Secure Natera, our business, and patients data. Lead Natera cybersecurity strategy, program, GRC, data protection, infra/cloud security, security operations, incident response, product security, and privacy engineering.

Managed product security program and strategy of a $30B eCommerce public company to protect the global portfolio of customer and business facing applications. Managed Security Architecture, Appsec/Secure CI/CD, and Security Engineering functions. Built Coupang Product Security Program from scratch. Supported company’s IPO.

Managed the Product Security Program and strategy at Palo Alto Networks. Managed Security Architecture, Appsec/Secure CI/CD, and Security Engineering functions. Built PAN Appsec secure CI/CD program from scratch, including strategy, communication, operation design, team building & hiring, engineering, service envisioning, vendor management, pipelines enrollments, and executive dashboard automation.

Lead VISA Appsec and Cloud Security. Large scale security solutions from blue print to production. Leadership, team building, security program management, enterprise security standards, vendor solution management, working with auditors, risk and complianceLead VISA AppSec Automation, Jan 2017 - May 2020 Leading core initiatives to automate app sec stack from design, SAST, IAST, and Open Source Scan with CI/CD integration end to end and enrolled hundreds of applications. Built vulnerability threat intelligence that integrate assets, data, vulnerability, compensation controls into real-time dashboard.Lead VISA Cloud Security Program, September 2013 - PresentBusiness owner of this strategic initiative and enabled a full stack cloud security infrastructure integrating IAM, IDaaS, CASB, Encryption, API security, SIEM, and network, from ground zero to production services and application enrollment.Lead VISA Data Protection Program Enterprise Encryption Services, July 2013 - Feb 2017Established encryption services and data access control infrastructure from scratch. Enrolled hundreds of critical applications on various OS, DB, and cloud platforms. A global effort covered >95% VISA sensitive data. RSA Conference, “Build Intelligent Vulnerability Scoring to Optimize Security Residual Risks”, San Francisco, March 2019RSA Conference, "Efficacy of Layered Application Security from Hacker's Lens", San Francisco, April, 2018Key Note at AI Summit, "Build AI for Next Gen Security", San Francisco, Sept 2017Invited talk at San Francisco CISO Summit, "Data Centric Security", Sep 2017Invited panel at AI Summit, “What is AI doing for business today?", San Francisco, Sept 2016Invited talk at Cloud Identity Summit, "Big Picture on Cloud IAM for Enterprise Security", New Orleans, June 2016Multiple patentsProgram Committee Member for IEEE International Conference on Communications, Track Chair for Authentication, Encryption, and Firewalls, Ottawa, Canada, June 2012

Enterprise Data Encryption and Protection, Cloud Security, Cloud Data Encryption and Tokenization, Key Management, Web Application/Service Security, Database Security, Threat Modeling, Payment System Security, Security SWAT, Network Security, PCI DSS, IAM, HSM, SDLC

A successful IoT security company acquired by Palo Alto Networks (NYSE: PANW) in September 2019

Business & technical strategy advisory.

VPN for the Cloud, IKE, IPSec, VPN, Cryptography, FIPS, Common Criteria, Cavium Hardware Crypto engine, Scaling, Licensing, as well as Secure Coding Practice, Static Analysis, Stack Overflow, Format String, Fortify, Coverity, Klocwork, etc.MARSBU Innovation Award, August 2010CISSP certified, May 2011Editorial Board member for the Network and Communication Technologies Journal (Canada), ISSN 1927-064XCisco Emergence Response Team (ERT) MemberCRP and AED certified, March, 2012

PhD Dissertation: Software Security Economics and Threat Modeling Based on Attack Path AnalysisAdvisor: Prof. Barry W. BoehmOutstanding Teaching Assistant Award, Computer Science Department (2002)Designed an effective threat modeling method (T-MAP) to quickly prioritize security vulnerabilities; innovated an effective method to scientifically estimate security ROI; validated the method with experienced security professionals; published findings on top research conferences such as ICSE; developed a software tool to automate the analysis; This research was supported by the US National Science Foundation (NSF).Expert knowledge on Secure Software Development Lifecycle (SSDL) management, Common Criteria (CC), FIPS, and UML.Program Committee Member for the CERT Software Application Security (CSAS) mini-track and the Cyber Threats, Emerging Risks, and Systemic Concerns (CTERSC) mini-track at the 41st Hawaii International Conference on System Sciences (HCISS), Big Island, HI, January 2008Program Committee Member for the MeReP: Workshop on Measuring Requirements for Project and Product Success, Palma de Mallorca, Spain, 2007-2008

Designed end-user open box experience for the user authentication scenario for a Microsoft Small Business Server project, leveraging the Active Directory, Licensing, and Sharepoint technology.