Dana M. Email & Phone Number

Redmond, WA, US

• Deliver on-demand cybersecurity leadership with CISO as a service in the high tech, financial services, healthcare, entertainment and IoT industries.
• High Growth Construction Lending Company – Championed use of efficiently authored policy and standards to achieve SOC2 Type II results. Advised CEO and leadership team regarding balancing risk appetite and innovation.
• Stealth Mode GRC Company – Authored cybersecurity, privacy and risk playbooks for SOC2 ISO27001, CCPA and GDPR initiatives. Led concierge services team focused on FinTech startups. Guided C-level customers to build.
• National Insurance Company – Led team to implement greenfield enterprise HIPAA and PCI AWS tenants.

New York, NY, US

New York, NY, US

New York, NY, US

New York, NY, US

• Accountable for and established global Cybersecurity and Risk Programs. Establish and manage annual operating budget, implement roadmap to achieve SOC2, ensure customers’ multi-million-dollar trade data and federal.
• Built and led team to provide security and risk guidance.
• Shaped cybersecurity program, security architecture and hired a multidisciplinary team for sister company.
• Partnered with key stakeholders to influence, establish and deliver security requirements for new product offerings; yielded increase in platform posture; built customer trust and improved sales RFP / RFI response.
• Established and implemented security best practices regarding cloud, application container, development, dev-ops and IT yielding in depth strategies cross all areas of the business.

Redmond, Washington, US

• Thought leader in the privacy and security space for Devices, Analog, Differential Privacy and Microsoft Health platforms. Highlights included GDPR, HoloLens, Windows Holographic, Xbox, Cortana, Microsoft Band.
• Engaged with leadership teams to understand and influence product design and roadmaps; ensured cost effectiveness of privacy and security requirements to design with appropriate lens while incorporating business.
• Influenced leadership teams to increase transparency on data use and collection resulting in measured increase of customer trust by 80%+.
• Drove security and privacy by understanding value propositions and use-case scenarios resulting in lower overhead and increased efficiency in landing product to market.
• Architected systems, end-to-end, ensuring data alignment with company privacy and security policies and standards, ensuring protection of high value targets and reducing attack surface by 90%+.

Redmond, Washington, US

• Championed the use of proven security practices by providing design and implementation consulting to reduce security risk to entertainment business (hardware & manufacturing, software, and service offerings).
• Engaged with feature and cross-divisional security teams at design phase to identify, influence and solve security, privacy and fraud scenarios.
• Drove agile, cross-team security reviews of IEB products and services (App/Console/Online Services/Hardware) to reduce risk for IEB customers and partners.
• Executed and prioritized in-depth security design review and consulting against high value targets to reduce risk for Xbox One console launch.

Redmond, Washington, US

• Drive successful Information Security program across Bing, Microsoft Ads, MSN business verticals at Microsoft.
• Created Security strategy, metrics and tactile direction for the organization. Established Information Security Steering Committee to develop alignment on key topic areas; implemented common vernacular and successful.
• Partnered with Microsoft Security and divisional teams to influence, author and drive consistent SDL Feature Security Review framework resulting in consistency in implementation of controls.

New York, New York, US

• Led Information Security and Risk Management for multi-billion-dollar low latency, high frequency Electronic Trading business and technology in New York, NY, Minnetonka, MN and Mt. Pleasant, SC.
• Architected and deployed Secure Co-location Pods for trading applications to leverage on-site low-latency networks.
• Engaged with development units to provide guidance on secure coding practices; conducted security architecture reviews (ethical hack) prior to production rollout, resulting in reduction of vulnerabilities within.

Ensured bank environment met current federal, bank and other regulatory bodies’ security standards. Established and managed team of multi-disciplined security professionals to provide Vulnerability Assessment program, services and reporting. Authored and implemented successful testing methodology to ensure compliance with GLBA, SOX, BASIL II, SB1386, PCI.

Minneapolis, MN, US