I led the organization consisting of the consumer product engineering, cyber security, corporate IT, and platform Dev-Ops teams for the leading direct to consumer genetic testing service. I led the engineering team in developing 23andMe’s new genetics-based, preventive care, telehealth service (Total Health). Additionally, I directed the engineering teams in creating 23andMe’s new subscription offering, and whole Exome Testing service. In unison with General Counsel, I managed security incident and active threat responses, including coordination across security, engineering, product, legal, communications, customer care, law enforcement, insurers and other external stakeholders. I was responsible for the technical due diligence for the 23andMe acquisition of the Lemonaid Health and the integration of engineering and technical operational teams. I directed the engineering efforts to combine and standardize the unique tech stack to the 23andMe consumer offerings. I defined 23andMe’s security and privacy compliance posture for the company’s 14M+ customers through the development of security controls and processes. The security program was highly inspected through ISO 27001 / 27018 / 27701 audit and Sarbanes-Oxley (SOX) compliance.23andMe is a leading consumer genetics and research company. Founded in 2006, our mission is to help people access, understand, and benefit from the human genome. We want to disrupt the healthcare experience by building a personalized health and wellness experience that caters uniquely to the individual by harnessing the power of their DNA. 23andMe pioneered direct access to genetic information as the only company with multiple FDA clearances for genetic health reports.

I was responsible for platform and corporate security, corporate IT, as well as delivery of the platform managed service delivery for the leading Crowdsourced Security Platform. Directed security compliance efforts to ensure Bugcrowd was the first Crowdsourced Security platform to achieve ISO 27001, SOC 2 Type II, and GDPR compliance. For Bugcrowd’s Next Generation Penetration Testing product, I directed product management, service delivery design, product marketing strategy and collateral, and revenue attainment approach.Bugcrowd has built the leading Crowdsourced Security Platform. Most organizations lack the resources and diversified skills to find hidden vulnerabilities before attackers do. Unfortunately, using reactive tools alone leads to noisy, low-impact results that miss emerging risks. Even sophisticated companies can misjudge the creativity, patience, and diverse skills of today’s attackers. Crowdsourcing emerged to address the security industry skills gap—and the imbalance between attackers and defenders—by incentivizing ethical hackers to report critical bugs. Yet many firms struggle to integrate crowdsourcing into their security strategy in a trusted, efficient way; purpose-built tools are too limited, and consulting-based approaches fail to scale. Bugcrowd has re-envisioned crowdsourced security with a SaaS platform that activates skilled, trusted hackers for your needs on demand, with all operational details fully managed for you at any scale.

I led all aspects of operational, digital, and physical security for Okta, the leading Identity as a Service (IDaaS) provider. I built the firm’s security team from scratch to a team of almost 20 and a $4M yearly budgeted program; included an elite attack and penetration test team, security compliance, and security operations and architecture teams. I orchestrated the development and implementation of incident response, patch management, vulnerability management, and security development lifecycle programs within engineering department. I directed all security control and compliance efforts across SOC 2 Type II, ISO 27001, CSA STAR, HIPAA, EU Privacy, and FedRAMP initiatives.Okta is an enterprise grade identity management service, built from the ground up in the cloud and delivered with an unwavering focus on customer success. With Okta, IT can manage access across any application, person or device. Whether the people are employees, partners or customers or the applications are in the cloud, on-premises or on a mobile device, Okta helps IT become more secure, make people more productive, and maintain compliance.The Okta service provides directory services, single sign-on, strong authentication, provisioning, workflow, and built in reporting. It runs in the cloud on a secure, reliable, extensively audited platform and integrates deeply with on premises applications, directories, and identity management systems.

IOActive is the leading boutique security services firm offering comprehensive computer security services with specializations in industrial control systems and smart grid technologies, application security, software assurance, and compliance. I managed the technical staff of IOActive as well as worked directly with a majority of Global 500 company clientele that include power and utility, game, hardware, retail, financial, media, travel, aerospace, healthcare, high-tech, social networking, and software development organizations.

Reporting to the CEO, I was responsible for product development of a boutique, Seattle-based firm that provides industry case management software for enterprise security investigations and incident response management. As part of a team of five that restarted the B-round startup Vantos, Inc., I helped direct the repositioning of product development, product messaging, and business development. Additionally, I developed and managed product requirements for Vantos’ V-Flex application that helped drive investigation and incident response best practices for customers such as the FBI, EBay, Qualcomm, Genentech, and Cisco.

Reporting to the CSO, I was responsible for overall network security services and security architecture for the company’s on-demand collaborative business applications. I directed all corporate investigations requiring confidential, cross-functional management of legal, HR, IT, and network operations teams. I managed a specialized security operations team that achieved WebEx' Authority to Operate on the DoD classified SIPRNet network. I guided product management and engineering teams around security feature implementation, such as providing architectural review of end-to-end encryption, client-side SDK DLL authentication, and WebEx AIM Pro Enterprise Chat client.

Reporting to the Operations Director, I was responsible for helping create and manage the 7x24x356 network operations center, managing a core capability of allowing secure and managed network and server provisioning, configuration management, and monitoring.

I was responsible for design, analysis and programming of complex computer models to help in research and flight simulations. I developed code to automate computational fluid dynamics computations for aircraft computer models. I also focused on developing code to manipulate and process large flight research datasets. I applied dataset modeling software automation methodologies over highly vectorized, UNICOS-based and massively parallelized, Irix-based supercomputing platforms. I completed research that pioneered the first basic computational investigation of a 3-D, high-lift wing configuration for boundary condition effects and algorithm characteristics using code-to-code and computation-to-wind tunnel experiment comparisons.