Conrad Smith Email & Phone Number

Palo Alto, CA, US

Los Angeles, CA, US

CISO in residence

Columbia, MD, US

• Develop and execute trust and assurance strategy, including SSAE18 SOC2, FedRAMP, and CSA STAR
• Partner with legal for reviews of non-standard or significant customer contracts
• Initiated Business Continuity Management and Risk Management programs
• Speaker, panelist, and moderator at industry events

Columbia, MD, US

• Transformed the Information Security organization leading up to, and after IPO
• Modernised InfoSec mission and goals to help meet business objectives and to support growth
• Re-aligned InfoSec program to meet challenges of being a modern cloud forward company and a leading security SaaS provider

Columbia, MD, US

Helping to keep organisations secure through great security products and services they can trust.

Mountain View, California, US

Acquired by Google.Built a security program with reasonable risk based practices within a start-up environment that kept our customers' data secure, enabled growth, passed third-party audits, and helped bring Bitium to a successful acquisition.

Sherman Oaks, CA, US

• Develop and drive corporate Information Security strategy
• Build a security program from the ground up that can meet company objectives, obligations to protect borrower information, and address regulatory or industry requirements (e.g., FFIEC, PCI DSS, GLBA)
• Advise on current state of the Information Security Program and related matters
• Act as a champion for information security by consulting across multiple enterprise-wide projects
• Work closely with the CIO and other executives to develop pragmatic approaches to implement and maintain the Information Security Program
• Build a security team and budget for a rapidly developing Information Security program

Boston, Massachusetts, US

Develop product strategy and roadmap for Nexpose through data analysis, and help design the product management process.

GB

• Assessment and design of security, privacy, and compliance programs for Fortune 500 and not-for-profit organizations, including leaders in healthcare, software, media, Internet, and finance
• Security, privacy and compliance program remediation and solutions implementation management
• Subject matter expert and author of whitepapers on the Payment Card Industry Data Security Standard (PCI-DSS), and often called to present to C-Level on compliance issues, strategy, and solutions
• Managed, coached, and trained staff on technical security, compliance, and professional services skills
• Managed large scale multi-vendor security infrastructure implementation, remediation, and compliance projects
• Lead on PCI DSS projects for Level 1 through 4 merchants, including gap assessment, solutions development and implementation management, compliance strategy, sustainability, and GRC integration projects

• Helped to design and deliver successful vulnerability assessment appliance and software products
• Member of Foundstone Labs Research and Development team
• Reviewed business requirements and market conditions through competitive analysis and other means to help shape product development strategy
• Managed vulnerability check development pipelines for the Foundscan product using vulnerability research, competitive analysis, customer feedback, and perceived value
• Researched and wrote Foundstone R&D Security Advisories for publication to Internet
• Monitored new information security threats using public and private sources

Munich, DE

• Conducted external and internal penetration testing of public and private sector complex networks using manual and automated exploitation methods
• Assisted sales team by determining scope, and writing proposals for new engagements
• Assisted in business development of the testing and assessment services
• Client facing project manager for each engagement
• Assessed bespoke Web applications using various manual and automated techniques
• Performed vulnerability assessments using Nessus, ISS, Nmap, and other tools

US

Security consultant with Exodus Security Services performing system hardening, vulnerability assessments, and penetration testing.