Adrian Hoffmann Email and Phone Number

Engineering Manager for Cybercube's Cloud Security Function and DevSecOps Function.• Lead Application Security Team-- SAST and DAST tooling implementation-- Development of secure SDLC processes and coding guidelines-- Integration with CI/CD release pipelines and release processes-- Hiring and management of AppSec FTEs-- Manage procurement and POCs of various tooling• Established and led Cloud Infrastructure Security Function-- Development of secure cloud and hybrid deployment architecture patterns with associated Infrastructure-as-Code templates-- Buildout of custom security microservices-- Manage complex multi-account deployments• Developed Vulnerability Management Program-- Automated scanning, patching, asset lifecycle management and redeployment-- SBOM solution• Created Incident Response Program-- SIEM implementation and management-- Incident response automation and response playbooks-- Policy-As-Code development• Led development of Secure Cloud Baseline-- Development of AWS secure service baseline-- Implementation of various AWS security tooling-- Server, Container and Serverless Hardening-- Kubernetes and network infrastructure hardening • Identified and created reporting on applicable Security Metrics-- Automated metrics collection-- Tactical, Operational and Strategic dashboard development• Improved compliance position -- Leveraged NIST, CIS and OWASP to develop secure baseline, policies, and metrics for all programs-- Manage security compliance for SOC2 and ISO27001 programs-- Support customer security audits• Created Cybercube Security portal for-- Singular, comprehensive repository of security and audit documentation -- Standardized responses to customer and prospective customer questionnaires-- Reduced ongoing security involvement in sales motions-- Improved sales enablement

Technical lead responsible for running Cybercube’s DevSecOps capability and leading the development and implementation of Cybercube's cybersecurity strategyConfiguration Management: Ansible, Packer, Chef InspecInfrastructure as Code: Terraform, CloudformationKubernetes: Helm, K3S, EKS, Gatekeeper Security PoliciesAWS Managed Services: ECS, EC2, WAF, S3, RDS, VPC, Athena, KinesisAWS Security Tooling: KMS, GuardDuty, Inspector, CloudtrailSecurity Tooling: Rapid7, Splunk, Dependency Track, Cyberhaven DLP, ZTNA

Cybercube’s first security hire brought on to build the DevSecOps capability and Cloud Security function from the ground up. This included setting its strategy, establishing the brand of the function, designing a resourcing model, hiring and managing employees, and identifying metrics for and building reporting on its success.

Cyber security consultant with an emphasis in DevSecOps. Have worked with numerous companies in the Manufacturing, Utilities, Healthcare and Technology sectors to:• Architect and build secure cloud-centric CI/CD pipelines which use: -- security-specific unit, functional, performance and integration tests -- infrastructure-as-code and compliance-as-code -- SAST and DAST solutions -- container-level and os-level vulnerability scanning -- Linux and Windows based resources• Design and build vulnerability management and patch programs• Develop security remediation and response automation solutions• Conduct well-architected cloud assessments• Develop various product-specific risk assessment methodologies• Support pre-sales and sales work as a SME• Manage target operating model and governance framework development efforts• Lead development of product and capabilities offerings

Security Intelligence and Operations Consultant with an emphasis in Cyber Threat Intelligence (CTI) in the financial sector. Have led CTI and Business Intelligence engagements with Fortune Global 500 companies where I hold a strategy consulting role to:• Assess and develop enterprise-wide security strategy• Lead product/service design, development and implementation• Refine business process and enable subsequent process automation• Manage organizational design efforts• Develop maturity frameworks and drive resulting maturity based strategy design• Lead business metrics design and implementation• Support bid and proposal efforts along with other pre-sales activities

Security Intelligence and Operations Consultant- Help client IT and business executives understand key security intelligences and operations issues, risks, exposures, and vulnerabilities - Provide consulting services to understand the clients Security Intelligence and Operations Security Requirements - Apply security principles, counter-threat intelligence, and knowledge of security intelligence and operations, to define business drivers and develop associated security strategy, programs, plans, and recommendations