VISO TRUST solves the data quality and scalability problems in third party risk management enabling companies to gain complete visibility into their third party populations and take control of their third party risk.We do it through effortless AI-powered due diligence at the speed of business.65% of breaches are due to third party failures yet TPRM processes are still questionnaire-based, labor intensive, and ineffective at reducing risk. While building security teams in house at LendingClub we tried GRC tools, ratings tools and exchanges, realized why they failed, and built something better. We founded VISO TRUST on our learnings as practitioners to solve the problems with third party due diligence and cybersecurity that have existed for 20 years.We know the challenges you’re facing because we’ve been there, and we’d like to help.

Transformational first CISO for the fastest growing and most prominent enterprise AI product and research startup in the world. As CISO at ASAPP I worked with leaders of Fortune 100 telecommunications, banking and commercial aviation customers and established strategic technology direction for the ASAPP product and brand. I established and grew all security and privacy teams and programs and reported on risk, trust and strategic differentiation to the BOD. In addition, I established and grew the Enterprise Engineering team and oversaw all operational technology teams within the company.

The CISO San Francisco Summit Governing Board role is to leverage expertise and shape the content and direction for the CISO events. This group determines key issues that need to be addressed, validates the session proposals that have been developed and helps CDM Media build a more engaging program for all attendees.

Chief Information Security Officer​ [acting] | Jul 2017 – Jan 2018​Senior Director, Information Security ​| Feb 2017 – Jul 2017I leveraged an innovative Information Security strategy to allow the company to re-invent banking for borrowers and investors. I evolved company Information Security and Technology Governance strategies to further company goals and initiatives and to create value for customers and shareholders. I reported on risks and emerging threats to the executive team and the board. I successfully guided the company through numerous security events and avoided several potential crisis. Solved strategic technology problems to enable critical business initiatives and minimize risk.• Responsible for Information Security strategy and road map, program, budget and personnel• Responsible for core team of 24 and extended team of 60• Presented regularly to executive team, board, and large institutional investors• Garnered funding and support for risk-based initiatives• Set tone and message of security company-wide• Used Rationalized Controls Framework to meet NIST, ISO, GLBA, SOX, FFIEC, SOC1/2, and NYDFS requirements• Quantified cyber-risk based on KRI's and KPI's

As the company grew quickly, I built world-class Application Security and Threat Response teams to address an increasing risk profile. I devised a risk-determination algorithm and automated vendor security assessment and reporting. I worked to train and stand up a new Information Security GRC Team. I managed a comprehensive and effective vulnerability management program and ethical hacking program. I enabled migration to Amazon cloud while addressing cyber risk and meeting or exceeding regulatory and banking partner security and compliance requirements. I was responsible for budgeting, staffing and staff development.• Coordinated Incident Response Team Table-top Exercise including Legal, PR, Operations, Forensics, Technology, and C-staff for Board of Directors• Built and evangelized strategy using mutually authenticated TLS w/ mutual certificate pinning and data encryption services using Cloud HSM’s to enable move to the Amazon cloud• Automated static and dynamic analysis comprehensively throughout software development lifecycle• Launched bug bounty and responsible disclosure programs and successfully leveraged crowd-sourced penetration testing• Utilized in-house capture-the-flag event to train 100 software engineers in Application Security• Trained and extended Application Security responsibilities to 25 embedded software engineers

I evaluated, tested, and procured enterprise data encryption infrastructure and lead engineering to implement platform-encryption strategy. I further expanded Secure Systems and Software Development Program to more teams and more engineers to support more than 100% year-over-year growth. I prepared company for SOX compliance and successful IPO. I coordinated the response to high-profile vulnerabilities and coordinated rapid remediation of Heartbleed, Shellshock, Poodle, and Poodle 2. I stood-up Vendor / Partner Security Risk Management Program. I lead team to complete dozens of complex security architecture reviews of new products, integrations, and lines of business.• Drafted, managed, implemented Product Security Roadmap for internal and public-facing platform systems• Implemented strategy for security service delivery and tracking throughout the company• Managed remediation from cyber security assessments and ethical hacks• Partnered with Legal to develop strategies around data privacy and contributed to Privacy Policy• Analyzed state and federal guidelines to implement comprehensive risk-based data classification framework

I built a comprehensive information security program from the ground up to address risks and meet rigorous legal, regulatory, and contractual requirements. I drafted, socialized, and drove the adoption of a comprehensive set of information security policies, standards, and guidelines. I developed and implemented key processes including Incident Response Program, Vulnerability Management Program, and Secure Systems and Software Development Lifecycle Program. I trained over 200 members of Engineering, Technical Operations, Marketing, and Product in secure systems and software development program responsibilities. I evaluated and recommended technical solutions to meet the needs of the program. I crafted a network security strategy to address all corporate and data center infrastructure.• Setup and ran company-wide third-party information security risk assessment and third-party penetration testing programs• Drafted and drove adoption of 6 policies and 15 standards, exceeding regulatory and partner requirements• Launched company-wide Security Awareness Training Program and Application Security Awareness Training Program• Implemented email security program to address phishing and malware• Sourced key security hires to grow the team

I implemented and managed processes that allowed me to assess and manage risk to critical business processes, assets, and information across the enterprise. I worked with business and IT to achieve and maintain legal and regulatory compliance (SOX, PCI DSS). I defined, taught, and enforced security policy and security awareness across the company. I advised technology leaders with regard to secure application development and system design and architecture.• Worked with members of IT to master complex system architecture in a short time• Used calm, informative, pro-business style to solve challenging technical issues and build trust• Sought and discovered creative strategies to reduce scope of compliance initiatives, reducing cost and avoiding delays• Managed technical security implementation projects• Evaluated change requests and security exceptions to ensure all risks to business were addressed• Evaluated vendors and negotiated cost savings while achieving required results• Partnered with IT leaders to inform PCI DSS remediation efforts and remove obstacles

I designed security program, policies, and procedures to address risk to critical business processes, assets, and information. I met regularly with the CEO, CFO, and CTO to report on security and compliance progress, strategy, and risk landscape. I achieved and maintained PCI DSS, ISO 27002, SSAE 16, and US-EU Safe Harbor compliance.• Implemented an ISO/IEC 27002-based ISMS and NIST-based risk-management process• Implemented systems, policies and procedures to achieve PCI DSS compliance• Responded to security RFI/RFP’s, negotiated client security contracts, and conducted audits of third party providers• Created company-wide strategy for security awareness and training across all departments• Designed product security requirements and made recommendations for secure SDLC• Coordinated vulnerability scanning, code scanning, penetration testing• Implemented secure data destruction procedures

I lead team responsible for the confidentiality, integrity, and availability of all information services. I met regularly with CEO, CFO, and VP of Engineering to report on security and compliance progress, strategy, and risk landscape. I managed production, corporate and development networks and systems, supporting staff, and vendor relationships. I managed the security and availability of AngelPoints’ SaaS platform. I designed and implemented security systems, policies, and procedures to meet legal and contractual requirements. I provided training, auditing, and enforcement of policies and procedures.• Implemented a multi-master database disaster recovery and encryption strategy for the AngelPoints application database• Implemented a secondary data center to meet the business continuity requirements of Wells Fargo• Implemented an ISO/IEC 27002-based ISMS and NIST-based risk management process to meet the security requirements of AT&T and Ameriprise• Implemented systems, policies, and procedures to achieve PCI DSS compliance• Responded to security RFI/RFP’s, negotiated client security contracts, and conducted audits of third-party providers• Created company-wide strategy for security awareness and training across all departments• Designed product security requirements and made recommendations for secure SDLC• Coordinated vulnerability scanning, code scanning, penetration testing• Strategically implemented strong encryption strategies using PKI, GPG, IPSec, SSL/TLS, and FDE• Implemented secure data destruction procedures• Dramatically increased AngelPoints’ security and disaster recovery profile, contributing to acquisition by MicroEdge• Implemented lead generation strategy and led lead generation team to meet annual revenue goals, contributing to company acquisition by MicroEdge

I established and managed Samui Training Center and The Best of Samui (technology, marketing, consulting).• Designed secure system architecture for oil exploration company• Managed vocational skills training business in Thailand (technology, language, hospitality)• Designed and managed the development and implementation of a tourism booking portal for Bangkok Airways• Designed and managed the development and implementation of ecommerce websites• Directed marketing and contributed to product development for multimedia player retailer, generating $1M revenue

I managed production, corporate and development networks and systems, supporting staff, and vendor relationships. I managed the security and availability of Bridger’s web-based commercial mortgage management systems. I designed and implemented security systems, policies, and procedures. I managed optimization, availability, and backup of Oracle database.• Upgraded all systems in support of three-fold company growth• Implemented automated offsite backup of all data, including hot backup of Oracle on Solaris• Implemented Exchange, Active Directory, firewalls, backup power, document management, monitoring, antivirus, VOIP, unified messaging, Blackberry Enterprise, DFS, DNS, DHCP, VPN, T1’s, and DS3• Completed 2 data center migrations• Implemented business continuity strategy to withstand HQ loss• Implemented development, staging and production environments for software development team

I taught courses in networking, security, Microsoft technologies, and CompTIA certification.• Taught valuable, practical understanding of LAN/WAN networking, TCP/IP and network security• Readied students to acquire industry certifications including CompTIA Net+, MCSE, and MCP

I managed the city’s network systems, servers, and help desk that supported 300+ users.• Upgraded 300+ workstations in a way that resulted in 90% reduction in help desk requests• Supported mission-critical traffic-control systems and police and fire dispatch equipment• Investigated and solved complex network problems on metropolitan area network (MAN)• Deployed mobile computing solution to police patrol cars