Will Wang Email and Phone Number

Accomplishments:- Piloted an AI-enhanced vulnerability severity categorization system, leveraging and training LLM (Large Language Model) to determine the potential severity of newly-identified security vulnerabilities.- Product-managed an AI-boosted early warning system that promptly notifies stakeholders of both newly-identified and emerging software vulnerabilities.- Onboarded and supported over 1,000 projects and teams onto the newly-established SAST (Static Application Security Testing) platform.- Advanced 13,000+ software engineers/architects through self-selected learning paths in annual role-based security and privacy compliance training, achieving a 92%+ completion rate within a year.- Collaborated with internal development teams and external consultants to complete a comprehensive evaluation of eight commercial Static Application Security Testing (SAST) scanners, involving dozens of labs.- Revamped a new role-based Security and Privacy Training Program, leading to its rollout to over 10,000 engineers with an 88% completion rate within seven months.- Received the ROCStar award, recognizing exceptional contributions across business units and functions from a pool of over 600 R&D members.- Earned the A.N.T.L.E.R award, designating the leading employee among 100+ product security members.- Designed and implemented a new Security and Privacy Training Program that was targeted, role-based, scalable, trackable, and time-saving. Phase one achieved an 81% satisfaction rate and an 85% completion rate within 90 days.- Developed Secure SDLC metrics and dashboards to improve management visibility, peer communication, and workload forecasting/balancing.- Managed Secure SDLC activities for several flagship cloud products and services seamlessly.

2018 Accomplishments:- Successfully managed and executed over 20 projects involving 50+ internal and external stakeholders, meeting and exceeding expectations.- Co-managed the bug bounty program, winning the 2018 Buggy Award for Best Program as chosen by researchers.2017 Accomplishments:- Reengineered, revised, promoted, and enforced Secure SDLC across various business units and partner/supplier networks.- Drafted, promoted, and enforced numerous security requirements and guidelines.- Introduced a third-party/supply-chain Security Maturity Model, conducting assessments and elevating security maturity levels by 2 on a scale of 1-5 within 12 months.- Orchestrated a global DEV/QA Technical Security Training program.- Managed penetration testing and threat modeling projects totaling millions of dollars.- Decreased submissions for Product Vulnerability Bounty programs by 90%.2016 Accomplishments:- Implemented Product Security Lifecycle Management from vulnerability identification to solution verification and communication.- Established a comprehensive Product Security Assessment Program covering security requirements, design, testing, and ongoing monitoring.- Developed a Third Party Oversight Program, including supplier conferences, audits, training, and action item tracking.- Designed and implemented an IT Security Training Program encompassing security awareness and skilled-based e-learning.- Led the annual PCI Compliance Program, including penetration testing and resolution.- Managed the Product Vulnerability Bounty Program, offering on-demand and ongoing bug bounty initiatives.

2015 Accomplishments:- Managed four IT security programs, achieving an overall "Satisfactory" rating with no issues found during internal audits.- Developed three additional IT security programs for 2016, comprising nine various security projects.- Received the highest Annual Performance Review Rating of 5 among 100+ employees in the Corporate Security department in 2015.Responsibilities:- Oversee various technology-specific programs, collaborating in cross-functional teams to establish security baselines and standards, researching vulnerabilities, conducting technology security assessments, and classifying security risk levels for company-related activities. Support both internal and external audits.- Manage application and infrastructure penetration testing programs from charter preparation to retest, including project initiation, requirement solicitation, planning, scoping, scheduling, resource allocation, vendor management, incident response, and issue resolution.- Communicate risk and mitigation strategies resulting from security technical reviews and related projects, offering expert subject-matter security analysis for projects sponsored through Information Technology and other business units.- Research industry trends, identify ongoing security requirements, analyze new security administration tools, and provide recommendations on the need and usefulness of services or products.- Collaborate with internal and external resources, assisting business teams in addressing and researching internal or external reported security issues.

Managed Projects:1. General Electric - Business Video Managed Service Project2. Gilead Sciences - IMAC Managed Services Project3. Milestone Technologies - CMSP (Cloud and Managed Service Program) Certification Project4. Santa Clara University - Cisco Unified Communications (UC) Assessment and Upgrade Project5. Blue Coat - Aruba Refresh Project6. Yelp - Wireless Assessment and Remediation Project7. Milestone Technologies - PMO (Project Management Office) Reformation Project8. Pacific Maritime Association - Cisco Unified Communications Upgrade Project9. Gunderson Dettmer - Cisco Unified Communications Implementation Project10. Ariat - InformaCast Integration Project

Accomplishments:- Provided strategic management direction and support for software development and information security, aligning with business requirements and regulatory standards.- Executed full life cycle IT implementations, overseeing conceptualization, requirements gathering, design, development, integration testing, and outsourcing.- Managed the entire life cycle of Information Security Management System (ISMS) governance, including establishment, implementation, operation, monitoring, review, maintenance, and continuous improvement.- Planned and oversaw all phases of second or third-party audits, reporting audit results, major obstacles, and critical non-conformities.- Supported software development efforts to ensure compliance with enterprise requirements and relevant regulations.- Prepared comprehensive project documentation such as proposals and Statements of Work (SOWs), as well as data deliverables including Contract Data Requirements Lists (CDRLs).- Conducted ongoing earned value analysis of programs to ensure project success and budget adherence.- Led risk assessment and mitigation strategies for contracts to minimize potential disruptions and ensure project continuity.- Developed demonstration and presentation materials, delivering engaging presentations at client sites to showcase project progress and achievements.