Executive security leader specializing in enterprise risk, cloud transformation, AI governance, and building high-performing security organizations that deliver measurable business outcomes — not just compliance.
A Senior Information Security Executive in the Technology, Software, and Cybersecurity industries with experience in organizations ranging from $40M to $107.6B Fortune 500 global businesses — with proven performance managing operational budgets of up to $70M and capital expense budgets of up to $400M.
A capable mentor with extensive experience running large teams of up to 280, fostering cultures of continuous improvement and operational excellence. Allen has led Global Security Operations Teams encompassing all cybersecurity functions, threat hunting, incident detection, and response mechanisms.
Collaborating with local and federal law enforcement, he has investigated international incidents of travel and payment fraud, the global extraction of customers from geopolitically-charged uprisings, and the use of computer systems to facilitate international trafficking.
Currently at Amazon Web Services (AWS) as CISO for ProServe AWS Industries, based in Phoenix, Arizona.
"Allen is one of the most impressive security leaders I've had the pleasure of working alongside. Where more security leaders lean into 'No', Allen is always creative and trying to get to a 'Yes' while maintaining the highest standards… He's not just a CISO — he's a strategic force who knows how to align security with business outcomes." — Rob Reynolds, Professional Services Executive & Data/AI Leader (June 2025)
"I had the pleasure of working for Allen while serving as PCI Program Manager with RGP. That was one of the largest and most complex PCI Compliance Programs I've been a part of. The program was implemented successfully under Allen's leadership, professionalism, patience, and capability to build the team — knowing all aspects of Information Security and the business. He was always there to support me and other Program Managers, resolve problems, and provide guidance on challenging questions. I was able to learn a great deal and deliver on time. I would be happy to work with Allen again if such an opportunity presents itself." — Igor Pertsovsky, PCI Program Manager · RGP
"Having worked both with and for Allen for approximately 3 years at NaviSite, I always considered him to be one of the sharpest people I have ever met. His breadth and depth of knowledge in IT Operations Management and Network and Security Operations is second to none. Not only does Allen possess the vision and strategy you'd expect from Senior Management, but he also has the 'chops' to get in there and go toe to toe with the most technical resources. As a member of the Senior Management team, Allen successfully struck that difficult balance between manager and colleague and garnered a tremendous level of respect across the organization. Allen would be an extremely valuable asset to any organization and it would be my pleasure to work with him again." — Aaron Boissonnault, SVP & Chief Information Security Officer · Navisite (part of Accenture)
Reporting to the Director, ProServe AWSI, with 48 consultants, 92 indirect reports, and 12 direct reports. Responsible for business security and risk management/compliance professional services for customers. Engages regularly with C-Suite executives (CISO, CIO, CTO, & CEO) to provide security review and governance updates on large-scale programs.
Reported to the Director, Delivery Americas, with 32 direct reports. Led consulting engagements to implement security automation within customer cloud infrastructure.
Reported to the Chief Information Technology Officer. Led 32 employees plus 75 contractors with 8 direct reports. Responsible for supporting the organization's divestiture from American Express and rebuilding the security organization — people, processes, cybersecurity, and technology. Led business and IT strategy to sever all technology, processes, and personnel within a two-year, $24M mandate while preserving OMB-level security and compliance. Met all compliance targets ahead of schedule, saving $1.5M in separation costs.
Reported to the CISO and BoD (Cognizant) / President (TriZetto). Responsible for all cybersecurity, risk, and compliance for the world's largest healthcare claims management company. Selected to lead due diligence and acquisition integration of TriZetto — finalized targets, evaluated methodologies, assessed infrastructure, and participated in negotiations over 120 days. The company acquired TriZetto for $2B; subsequently appointed CISO of TriZetto to complete $24M in modernizations.
Reported to the CISO. Led all operational management for IT governance, risk, and compliance. Led the Global Security Operations Team — Security Operations Center, Threat Hunting, and Incident Detection and Response — responsible for all Cognizant internal and customer cybersecurity investigations.
Reported to the President, EVP of Services, and the Risk Team of the BoD. Managed a team of 180 and was responsible for the managed services and staff of all 24 global data centers, including compliance/security controls, security operations, incident response, and physical security.
Oversaw the security operations center, network operations center, global consulting services, and IP telephony organization.
Developed monitoring and management tools establishing operational procedures within customer environments.
High-impact initiatives spanning cloud, AI, M&A, compliance, fraud, and security transformation — with measurable results at every turn.
Built repeatable cloud security consulting offerings — baseline controls, custom architecture, incident response, forensic investigations, GenAI governance, and threat/continuity management. Grew the team from 14 to 120 consultants and revenue from $9M to $58M in three years, fueling 644% practice growth and developing 24 fully packaged customer solutions.
Championed a security awareness overhaul: bite-sized training cadences, a centralized security metrics dashboard, a leaderboard for friendly competition, and a Security Champion program. Improved employee compliance from 55% to 96% and reduced incidents from 5/month to 1.2/month. Now on track for adoption across all of AWS.
Established a need to secure GenAI workloads across the AWS customer base. Within 180 days, surveyed consultants, identified differentiated threats, established incorporation protections, and developed call decks/field enablement training. Deployed to 4 enterprise customers with 300% projected annual growth, ensuring protection of LLM/data.
Engaged by a financial services customer to rebuild their IT risk management program ahead of cloud migration. Leveraged NIST frameworks to develop data/application classification models, impact assessments, and automated controls — accelerating migrations by 85% and improving risk-based decision visibility by 45%.
Led cybersecurity and IT due diligence over 120 days for the TriZetto acquisition. Post-close, appointed CISO of TriZetto to complete $24M in modernizations — improving annual recurring revenue by $2B and expanding the customer base by 10%.
Established security controls for a newly acquired AI booking technology. Integrated on-prem, third-party, and cloud systems ahead of schedule. Result: 40% reduction in agent costs and customer booking time reduced from 60 minutes to ~10 minutes.
Identified a growing trend of travel fraud and cybersecurity anomalies. Constructed a specialized team of cybersecurity investigators. Worked with authorities in North America, Europe, and Africa to identify 32 bad actors and partner on their capture. Reduced travel fraud by 75%. The program has since expanded to hotel chains and major airlines.
Led development of an AI/ML travel management application for itinerary proposals and traveler safety — including threat modeling, CI/CD pipeline security, automated vulnerability management, and geopolitical data integration. Now the primary platform for European business travelers.
Post-divestiture from American Express, led full PCI compliance from scratch. Proposed and won ELT/Board approval for remediation strategy. Redesigned 120 applications in 12 months, delivering PCI ROC to customers and avoiding additional expenditures.
The FBI contacted the company regarding an employee's illegal activities. Led a forensic evaluation for illicit data on corporate systems and analyzed network traffic to identify additional actors — without allowing non-employees access to corporate resources. All evidence was proved admissible in court. The FBI convicted the individual and three co-conspirators.
Built a shared four-customer platform for drug trial data management with full FDA CFR 21 Part 11 compliance. Negotiated a common set of GxP controls for technology/data management across the consortium, which has since grown to seven active members.
Built a 280-person global security team across 24 data centers. Developed ITIL-compliant services including a fully outsourced security offering with preventive maintenance, monitoring/response, and incident remediation. Achieved industry-leading metrics: MTTD of 3 minutes and Mean Time to Remediate of 1.5 hours.
Deep, hands-on experience across the full regulatory and technology landscape.
HIPAA · HITECH · HITRUST
GDPR · CCPA
PCI DSS Compliance
ISO 2700x Certification
NIST 800-53 · NIST 800-66 · NIST CSF
SSAE 18 · SOC 1 & SOC 2
EU AI Act
FedRAMP · FISMA · CUI
FFIEC
Certified Information Systems Security Professional
Since Nov 2002 · #39158Certified Internetwork Expert
Since Oct 2000AWS Certified AI Practitioner
Jul 2025–Jul 2028AWS Certified Security, Specialty
2025AWS Certified Solutions Architect, Associate
2025AWS Cloud Practitioner
Sep 2019Certified Security Professional
2005Certified Network Professional
1999Payment Card Industry Professional
Oct 2018 · #1004-956InfoSec Professional
2000 · NSA CertifiedNational Security Systems
NSA CertifiedPublished articles, industry features, and conference presentations spanning cloud security, compliance, AI governance, and executive leadership.
A 12-slide executive briefing on the FDA's updated Premarket Cybersecurity Guidance (February 2026). Covers what changed from 2014, SPDF requirements, SBOM obligations, transparency mandates, and prioritized action items for Life Sciences organizations.
Download PowerPoint →A breakdown of the FDA's February 2026 Premarket Cybersecurity Guidance — now formally anchored inside QMS Regulation. Covers why cyber gaps are board-level quality deficiencies, why SBOM requirements have real teeth, and why companies treating security as a business discipline (not a compliance checkbox) will win.
Read on LinkedIn →A narrative analysis of a recent wiper attack against a major life sciences company, mapped against the FDA's updated Premarket Cybersecurity Guidance. Covers identity hygiene, blast radius management, software supply chain visibility, transparency requirements, and total product lifecycle security.
Read on LinkedIn →An analysis of Anthropic's Mythos model and Project Glasswing, with a focus on what frontier defensive AI means for regulated sectors like healthcare, biotech, and critical infrastructure. Covers proactive vulnerability discovery, emerging standards for secure development, and why these moves matter for boards, CISOs, and compliance leaders.
Read on LinkedIn →An analysis of Google's acquisition of Wiz — the largest cybersecurity deal in history — and what it means for enterprises, the CNAPP market, and the accelerating consolidation of cloud security tooling. Argues that cloud security is fundamentally a data problem, and whoever controls the infrastructure controls the signals.
Read on LinkedIn →Featured as an industry collaborator in UCI's development of "SWE 267P: Cloud and Security Foundations" — a new course in the Master of Software Engineering program. Worked alongside UCI's Cybersecurity Policy & Research Institute to bring real-world cloud security architecture into the next generation of engineers.
Read at UCI ICS →Featured in Financier Worldwide's Special Report on Technology Risk Management. As CISO at American Express Global Business Travel, Allen participated in an expert forum alongside Microsoft, Jones Day, and Venable LLP — discussing enterprise DLP strategy, regulatory pressures, the challenge of non-malicious data leakage, and why fewer internet access points make controls more effective.
Read in Financier Worldwide →Written as CSO at NaviSite, this piece argues that regulated industries — healthcare, government, finance — can not only adopt managed cloud services, but actually improve their compliance posture by choosing the right provider. Covers HIPAA/HITECH, SSAE 16, and how to evaluate a cloud provider's embedded security controls.
Read at Cloud Security Alliance →Featured speaker at the MIT Sloan CIO Symposium, one of the premier forums for senior technology and security executives. The Symposium brings together CIOs, CTOs, and CISOs from leading organizations to address the intersection of technology strategy, innovation, and business transformation.
View Program Book →Available for advisory work, board positions, speaking engagements, and executive collaboration across cybersecurity, cloud, AI governance, and IT transformation.
Live aggregation from The Hacker News, BleepingComputer, Dark Reading, and more.