CISO in residence

• Develop and execute trust and assurance strategy, including SSAE18 SOC2 , FedRAMP, and CSA STAR• Partner with legal for reviews of non-standard or significant customer contracts• Initiated Business Continuity Management and Risk Management programs• Speaker, panelist, and moderator at industry events

• Transformed the Information Security organization leading up to, and after IPO• Modernised InfoSec mission and goals to help meet business objectives and to support growth• Re-aligned InfoSec program to meet challenges of being a modern cloud forward company and a leading security SaaS provider

Helping to keep organisations secure through great security products and services they can trust.

Acquired by Google.Built a security program with reasonable risk based practices within a start-up environment that kept our customers' data secure, enabled growth, passed third-party audits, and helped bring Bitium to a successful acquisition.

• Develop and drive corporate Information Security strategy• Build a security program from the ground up that can meet company objectives, obligations to protect borrower information, and address regulatory or industry requirements (e.g., FFIEC, PCI DSS, GLBA)• Advise on current state of the Information Security Program and related matters• Act as a champion for information security by consulting across multiple enterprise-wide projects• Work closely with the CIO and other executives to develop pragmatic approaches to implement and maintain the Information Security Program• Build a security team and budget for a rapidly developing Information Security program• Participate in Enterprise Risk Management committee, and oversee IT Change Management• Help develop approach to implement IT General Controls that will support moving to a public company

Develop product strategy and roadmap for Nexpose through data analysis, and help design the product management process.

• Assessment and design of security, privacy, and compliance programs for Fortune 500 and not-for-profit organizations, including leaders in healthcare, software, media, Internet, and finance• Security, privacy and compliance program remediation and solutions implementation management• Subject matter expert and author of whitepapers on the Payment Card Industry Data Security Standard (PCI-DSS), and often called to present to C-Level on compliance issues, strategy, and solutions • Managed, coached, and trained staff on technical security, compliance, and professional services skills • Managed large scale multi-vendor security infrastructure implementation, remediation, and compliance projects• Lead on PCI DSS projects for Level 1 through 4 merchants, including gap assessment, solutions development and implementation management, compliance strategy, sustainability, and GRC integration projects • Lead on penetration assessments within large and small environments utilizing manual techniques and automated tools, and responsible for recommending tactical and strategic mitigation actions • Lead on IT risk assessment and mitigation projects stemming from emerging and existing threats, and multiple security and privacy controls frameworks and standards including PCI DSS, HIPAA, SOX, FFIEC, and GAPP• Business development through relationship management with existing and potential clients and participation in local and national campaigns and targeted efforts• Responsible for identifying opportunities, scoping potential projects, and drafting proposals to address clients’ needs• Security architecture, wireless network, UNIX and Windows server, Oracle database, firewall, and network device technical security assessments within large and small environments utilizing manual techniques and automated tools• Project management including development and monitoring of financial and staffing plans, risk management, and billing

• Helped to design and deliver successful vulnerability assessment appliance and software products• Member of Foundstone Labs Research and Development team• Reviewed business requirements and market conditions through competitive analysis and other means to help shape product development strategy • Managed vulnerability check development pipelines for the Foundscan product using vulnerability research, competitive analysis, customer feedback, and perceived value• Researched and wrote Foundstone R&D Security Advisories for publication to Internet• Monitored new information security threats using public and private sources • Responsible for daily publication of Threat Intelligence alerts, containing analysis of latest security threats and software vulnerabilities for Foundscan• Researcher, author, and editor for all vulnerability check documentation• Project Manager for Windows Host Assessment Module project• Consulted on other internal research projects as required

• Conducted external and internal penetration testing of public and private sector complex networks using manual and automated exploitation methods• Assisted sales team by determining scope, and writing proposals for new engagements • Assisted in business development of the testing and assessment services• Client facing project manager for each engagement• Assessed bespoke Web applications using various manual and automated techniques• Performed vulnerability assessments using Nessus, ISS, Nmap, and other tools• Reviewed security of network architecture and supporting infrastructure • Wrote comprehensive reports documenting findings and recommendations focusing on business impact and technical thoroughness• Performed Security Policy assessment including NT/UNIX server builds and Checkpoint firewalls

Security consultant with Exodus Security Services performing system hardening, vulnerability assessments, and penetration testing.