I am an attorney and IT specialist with fourteen years of information security and IT governance experience. I advise clients on building industry-consensus information governance programs that meet a reasonable due care standard. I am experienced, certified, and fluent in information security, data privacy, and compliance. I also provide clients with e-discovery services focused on data preservation, collection, and vendor evaluation.

I have deep information security industry experience that most attorneys in this space do not have. I have experience with Big 4 public accounting and have provided information security, compliance, privacy and risk management services for three of the nation’s largest banks. This experience translates into practical, realistic solutions.

I leverage industry standards and accepted frameworks to develop tailored responses to regulatory demands and internal policy, procedure and other risk management needs. I have worked closely with executives, directors, CIOs, CTOs, CISOs, CPOs, enterprise risk management leaders and federal regulators.

I am an active member of the Utah state bar. I am an officer of the Utah bar Cybersecurity and Data Privacy Section, a member of the Utah chapters of ISSA and ISACA. I am a member and contributor to several American Bar Association committees, and hold the following certifications: CISA, CRISC, CISSP, CIPP/US, CIPP/E, CIPM, CIPT, PCIP, CEDS, GSEC, GLEG, GWPT, GCFA, and GCIH certifications.

My specialties include:

• PCI, HIPAA, GLBA Compliance
• Legal considerations for CISOs and CPOs
• Business, IT, Security and Privacy Policies
• E-Discovery Preservation and Collection
• Information Security and Privacy Programs
• Governance, Risk, Compliance (GRC)
• Corporate IT Risk Management