CISO-as-a-service, Application Security, Security Architecture, Penetration Testing & Security Assessment

DDN is focused exclusively on developing boardroom capability in digital and cybersecurity risk oversight. Our goal is to advance boardroom oversight of systemic risk in complex digital business systems to shape and secure the digital future.

• Established first-ever Company-wide Security Architecture function to guide the Company through IPO• Developed, staffed, and oversaw world-class third-party cybersecurity supply chain risk assessment procedures• Created and implemented M&A technology assessment strategy• Planned, staffed, and trained Company Red Team with tailored training program• Managed $12M information security budget and capability selection• Oversaw SOX and FFIEC regulatory assessments and audit initiatives• Coordinated development and approval of company security and technology policies• Advised executive company leadership on business technology strategy and policy governance processes

• Conducted in-depth vulnerability analysis of networks, systems, and applications to inform executive-level risk calculation and decision-making processes.• Partnered with internal Purple Team to identify, prioritize, and remediate vulnerabilities.• Authored rules of engagement to stand up vulnerability research team operations and processes.• Managed development and output of team service/product lines to streamline vulnerability research offerings tocustomers.• Revamped internal processes for vulnerability scanning, remediation tasking and tracking, and drove organizationalmethods towards Agile processes.• Coordinated large scale vulnerability identification and penetration testing processes across multiple security teamsand organizational functions.

• Advised and drove enterprise-wide decisions for cyber security tools and techniques as a UNIX Expert• Trained groups of offensive security engineers on cutting-edge tools and methodologies.• Maintained and expanded knowledge of best practices in Advanced Persistent Threat (APT) TTPs.• Developed, tested, and integrated tools and techniques at the cutting-edge of offensive exploitation.• Analyzed, tracked, and triaged various malware campaigns.• Oversaw integration of automated exploitation technologies and large-scale device management.