Advisor to the board.

Reporting to the CISO, led a global 40+ kick-ass product security team (Enterprise Vulnerability Management, AppSec, Pentest, Software and Data Engineering) responsible for securing over 400 applications and empowering over 4000 engineers. Successfully drove product security maturity and implemented innovative security initiatives, including:- Strategic Planning: Developed a 3-year roadmap aligned with NIST CSF and CMMI standards to enhance product security and succesfully met defined targets.- Leadership Development: Nurtured and empowered a team of talented security leaders to drive results.- Vulnerability Management: Comprehensive vulnerability management program, covering 140K+ assets across on-prem and 4 cloud environments.- Security Posture Assessment: Oversaw development of comprehensive security assessment platform for product leaders to track progress, prioritize investments, and access security services.- Security Champions Program: Drove program with the ambitious goal of having a security advocate in over 800 teams. Fell short, but learned a lot.- Secure Development Training: Delivered engaging, hands-on security training to over 4000 engineers, driving wide adoption.- Security toolchain development and optimization: Worked on secure paved roads to embed S-SDLC activities in-band of engineering work.- Penetration Testing: Revamped the pentesting process to improve efficiency, precision, and adherence to financial targets.- Managed Vulnerability Disclosure Program (VDP) and time-boxed bug bounties.- Worked on CISA self-attestations, leveraging OWASP SAMM and NIST SSDF.

Contributed to the DefectDojo open-source vulnerability management tool for 3 years. Developed features, reviewed code, improved CI integration, provided community support, and contributed to governance. Recognized for my contributions to the Hall of Fame: https://github.com/defectDojo/django-DefectDojo/#hall-of-fame

Multi-faceted and transverse role heading security engineering within a critical software vertical, with the most popular open-source CI/CD engine (Jenkins) as well as for all CloudBees self-managed and commercial SaaS products.- Team Leadership: Led the Jenkins Security and Product Security teams to deliver outsized results.- Security Champions Program: Empowered engineers across product teams to become security advocates and drive a culture of security.- Cloud Security: Collaborated with operations teams to ensure robust cloud security posture on AWS and GCP.- DevSecOps: Strengthened the Security Development Lifecycle (SDL) through tailored processes and the use of the SAMM maturity model.- Risk Management and security by design: Adapting pragmatic risk assessment/threat modeling as well as risk acceptance to Product Teams workflows.- Vulnerability Management: Developed centralized, automated processes for ingesting and processing security vulnerability scans to improve visibility and enable proactive response using DefectDojo.- Incident Response: Established and led the PSIRT to effectively manage security incidents.- Security Training: Provided hands-on secure development training to foster a culture of continuous learning.- Security Program Management: Overseen security programs, bug bounties, and penetration testing initiatives.- Compliance: Managed SOC2 Type 2 compliance for SaaS products.- Product Security Integration: Collaborated with product management to ensure security was a top priority in product development.Technical Expertise:- CI/CD Tools: Deep understanding of Jenkins and other CI/CD technologies.- Infrastructure as Code: Proficiency in Terraform and cloud infrastructure management.- DevOps Tools: Experience with Kubernetes, Helm, Git, Python, and shell scripting.- Cloud Platforms: Expertise in AWS and GCP.

Digital - Systems and Data Security, insufflating Sec in DevOps.- Bringing security throughout the SDLC- AWS security- Risk Management and assessment with engineering in mind- Compliance as code- Secrets management

Leading the global infrastructure & delivery engineering and operations, working with our Managed Security Services architecture and analysts teams, as well as software engineering teams.All carried out by one solid team of top engineers and supporting upper management, and continuing from previous role:* Recognized internal transformational leader, seeding and spreading cultural change across the organization and legacy product units of mother company.* Define and drive vision and implementation of the DevSecOps track, to secure KS infrastructure (VMware, AWS, Openstack) and our integration pipelines starting with people awareness, best infra-as-code practices (i.e. openscap integration to puppet/foreman) to specialized tooling such as JFrog Xray, Hashicorp Vault, Cilium, netflix security monkey and more.* DR on-demand mixing hybrid technologies and use of pipelines for best RTO/RPO at lowest costs.* Involved in the solutions development of our security portoflio, including Managed Security Services.* Keep hands dirty in most bleeding-edge cloud-native stacks to remain a trusted advisor to the engineering teams.* Part of the ISO 27001 [re]certification effort.* Manage the budget in relation with global I&O activities* Manage talents and working with HR to help further identify potentials, identify better ways to train employees and share knowledge.* Created the DevSecOps meetup in Lausanne, to promote awareness and encourage practice sharing.

* Lead the global Dev[Sec]Ops infra engineering team (12+ people and growing in Switzerland and the USA) focused on providing state of the art infrastructure and delivery engineering for several solutions/development teams across Switzerland, the USA and India.* Increase infrastructure agility applying Kanban and agile principles, through architecture simplification, standardization and automation, while intrinsically promoting security.* Industrialization and automation of infrastructure deployments with puppet/foreman/katello and Jenkins, managing data centers in Switzerland and the USA.* Promoting and implementing infra as code, such as leveraging git and merge requests workflows, implementing in-band processes, and using jenkins to orchestrate delivery and deployments.* Improve collaboration and cross-team practices sharing, e.g. through internal meetups, ad-hoc training and by continually promoting a DevOps mindset.* Implemented global Zabbix monitoring deployment across hybrid platforms, creating and managing custom templates through git workflows.* Implemented Graylog as a central logging infrastructure, along with DMZ Kafka clusters to allow for semi-trusted log sources, as well as leveraging the alerts mechanism for java applications. Used to enhance ability of engineering teams to preempt problems, regular ops needs, or post-mortem analysis.* Promoted docker to first-class citizen, along with Kubernetes.Keywords used: DevOps, DevSecOps, agile, Infrastructure as code, Ansible, Puppet, Katello, Jenkins, SonarQube, git, Mattermost, Artifactory, Elasticsearch, graylog, nginx, scrum master, kanban, Cumulus linux, network, Linux, openstack, docker, kubernetes, kafka, zookeeper.

- Solution architecture and pre-sales activities- Log analytics / SIEM

Gottex Brokers is a leading interbank and institutional broker.Gottex Brokers has offices in Switzerland, Sweden and New York.Manage the R&D and infrastructure teams to:- Lead the IT transformation to embrace new regulatory changes impacting Gottex Brokers' industry (I.e., full revamp of HA infrastructure/network and move to a data center, network MPLS cloud, virtualization, Unified Communications)- Meet increasing demands of the business for rapid solution deployment through increased cross-departmental integration and communication (I.e., shared CI responsibilities, new environments)- Increased IT operations effectiveness through solid deployment, best practices, automation, monitoring and agility (I.e., Implemented ELK stack for application monitoring, zabbix, use of ansible for configuration management)- Define, boost the efficacy and efficiency of processes across all business units to strive for operational excellence. Implemented new business processes through BPM to also provide for audit trails and easier reporting.- Sustain the technology vision in relation with the business objectives.- Vendors management.- Manage external IT consultants recruiting and supervision.- Manage the budgets.Keywords: IT transformation, data center, network, virtualization, DevOps, Unified Communications, noSQL, middleware, management, project management, business analysis, vendor management, Bonita BPM, operational excellence, operational analytics, reporting, BCP, DRP.

Gottex Brokers Alternative, Gottex Brokers' specialized entity, acts as a leading broker in the secondary market for alternative investments.

MIG Bank was acquired by Swissquote late 2013.Swissquote Group is Switzerland's leading provider of online financial and trading services.- Lead administrator and project manager on Unix, Linux, SAN and databases environments- Lead SRE for Core Banking and back/middle office applications- Lead integration architect between Core Banking applications, corporate enterprise softwares and trading platforms (i.e., automated STP funds payment system, mirroring of FX positions from trading platform in core banking platform)- Expert on Apsys integration.Keywords: Ambit Private Banking (APSYS), MetaTrader, pSeries, AIX, Linux, SAN, capacity planning, data center, Netapp, SMO, Oracle 11g, MySQL, CRM, legal reporting, Talend Data Integration, Forex, CFD, Options, ETL, lean processes, automation, java, shell scripting, DRP.

Catella Bank provides customised wealth management to corporations, institutions and individuals requiring active independent advice and management. Catella also offers other banks complete card programmes under its own Visa and MasterCard licenses. Catella provides all services including clearing for Visa and MasterCard, card branding, billing, risk monitoring and customer services in-house.- Part of the on-call team for credit card systems and databases to maintain our SLA around the clock, 365 days a year, 24h/24.- Core Banking administrator responsible for Apsys and full fledged Stelink/SWIFT infrastructures, BCP and DRP.- Led and implemented data integration projects related to financial flows and processes (FX, SWIFT) (Talend/Kettle, JMS, java development, WIFE)- Integration of Apsys with DMS (Alfresco) via Java API. Deployed Alfresco HA cluster, development of custom models and small developments.- Linux/AIX pSeries/SAN administration- Virtualization (Xen, POWER)- Database admin (Oracle, mysql, postgresql)- Other duties related to infrastructure (Backup, email, monitoring, etc..) and integration of heterogeneous systems.

- Instructor for custom Linux courses, and Novell Linux courses curriculum.- Novell ZenWorks Asset Management, ZenWorks for Desktops and ZenWorks for Linux Management analysis. Enhancements to the ZDM linux initrd image and scripts for fully automating imaging of over 1500 workstations.- Windows to Linux infrastructure migration (AD/Exchange to Debian/openLDAP/samba/Open-Xchange), LDAP schema extension, perl scripts sets to ease migration and administration.- Java development with Tomcat- eDirectory LDAP programming (Java, C#)- Internal telephony migration from proprietary PABX and ISDN, towards Asterisk and VoIP.- Database administration (Oracle in particular)

- Installation, administration of BSD/OS, Linux Debian and Windows/Exchange 2000 servers.- Administration of iptables, apache, tomcat/JK, freeradius, postfix, cyrus, mysql and postgresql.- Implemented fault/availability monitoring solution using Nagios, snmp, snmptt, alerting with emails, SMS and IVR. Work includes custom perl and python scripts.- Implemented trend monitoring for capacity planning using Cacti/RRDtool.- Initiated, implemented and administrated the use of ticketing and knowledge base systems using eGroupware, bug tracking using Mantis, and version control with Subversion.

- Lead several projects impacting quality of company-wide systems (fault/availability), ie, bringing successful payment transactions rates from ~70% to ~99%.- Tivoli administrator (in AIX environment): Distributed Monitoring, TEC, Framework.AIX and RedHat systems administration for day to day maintenance tasks, backups, involving shell and perl scripting for tasks automation + Sendmail/postfix, Apache, iptables, CVS, samba and other services.- Oracle (8i/9i) and MySQL databases administration.- Wrote complex/distributed Perl/CGI programs for system automation and fault/availability/trend monitoring and capacity planning.

Linux and Windows servers administration, Citrix administration and NFuse customization.