Executive security leader specializing in enterprise risk, cloud transformation, AI governance, and building high-performing security organizations that deliver measurable business outcomes — not just compliance.
A Senior Information Security Executive in the Technology, Software, and Cybersecurity industries with experience in organizations ranging from $40M to $107.6B Fortune 500 global businesses — with proven performance managing operational budgets of up to $70M and capital expense budgets of up to $400M.
A capable mentor with extensive experience running large teams of up to 280, fostering cultures of continuous improvement and operational excellence. Allen has led Global Security Operations Teams encompassing all cybersecurity functions, threat hunting, incident detection, and response mechanisms.
Collaborating with local and federal law enforcement, he has investigated international incidents of travel and payment fraud, the global extraction of customers from geopolitically-charged uprisings, and the use of computer systems to facilitate international trafficking.
Currently at Amazon Web Services (AWS) as CISO for ProServe AWS Industries, based in Phoenix, Arizona.
"Allen is one of the most impressive security leaders I've had the pleasure of working alongside. Where more security leaders lean into 'No', Allen is always creative and trying to get to a 'Yes' while maintaining the highest standards… He's not just a CISO — he's a strategic force who knows how to align security with business outcomes." — Rob Reynolds, Professional Services Executive & Data/AI Leader (June 2025)
Reporting to the Director, ProServe AWSI, with 48 consultants, 92 indirect reports, and 12 direct reports. Responsible for business security and risk management/compliance professional services for customers. Engages regularly with C-Suite executives (CISO, CIO, CTO, & CEO) to provide security review and governance updates on large-scale programs.
Reported to the Director, Delivery Americas, with 32 direct reports. Led consulting engagements to implement security automation within customer cloud infrastructure.
Reported to the Chief Information Technology Officer. Led 32 employees plus 75 contractors with 8 direct reports. Responsible for supporting the organization's divestiture from American Express and rebuilding the security organization — people, processes, cybersecurity, and technology. Led business and IT strategy to sever all technology, processes, and personnel within a two-year, $24M mandate while preserving OMB-level security and compliance. Met all compliance targets ahead of schedule, saving $1.5M in separation costs.
Reported to the CISO and BoD (Cognizant) / President (TriZetto). Responsible for all cybersecurity, risk, and compliance for the world's largest healthcare claims management company. Selected to lead due diligence and acquisition integration of TriZetto — finalized targets, evaluated methodologies, assessed infrastructure, and participated in negotiations over 120 days. The company acquired TriZetto for $2B; subsequently appointed CISO of TriZetto to complete $24M in modernizations.
Reported to the CISO. Led all operational management for IT governance, risk, and compliance. Led the Global Security Operations Team — Security Operations Center, Threat Hunting, and Incident Detection and Response — responsible for all Cognizant internal and customer cybersecurity investigations.
Reported to the President, EVP of Services, and the Risk Team of the BoD. Managed a team of 180 and was responsible for the managed services and staff of all 24 global data centers, including compliance/security controls, security operations, incident response, and physical security.
Oversaw the security operations center, network operations center, global consulting services, and IP telephony organization.
Developed monitoring and management tools establishing operational procedures within customer environments.
High-impact initiatives spanning cloud, AI, M&A, compliance, fraud, and security transformation — with measurable results at every turn.
Built repeatable cloud security consulting offerings — baseline controls, custom architecture, incident response, forensic investigations, GenAI governance, and threat/continuity management. Grew the team from 14 to 120 consultants and revenue from $9M to $58M in three years, fueling 644% practice growth and developing 24 fully packaged customer solutions.
Championed a security awareness overhaul: bite-sized training cadences, a centralized security metrics dashboard, a leaderboard for friendly competition, and a Security Champion program. Improved employee compliance from 55% to 96% and reduced incidents from 5/month to 1.2/month. Now on track for adoption across all of AWS.
Established a need to secure GenAI workloads across the AWS customer base. Within 180 days, surveyed consultants, identified differentiated threats, established incorporation protections, and developed call decks/field enablement training. Deployed to 4 enterprise customers with 300% projected annual growth, ensuring protection of LLM/data.
Engaged by a financial services customer to rebuild their IT risk management program ahead of cloud migration. Leveraged NIST frameworks to develop data/application classification models, impact assessments, and automated controls — accelerating migrations by 85% and improving risk-based decision visibility by 45%.
Led cybersecurity and IT due diligence over 120 days for the TriZetto acquisition. Post-close, appointed CISO of TriZetto to complete $24M in modernizations — improving annual recurring revenue by $2B and expanding the customer base by 10%.
Established security controls for a newly acquired AI booking technology. Integrated on-prem, third-party, and cloud systems ahead of schedule. Result: 40% reduction in agent costs and customer booking time reduced from 60 minutes to ~10 minutes.
Identified a growing trend of travel fraud and cybersecurity anomalies. Constructed a specialized team of cybersecurity investigators. Worked with authorities in North America, Europe, and Africa to identify 32 bad actors and partner on their capture. Reduced travel fraud by 75%. The program has since expanded to hotel chains and major airlines.
Led development of an AI/ML travel management application for itinerary proposals and traveler safety — including threat modeling, CI/CD pipeline security, automated vulnerability management, and geopolitical data integration. Now the primary platform for European business travelers.
Post-divestiture from American Express, led full PCI compliance from scratch. Proposed and won ELT/Board approval for remediation strategy. Redesigned 120 applications in 12 months, delivering PCI ROC to customers and avoiding additional expenditures.
The FBI contacted the company regarding an employee's illegal activities. Led a forensic evaluation for illicit data on corporate systems and analyzed network traffic to identify additional actors — without allowing non-employees access to corporate resources. All evidence was proved admissible in court. The FBI convicted the individual and three co-conspirators.
Built a shared four-customer platform for drug trial data management with full FDA CFR 21 Part 11 compliance. Negotiated a common set of GxP controls for technology/data management across the consortium, which has since grown to seven active members.
Built a 280-person global security team across 24 data centers. Developed ITIL-compliant services including a fully outsourced security offering with preventive maintenance, monitoring/response, and incident remediation. Achieved industry-leading metrics: MTTD of 3 minutes and Mean Time to Remediate of 1.5 hours.
Deep, hands-on experience across the full regulatory and technology landscape.
HIPAA · HITECH · HITRUST
GDPR · CCPA
PCI DSS Compliance
ISO 2700x Certification
NIST 800-53 · NIST 800-66 · NIST CSF
SSAE 18 · SOC 1 & SOC 2
EU AI Act
FedRAMP · FISMA · CUI
FFIEC
Certified Information Systems Security Professional
Since Nov 2002 · #39158Certified Internetwork Expert
Since Oct 2000AWS Certified AI Practitioner
Jul 2025–Jul 2028AWS Certified Security, Specialty
2025AWS Certified Solutions Architect, Associate
2025AWS Cloud Practitioner
Sep 2019Certified Security Professional
2005Certified Network Professional
1999Payment Card Industry Professional
Oct 2018 · #1004-956InfoSec Professional
2000 · NSA CertifiedNational Security Systems
NSA CertifiedAvailable for advisory work, board positions, speaking engagements, and executive collaboration across cybersecurity, cloud, AI governance, and IT transformation.