Chris Eng Email & Phone Number

Lexington, MA, US

Burlington, Massachusetts, US

• Scaled applied research and product security capabilities to meet the rapidly expanding needs of the business, without increasing headcount, contributing to a tripling of valuation and a $2.5B acquisition in 2022
• Advocated for and drove implementation of a ”responsible AI” strategy for Veracode Fix, leveraging large language models (LLMs) alongside trusted code patches to deliver secure, reliable suggestions and enhance.
• Built a product incubation team responsible for exploring new capabilities from idea to proof-of-concept, with an emphasis on pragmatic applications of Machine Learning
• Advised corporate development team on product strategy and led technical due diligence work streams for numerous M&A targets, both pre- and post-LOI
• Contributed to cross-functional teams tasked with integrating acquired technologies into the product portfolio, including SourceClear (SCA), Jaroona (AI), Crashtest Security (DAST), and Longbow (ASPM)
• Chaired the Product Security Incident Response Team (PSIRT), and served as a member of the Information Security Oversight Committee (ISOC) and the Information Security Assessment Team (ISAT)

Burlington, Massachusetts, US

In addition to my primary role, led the security operations team while also screening and advising on potential CISO candidates.

San Francisco, California, US

Curate program content for Black Hat USA. Track lead for SDL (2019), AppSec (2020, 2021), Application Security (2022), and AppSec Defense (2023, 2024).

Runtime Ventures focuses on seed and pre-seed stage cybersecurity investments. We love to work with ambitious founders building the future of the secure enterprise. As operators, we've launched numerous successful security services, products, and companies. As investors and mentors, we've helped dozens of founders build great businesses with amazing.

Boston, MA, US

Underscore VC is an early-stage, Boston-based venture capital firm backing bold entrepreneurs with an aligned community designed to fit each startup's unique needs.

Boston, MA, US

Underscore Core Community member serving as an advisor to Underscore portfolio companies.

Boston, Massachusetts, US

Hack.Diversity is transforming the economy by breaking down barriers and building access for the next generation in tech. Through its nine-month program, Hack.Diversity partners with the fastest-growing technology teams to identify, develop, and equip high-performing talent to launch careers as software engineers, data analysts, and mechanical engineers..

Mclean, VA, US

Set and promote the goals and objectives of the CWE/CAPEC Program to ensure ongoing adoption, coverage, and quality.

Columbia, Maryland, US

Huntress Labs provides managed detection and response services tailored for the 99%: small to medium-sized businesses (SMBs). Provided coaching on leadership development, strategic planning, and operational efficiency. Focused on refining board-level communication, aligning organizational structures, and driving long-term goals while improving team.

Stadtkreis 1 Altstadt, Zurich, CH

Curate program content for Kaspersky Security Analyst Summit.

Las Vegas, NV, US

Mentor and speaking coach for first-time presenters at a global-scale event. Over a four-month period each year, provide guidance on technical content, speaking skills, slide design, and delivery, culminating in August at the annual BSides Las Vegas conference.

San Jose, California, US

• Led applied research and product security for the Veracode business unit, following CA Technologies' acquisiton of Veracode
• Conducted technical due diligence for post-LOI M&A targets
• Proposed and led an initiative to elevate CA Technology’s security brand via the creation of a Veracode Labs team tasked with speculative security research

Sebastopol, CA, US

Curate program content for O'Reilly Security Conference. In 2018, this conference was disbanded and security content was absorbed into O'Reilly's Velocity conference.

Burlington, Massachusetts, US

• Responsible for delivering the security analysis capabilities of all Veracode products from pre-revenue to over $100M ARR at the time of acquisition by CA Technologies for $600M
• Built a global, diverse applied research team with deep domain expertise in SAST, DAST, SCA, and mobile security, and knowledge of over 30 programming languages and hundreds of popular frameworks
• Built a product security team, efficiently integrating security processes and tooling into the SDLC and partnering closely with engineering leadership through the evolution from waterfall to Agile Scrum to DevOps.
• Led a multi-year, data-driven scan accuracy initiative which achieved its goal of eliminating human review of scan results and reducing scan turnaround time from days to minutes
• Advised executive leadership team on product strategy and messaging
• Supported sales and service delivery as an SME and escalation point throughout the customer lifecycle

Burlington, Massachusetts, US

(see above)

Burlington, Massachusetts, US

• Contributed to the design and implementation of Veracode’s inaugural product offering, including definition and prioritization of SAST capabilities, CWE integration, flaw classification, application scoring, reporting.
• Designed QA framework for regression testing SAST engine efficacy
• Supported all phases of customer engagement, including pre-sales, onboarding, security analysis, report creation, results readout, and follow-up consultation
• Hired, trained, managed, and mentored Security Analyst team

San Jose, California, US

• Via acquisition of @stake.
• Managed Cambridge-based consulting team, including service delivery, project oversight, and staffing coordination
• Supported end-to-end sales process as an SME for global advisory services, including business development, scoping, contract generation, bid approval, and project delivery
• Designed, implemented, and maintained the Symantec Attack Center, a centralized, distributed scanning infrastructure for conducting network penetration tests and vulnerability assessments in a streamlined and.
• Designed, implemented, and maintained a web-based (J2EE) deliverable generation system with a centralized content knowledgebase, allowing consultants to collaborate efficiently and reducing project documentation time.
• Served as global facilitator for Symantec’s Attack and Penetration Center of Excellence, working with technical leads to continually revise service methodologies and delivery techniques to ensure currency and.

See Symantec section above.

• Also see Symantec section above.
• Led delivery of billable engagements, including web application penetration testing, network penetration testing, black-box product assessment, network vulnerability assessments, reverse engineering, and exploit.
• Led @stake’s Attack and Penetration Center of Excellence, responsible for developing internal methodologies and maintaining an internal knowledgebase of tools and techniques
• Led development of WebProxy, an internal application testing tool that later became a commercial @stake product
• Led a multi-month engagement to train the first in-house penetration testing team for a leading global financial services firm
• Developed penetration testing tools, including multi-platform database reconnaissance tool and SQL Server brute force utility

Ft. Meade, MD, US