LogMeIn has a portfolio of more than 10 products across the Identity, Communications & Collaboration, and Remote Solutions markets.I own the relationship between our core Information Security team and the Identity business unit. My focus is on helping our product engineering teams develop secure products.• Partnering with Product and Engineering leaders to identify and prioritize security objectives and support engineering teams to achieve those objectives.• Designing and managing a security development lifecycle to serve all of LogMeIn's 10+ distinct products. The SDL emphasizes threat modeling and secure design reviews.• Maintaining LogMeIn's Security Champion program, satellite groups within each engineering team made up of developers that are enthusiastic about security and privacy.• Driving Information Privacy initiatives and maturing information privacy practices across the organization.• Evaluating and implementing security tooling and helping to integrating scanning tools into CI pipelines• Supporting the Sales organization by joining conversations with prospects to help answer questions about product security architecture and SDL practices• Engaging with third party firms to provide independent assessments of our products, including BSIMM assessments of our software security practices and focused technical security assessments of new and strategic product features.

• Designed a new Product Security function, embedding security with developer teams and focusing on secure development lifecycle and application security.• Created a Security Advocate program, scaling security throughout the Engineering organization via a team of representative developers and quality engineers. • Coordinated implementation of static code analysis testing. • Created security training program for developers, designing a curriculum using online learning courses and selected readings.

• Conducted application design reviews, working closely with engineering teams to identify security risks and suggest appropriate solutions/countermeasures. • Performed application security assessments, testing web applications for security vulnerabilities both manually and with automated scanners. • Led response to security incidents of all types and severity. Responsible for identifying root cause and coordinating with engineering and operations teams immediate and long term response. • Designed and developed dashboards and alerts for security monitoring. Responsible for analysis of dashboards and alerts and triaging/investigating any issues.• Implemented enterprise GRC tooling to further automate common compliance activities.

• Initially a two person team, helped build the Operations Security function. Led implementation of several security and monitoring tools and was responsible for administering, troubleshooting and analysis of several others. Including VPN, IPS, Two Factor Auth, Key Management, Web Application Firewall, File Integrity Monitoring, Network and Application scanners, Log Management and GRC tools.• Created and led compliance programs for PCI DSS and SOX ITGC. Prepared the organization the organization for its first onsite PCI audit, leading gap assessment and remediation efforts. Formalized SOX ITGC compliance activities within the Operations organization, automating and streamlining processes where possible. Also led compliance efforts for EU Safe Harbor and MA 201 CMR 17. • Designed and implemented authentication solution for internal service APIs as our applications moved from a monolithic architecture to a service oriented architecture.

• Performed a web application security assessments. Responsible for manual testing and automated security scans of applications. • Developed an information security risk assessment framework for a financial services client. The framework was created from relevant internal and industry standards and allowed the client to perform assessments more efficiently based on a single comprehensive control set. • Led national Windows Security Core Team, responsible for leading a team of over a dozen colleagues in offices throughout the country in creating and updating PwC’s Windows security standards.• Performed a gap analysis based on system access control guidelines of all payment systems for a large financial services client, identifying critical compliance gaps allowing unauthorized access. • Led successful implementations of data center configuration and compliance software, BladeLogic, for Fortune 500 companies in the Financial Services, IT Services and Defense industries. Responsible for system architecture and implementation. Resulted in centralized server management process and a reduction in man hours needed to maintain and provision servers. • Responded to a major data breach at a financial services client, performing a risk assessment of the information technology program, reviewing and updating the server monitoring process, and assisting with remediation efforts to meet PCI compliance.• Performed a risk assessment of all in scope products and developed a program office to help a Fortune 100 retail bank meet Identity Theft Red Flags regulation requirements.• Developer for a release of PwC’s FAST Audit web application, an online and centralized resource of information related to the funds that PwC audits.