On sabbatical: Investing in growth, exploration, and fresh perspectives.

Responsible for a global team of 90+, all aspects of Security, including Product and Infrastructure Security, Security Engineering and Operations, Risk Management, Regulatory Compliance, and Privacy.Cisco Security Business Group is the world's largest security company covering cloud and on-prem zero trust, SASE, and XDR solutions. Cisco Secure solutions include Cisco Umbrella, Cisco Secure Access by Duo, Cisco Cloudlock.

SignalFx was acquired by Splunk.https://techcrunch.com/2019/08/21/splunk-acquires-cloud-monitoring-service-signalfx-for-1-05b/

SignalFx is a SaaS Real-Time Cloud Monitoring for Infrastructure, Microservices, Applications. SignalFx is hosted in AWS and it leverages microservices architecture, DevOps Continuous Deployment / Continuous Integration model.Responsible for all aspects of Security including Product and Infrastructure Security, Security Engineering and Operations, Risk Management, Regulatory Compliance and Privacy.Key Accomplishments• Built an innovative Security & Compliance program with the objective of protecting SignalFx’s key assets and gaining customers’ trust• Hired and managed a global team of security engineers and compliance professionals• Unblocked strategic enterprise deals by positioning security as a core tenet of SignalFxLeadership / Partnering• Developed and implemented Information Security vision and strategy that is aligned to organizational priorities and enables and facilitates the organization's business objectives, and ensure senior stakeholder buy-in and mandate• Established effective partnerships with the other members of the leadership team in connection with the implementation and maintenance of strategic security initiatives• Established and nurtured connections with peers at large enterprise companies and start upsRisk Management / Technical Expertise• Developed, implemented and monitor a strategic, comprehensive Information Security program in DevOps model• Report to the Board on the efficacy of SignalFx security program• Implemented key elements of the secure software development lifecycle (design security reviews, quarterly penetration testing, bug bounty program, vulnerability management with aggressive remediation SLA)• Implemented continuous security monitoring for AWSSales and Partner Support• Build trust and influence conservative companies to move their workloads from on prem solutions to SignalFx• Defined and prioritized a set of product security features unblocking enterprise dealsCompliance (SOC2, GDPR)

Member of Databricks leadership team. Responsible for developing and implementing security and compliance strategy to protect Databricks assets, establish trust with enterprise and highly regulated customers, and position security as Databricks competitive differentiator.Manage a team of 9 security and compliance professionals responsible for: (i) infrastructure security (AWS, Azure), (ii) application security (iii) security operations (iv) compliance.Leadership:Collaborate with the executive team and create a security program that mitigates security risks without stifling the business.Security program: Develop, implement, and oversee a security program covering infrastructure (AWS, Azure), application, and security operation in a agile environment. Risk management:Collaborate with legal and the leadership team on risk management. Define security risks, business impact, and mitigating measures. Sales enablement: Develop security collaterals supported by compliance reports to expedite sales process. Compliance: Manage compliance program, identify and achieve certifications critical for the business (ISO 27001, ISO 27018, SOC 2 Type 2, HIPAA, PCI, FedRAMP).Product management: Collaborate with product management and customers to define customer facing security features.Product marketing: Collaborate with product marketing team on go to market strategy that positions security as Databricks core value.Management: Hire, manage, and develop a team of security and compliance professionals.

IPO: 2020Responsible for overseeing company-wide security, compliance, privacy and data protection program, sales enablement, and enterprise risk management.Key Accomplishments• Developed Sumo Logic for AWS monitoring and PCI use cases• Obtained certifications that allowed Sumo Logic to enter regulated verticals• Implemented company-wide risk assessment programRoles and Responsibilities• Managed and continuously improved security program based on industry best practices• Developed and implemented compliance program covering SOC 2 Type 2, HIPAA, PCI, ISO 27001, and CSA Star• Managed enterprise vulnerability program including penetration testing, code reviews and periodic scans. Partnered with engineering on remediation of vulnerabilities.• Collaborated with the engineering team to ensure adherence to secure coding practices and change management process• Initiated technical design reviews and product security reviews to ensure product compliance with security best practices and relevant standards• Collaborated with the engineering, customer success, marketing and communication executives in connection with investigation, remediation, and addressing of information security incidents• Defined, tracked, and communicated security and privacy metrics to the Business• Trained the sales engineering team to complete customer security questionnaires and served as a point of escalation for complex customer security and data governance questions• Collaborated with the legal department in review of customers’ information security, data governance and data privacy agreements for commercial contracts• Collaborated with the VP of Product and Strategy on new Sumo Logic applications for security and compliance use cases• Developed and implemented Vendor Management Program including vendor security reviews• Implemented and tested BCP and DR plan• Designed and periodically delivered company-wide information security trainings

IPO: 2012Handled multiple responsibilities across business applications, security, and compliance functions in preparation for the IPO.Key Accomplishments:• Single-handedly built technology SOX compliance program from ground up in preparation for IPO• Created and implemented project management and SDLC methodology that was adopted across all IT functions• Co-wrote and led implementation of security and acceptable use policies and proceduresRoles and Responsibilities• Designed, implemented, and oversaw technology SOX compliance program, provided ongoing controls oversight and education to control owners • Managed IT Steering Committee • Developed and led implementation of critical IT policies, processes, and procedures: SDLC, change management, onboarding/off-boarding, vendor management, software evaluation and purchasing, security training, customer security reviews• Led ongoing controls improvement and automation processes based on industry best practices• Led the assessments for readiness and/or a need for the following certifications: SOC 2 Type 2, HIPAA, ISO 27001, PCI, FedRAMP/NIST800-53

• Scoped, planned and managed SSAE 16, PCI DSS, ISO 27001 IT audits.• Documented and analyzed root causes of audit findings, proposed remediation steps and mitigating controls.• Facilitated communication between the business and IT departments to ensure timely submission of audit deliverables and completion of audits.• Developed formal reports covering audit findings and recommendations and presented them to clients’ IT and operations management.• Prepared SSAE 16 and PCI reports together with testing memos and supporting audit documentation.• Trained, supervised and motivated junior consultants to ensure timely completion of testing and to facilitate their professional growth.• Managed projects economics to ensure timely completion of fieldwork and to identify ways to streamline the audit process.• Successfully participated in business development resulting in obtaining new clients.Key Clients at BrightLine CPAs: Informatica, Xactly, Abacus, Mozy

PricewaterhouseCoopers, LLP, San Francisco, California, 07/2007 – 09/2010Associate promoted to Senior Associate – Risk Assurance Services• Planned and executed risk-based integrated audits (IT and financial) in accordance with Generally Accepted Auditing Standards.• Managed a team of three to five auditors; provided supervision and coaching to junior auditors and reviewed their work to ensure high quality.• Worked closely with clients' business and IT personnel in identifying internal controls over business, financial, and IT processes; evaluated design and operational effectiveness of the controls.• Managed economics of two or three projects simultaneously to ensure timely completion.• Prepared clear, concise and timely reports on significant findings and related recommendations and presented them to clients’ executives.• Major clients included Franklin Templeton, Bank of the West, UC Medical Center, URS, Bechtel.

Developed financial models