiple process iterations
  • Coordinate and conduct external and internal IT audits (SOC 2, NIST CSF, state, federal)
  • Present security findings, plans, and progress with stakeholders
  • Perform threat modeling and security baselining for new initiatives

University of Florida

Information Security Analyst Jun. 2018 - Feb. 2020

  • Contain and resolve activity of compromised user accounts and devices
  • Reduce SLOs for eDiscovery by 75% and IR by 25% through scripting
  • Conduct vulnerability analysis of endpoints and infrastructure
  • Conduct eDiscovery sources in support of incident response, compliance, and litigation
  • Follow chain-of-custody procedures regarding collection and analysis of material for law enforcement and investigative entities

Certifications

Certified Information Systems Security Professional

CISSP #753298

Certified Information Security Manager

CISM #221744349

GIAC Certified Enterprise Defender

GCED #3472

Education

University of Florida

M.S., Management Conc. Information Systems

University of Florida

B.S., Psychology B.A., Anthropology Conc. Behavior Analysis

Projects

Say Hello

Like my projects or have an idea for one?

Let me know!