attack aware defense using knowledge graphs, AI and search technology

I advise & invest in a select few security startups every year, host De-FUDMe podcast and take on consulting projects that are unique and exciting. # Advisor - www.trustcloud.ai# Advisor - www.operant.ai# Investor & Advisor - www.conductorone.com# Investor - www.stepsecurity.io# Investor - www.conveyor.com# Investor - www.invariantlabs.ai # Investor - www.prophet.security# Investor - www.simbian.ai# Limited Partner - www.synventures.com# vCISO/consultant - www.fridayharbor.ai# Consulting Project - PE firm with 150B AUM# Podcast Host - www.youtube.com/@TheDe-FUDMePodcast

# Built security, privacy, compliance & IT function at Spotnana from ground up supporting company growth from early-revenue to onboarding multiple fortune 100 enterprise customers, channel partners, grew the team from 0-12# Implemented foundational security & productivity technologies to deliver a secure operating architecture and environment for 300+ employees across the world.# Brought commercial attestations & accreditations to Spotnana cloud platform and services (ISO, SOC2 & PCI)# Enabled sales, customer success and legal teams in pre & post sales scenarios relative to product security, privacy and compliance.

# Built security, privacy and compliance function at UiPath from ground up supporting company growth from $30M to $1B in revenue, with an IPO milestone in 2021, growing the team from 0-30# Led engineering & technical program management for product and enterprise security, privacy and compliance at UiPath# Establishing trust with customers, relative to code security posture, management of SaaS cloud infrastructure and safety of customer data.# Brought commercial and federal certification, attestations & accreditations to UiPath cloud products and services (ISO, SOC, HIPAA, HiTrust, CyberEssentials Plus, FedRAMP)# Enabled sales, customer success and legal teams in pre & post sales scenarios relative to product security, privacy and compliance.

# Led a group of 50+ engineers and 10+ TPM building technology to detect ad-spam, bots and ad-fraud using machine learning # Led GDPR efforts for trust & safety operations

As head of security for 2K Games (wholly owned subsidiary of TakeTwo Interactive), responsible for security, privacy and risk management of products and corporate IT infrastructure.# Engineering - Anti-Piracy (PC games), Anti-Cheat and Anti-Fraud (Bots, Account takeovers, Feature abuse)# Security Management - Data Breach Prevention, Detection and Response (Corp IT, Data Center, Cloud), Secure Development Lifecycle Implementation (WebApps, Game Services, Internal LOB) Security Assessment and Advisory for Mergers, Acquisitions & Outsourced development, Third Party/Vendor Security Risk Management

Wore multiple hats over 9+ years# Built a specialist red-team of penetration testers to lead multiple strategic assessments on critical assets and production environments at Microsoft. # Partnered with Microsoft’s Consulting Services to advise CxOs of fortune 100 companies on critical cyber security issues like “business continuity post a data breach”, “best practices for blocking and monitoring adversarial activity on network”, “best practices for defense in depth”, “strategies to protect high value data”, “managing vulnerabilities at scale”, “table top exercises for simulating data breaches’ and so on # Established a formal controls assessment methodology, tied to Microsoft’s Archer eGRC platform which included the development of over 300 technical control procedures and dozens of new security standards # Developed a security solution leveraging Qualys to scan hundreds of 3rd party hosted sites to provide a real time dashboard of vulnerabilities allowing effective remediation and tracking # Adapted industry standards like OWASP top 10 and Microsoft’s boxed product focused SDL to meet the needs and lifecycle of IT line of business applications. Contributed to the design, development and release of Microsoft’s Code Analysis Tool for .NET (CAT.NET). Contributed to application security training and awareness program development and collateral # Conducted an internal review of pain points and dissatisfaction with Microsoft’s threat modeling process and tool with various product groups like Windows, Office, Server and Tools and Interactive entertainment business. Based on the feedback, and industry knowledge, defined a 3-year roadmap for improving the threat modeling process and tool at Microsoft. # Over a period of 18 months, delivered the SDL Threat Modeling tool version 4.0 to internal Microsoft engineering teams (50K+ end users)

# Ernst and Young: Delivered penetration testing and security code reviews services to E&Y customers. Using a variety of tools like Nessus, nmap, Fiddler, Burp Suite, Web Inspect, RATS and other manual techniques, performed black box and white box testing on customer applications. Created technical reports describing findings like cross site scripting (XSS), SQL Injection, Denial of Service, buffer overflows, missing patches, lack of input validation, CSRF, security misconfigurations and weak passwords. # Secure Software: Worked on a cross-platform (Java, C, .NET) static source code analysis solution. Built core knowledge base rules in Python and C for the core static analysis engine and tested the end product for false positives and negatives using a variety of test techniques. The technology was eventually sold to Fortify Software and later acquired by HP # Architecture Technology Corporation: Developed a highly resilient peer to peer object storage system in Java that demonstrated availability of information in the event of a catastrophic failure of nodes in a P2P network. # Master's Project: Built a solution for protecting Microsoft binaries against buffer overflows using reverse engineering techniques and return address defense mechanism. # Master’s project: Built a software based teleconferencing server using open source platforms (Linux and C) and embedded systems programming