Speaking security to customers, and others... demystifying the mystical, securing the insecure, helping to sell a product that delights!

President of Stapleton-Gray & Associates, Inc., an information technology and policy consultancy focused on security, surveillance, privacy and mobile technologies including RFID. Has managed the electronic embassy (http://www.embassy.org) web site since its inception (1995, then as an effort of TeleDiplomacy, Inc.), including web development.

Director of Information Security for StreamSets. Developing the StreamSets InfoSec department, a small but mighty team!Scope of activities includes performing risk assessments, maintaining the Risk Register, and chairing quarterly Risk meetings; supporting audits (SOC 2, ISO 27001); managing the security awareness program; developing security/privacy/compliance-related collateral in support of Sales and Marketing; other duties as assigned, discovered, or sought out!StreamSets is a subsidiary of Software AG, which has accepted an offer by IBM to purchase both StreamSets and the webMethods business unit (together as Software AG's "Super iPaaS" offering). My work, as both head of InfoSec and co-leader of the StreamSets Compliance function, includes enabling this planned transition to be as smooth and unsurprising as possible.See also my musings on Medium, as to potential scope of "InfoSec," as business enabler, promoter of corporate knowledge, and other issues: https://medium.com/@ross.stapletongray

Responsible for security, privacy, compliance and risk-management issues across Vineti, a SaaS supply-chain orchestration start-up supporting clinical research and commercial delivery of cell & gene therapies.► Achieved Vineti’s first SOC 2 type II certification (Dec 2021) as principal 3rd-party audit program manager, and identified and onboarded a GRC platform for subsequent years’ efforts► Principal policy drafter, and reformed the existing corporate policy framework to both simplify and conform to the overall risk framework (NIST 800-53) selected by Vineti; responsible for all policy training, and personnel security and privacy awareness programs► Worked with Product and Engineering on Privacy/Security by Design principles and practices in an Agile development environment, to reduce risk of sensitive data exposure, while optimizing data use in achieving the company’s objectives, for a cloud-native (AWS) SaaS service► Served as company subject matter expert on privacy legal and regulatory issues, including GDPR and HIPAA, in support of the company’s Data Protection Officer. Responsible for 3rd-party HIPAA certification, and liaison to the industry’s Health Information Sharing and Assessment Center (H-ISAC)► Served as principal manager of some compliance audits, for major pharmaceutical sector customers

Trustee, AUSD Board of Education (2014-2018 term). Conduct oversight, with the other trustees, of a school district with an approximately $45M annual operating budget, and $95M in construction bonds authorized in 2016. Elected and served as Vice President, 2016-2018.

Responsible for management of both IT security and privacy programs at Rocket Lawyer, a legal-resource service for individuals and small businesses. ► Implemented the company’s first incident response policy and procedures► Conformed policy and practices to the requirements of GDPR, and worked with corporate counsel to obtain Privacy Shield certification► Initiated the process for ISO 27001 certification► Worked within the operations team to address security issues across departments including Engineering, Finance, Sales, HR, and DevOps

Managed research programs, including all federal grant-funded research, for Packet Clearing House, a non-profit research institute focused on advocacy and growth of Internet infrastructure worldwide.► Served as principal investigator for cyber security research grants under the DHS Protected Repository for the Defense of Infrastructure Against Cyber Threats (PREDICT) and Information Marketplace for Policy and Analysis of Cyber-risk and Trust (IMPACT) programs:- Managed collection and acquisition, curation and dissemination of datasets for cybersecurity R&D- Involved in the transition between the programs, including the development and launch of the IMPACT portal- Proposed and served as the subject matter expert for the implementation of digital object identifiers (DOI) in the IMPACT dataset- Managed subcontractors to both programs on behalf of DHS► Served as team lead on two successful grant proposals on cyber security research and development to the Department of Homeland Security (DHS) Science and Technology Directorate, totaling $1.05M in funding, and acted as principal investigator for one (N66001-08-C-2033 and N66001-08-C-2034)

Member, Technical Advisory Board

Member, Advisory Board. Cataphora was a technology company, to 2014, focused on the implications of personal and organizational behavior as evidenced by the use of electronic media. A portion of Cataphora, focused on electronic discovery ("e-discovery") for litigation, was acquired in 2011 by Ernst & Young.

Information technology & policy consulting; embassy.org Web site (http://www.embassy.org).

Information security policy position reporting to the Associate Vice President for IT (UC Systemwide CIO). Coordinated IT security policy with campus-level chief information security officers.

Co-founder, IT security technology start-up Sandstorm Enterprises, acquired by NIKSUN in 2010. Member, board of directors, 1998-2001. Primary focus was in competitive intelligence, market research, and business development.

Consultant (competitive intelligence, market research, support to federal sales) to a spin-out (since reabsorbed) of Applied Signal Technologies (http://www.appsig.com).

Reported to trade association IT director, responsible for support to committees of member company CIOs and chief telecommunications officers, on IT policy, legislative and regulatory issues affecting telecommunciations and information technology policies and practices.

Intelligence analyst, Office of Scientific and Weapons Research (OSWR). Rotational assignment as planning officer in support of the Community Management Staff (what would now be the Office of the DNI).Served on White House Information Infrastructure Task Force (IITF), representing Intelligence Community interests, for the Clinton/Gore Administration.

Responsible for intelligence analysis on information technology and policy issues worldwide, including analytic reporting and briefings to senior policymakers.Led Intelligence Community interagency working group on foreign information technology research issues.Participated on “R. V. Jones” advisory panel to Director of Central Intelligence R. James Woolsey, on promotion of creativity and innovation at the CIA.Trained CIA personnel on sexual harassment awareness issues.