Alex Smolen

Founder

Oakland, California, United States19 yrs 3 mos experience
Highly Stable

Key Highlights

  • 15+ years in security engineering leadership
  • Expertise in vulnerability management and GRC automation
  • Proven track record in building security programs
Stackforce AI infers this person is a SaaS security leader with deep expertise in compliance and automation.

Contact

LinkedIn

Skills

Core Skills

SecurityGovernance, Risk, And ComplianceCloud ComputingSoftware Engineering

Other Skills

ComplianceAutomationVulnerability ManagementData VisualizationRBACMFATerraformArchitectureAWSSaaSSecurity ArchitectureApplication SecurityMicroservicesPenetration TestingCode Review

About

Security engineering leader with 15+ years experience building security programs from the ground up. Passionate about vulnerability management, detection engineering, and GRC automation. Currently running EngSec Labs, a security consulting practice supporting AI startups and building AI-focused security services and tools. Deep expertise in software engineering and AWS security. Strong track record of collaborative cross-functional work, creative approaches to design challenges, and shipping high-quality security solutions.

Experience

Engseclabs

Proprietor

Sep 2025Present · 6 mos

  • Fractional security leadership, consulting, writing, building

Launchdarkly

Director Of Security

May 2020May 2025 · 5 yrs · Oakland, California, United States · Hybrid

  • Built and scaled LaunchDarkly’s security organization, driving security, compliance, and developer velocity through innovative programs and automation.
  • Product Security
  • Developed a security asset data lake for querying and visualizing asset data with correlated security annotations.
  • Automated FedRAMP vulnerability management, streamlining continuous monitoring.
  • Migrated to a zero-trust endpoint architecture and reduced production data access via tiered controls and a GitHub Actions-based data access platform.
  • Infrastructure Security
  • Deployed phishing-proof MFA and device trust policies with Kolide for compliance checks.
  • Automated least privilege RBAC in Okta via Terraform and HRIS integration.
  • Delivered custom security training and enhanced detection/response with red team exercises and recovery runbooks.
  • Governance, Risk, and Compliance (GRC)
  • Achieved FedRAMP Moderate Authorization; maintained SOC 2/ISO 27001 certifications with minimal overhead.
  • Built a privacy program aligned with GDPR, CCPA, and HIPAA.
  • Launched customer assurance programs, including vendor reviews, contract support, and a public trust center.
SecurityComplianceAutomationVulnerability ManagementData VisualizationRBAC+3

Clever inc.

Head of Security

Nov 2015May 2020 · 4 yrs 6 mos · San Francisco

  • Built and scaled Clever’s security program, delivering secure, resilient cloud-based SaaS with industry-leading security architectures and AWS expertise.
  • Established and grew Clever’s first security team, building a comprehensive security program from the ground up.
  • Led the migration of Clever SSO (>10 million MAUs) from a single AWS region to a multi-region architecture, significantly enhancing resiliency and availability.
  • Designed and implemented secure-by-default practices, ensuring innovative features like Clever Badges met stringent security standards for protecting K-12 student data.
  • Delivered a secure, scalable infrastructure to support high-uptime products, leveraging advanced AWS solutions and cloud architecture best practices.
  • Pioneered innovative security measures to protect user data, aligning with compliance requirements and maintaining trust with educational partners.
SecurityAWSSaaSComplianceSecurity ArchitectureCloud Computing

Twitter

Senior Software Engineer

Jul 2011Oct 2015 · 4 yrs 3 mos · San Francisco Bay Area

  • Led the Account Security team to build and launch features like 2FA and suspicious login detection, enhancing user protection for millions of accounts.
  • Migrated the authentication stack from the "monorail" to a Scala-based microservice architecture, improving scalability, performance, and reliability.
  • Developed and implemented application security measures to prevent XSS and CSRF vulnerabilities, ensuring safer user interactions across the platform.
  • Established a robust security review process to integrate secure coding practices into development workflows, reducing vulnerabilities at scale.
SecuritySoftware EngineeringApplication SecurityMicroservices

Foundstone

Senior Security Consultant

Feb 2006Aug 2009 · 3 yrs 6 mos

  • Delivered software security services including penetration testing, code review, and training.
Penetration TestingCode ReviewSecurity ConsultingSecurity

Parasoft

Security Engineer

Jun 2004Jan 2006 · 1 yr 7 mos

  • Lead developer for software security products.
Software SecurityDevelopmentSecurity

University of california printing services

Software Engineer

Jan 2004Jun 2004 · 5 mos

  • Designed and implemented prototype help-desk ticket application in PHP/MySQL.
PHPMySQLSoftware Engineering

Education

UC Berkeley School of Information

MIMS — Information

Jan 2009Jan 2011

University of California, Berkeley

BA — Electrical Engineering and Computer Science

Jan 2000Jan 2004

Stackforce found 100+ more professionals with Security & Governance, Risk, And Compliance

Explore similar profiles based on matching skills and experience

Mayank Tripathi

Mayank Tripathi

Cybersecurity & GRC Sales - Europe

at HCL Technologies

Noida, India9 yrs 11 mos exp
CybersecurityMarketingSales Management
Karanbir Singh Kochar

Karanbir Singh Kochar

Sr. Director - Governance Risk and Compliance (Cybersecurity)

at Visa

Dublin, United States20 yrs 10 mos exp
CybersecurityInformation SecurityInternal AuditRisk ManagementTechnology Audit
Anu Bulusu

Anu Bulusu

Co-Founder, L5.ai

at L5.ai

Eden Prairie, United States24 yrs 9 mos exp
EntrepreneurshipLeadershipConsultingIT StrategyProject Management
Shalini B

Shalini B

Supplier Risk Assessor

at IBM

Bengaluru, India10 yrs 11 mos exp
Information Security Management System (ISMS)Third Party Risk ManagementVendor Risk Management
Shivani Tikadia

Shivani Tikadia

Podcaster - The Shuffle with Shivani

at TheNadkarnees

India12 yrs exp
CybersecurityComplianceRisk ManagementSecurity Architecture
Ashish Kale, CISSP

Ashish Kale, CISSP

Principal SecOps Engineer

at Perforce Software

Pune, India13 yrs 9 mos exp
Cloud SecurityCyber DefenseIT InfrastructureIT SupportIncident Response
YASHPAL RAJPUT

YASHPAL RAJPUT

Student

at MUKESH PATEL SCHOOL OF TECHNOLOGY MANAGEMENT AND ENGINEERING

Pune, India0 mo exp
Neal Harris

Neal Harris

Director Of Security

at Persona

Mill Valley, United States16 yrs 8 mos exp