Jan 2023 – Present · 3 yrs 3 mos · San Francisco Bay Area · Remote

• Tejas is a global, project oriented, vendor agnostic, OPEN TO ALL, Professional Networking Community based on strict professional standards, dedicated to Cyber Professionals (security, privacy, audit, risk, compliance, product and engineering) all across the globe.

Jan 2022 – Jan 2024 · 2 yrs · San Francisco Bay Area · On-site

Jan 2020 – Jan 2022 · 2 yrs · San Francisco Bay Area

• As the security leader and the 20th employee at Fast which raised 123 million from Stripe, Index Ventures, Susa ventures among others, established all core security processes including secure SDLC, cloud security, security incident management, corporate IT security and privacy engineering among others.
• Helped Fast achieve PCI DSS Level 1 compliance within a year of joining the company.
• Built the Security, Privacy and IT team by hiring top notch professionals with deep expertise in their domain.
• Built the privacy function at Fast and helped meet GDPR and CCPA compliance requirements. Deployed OneTrust Privacy management tool for Cookie Compliance, DSAR and Vendor Risk Assessments.
• Owned IT apart from information security and managed the build out of the IT infrastructure to support company growth. Technologies deployed included JAMF Pro, CrowdStrike, 1Password etc.
• Deployed CloudFlare (WAF), Lacework (HIDS), Orca Security, BridgeCrew, StackRox (Kubernetes Security) to secure the production environment hosted in Amazon Web Services (AWS).
• Operationalized Threat Modeling based on STRIDE methodology and Privacy by Design (PbD) assessments
• Deployed Veracode SAST/DAST & source composition analysis as part of secure SDLC process.
• Managed the quarterly penetration-testing and the ongoing bug bounty program across all applications.
• Headed the quarterly security and risk management committee to apprise management on the risk posture.
• Built a security sales enablement program with supporting artifacts to help the business close deals in an expedient fashion.

Sep 2019 – Present · 6 yrs 7 mos · San Francisco Bay Area

• SVCI is a group of Chief Information Security Officers (CISOs) that operates as an angel investor syndicate. Our mission is to fuel the next generation of cybersecurity innovation by identifying promising early-stage startups, investing in them, and using our unmatched industry expertise to help them thrive.

Jan 2019 – Jan 2020 · 1 yr · San Francisco Bay Area

• Helped Varo attain OCC Charter and FDIC approval by building the information security program from the ground up to meet PCI, FDIC and FFIEC requirements.
• Established all core security engineering processes including secure SDLC, cloud security, security incident response planning, access management, partner security, business continuity and disaster recovery etc.
• Managed the overall information security program including engineering security gap remediation projects.
• Secured the production infrastructure hosted on AWS using AWS native tools like AWS Inspector, AWS Guard Duty, Security Hub, Macie and opensource tools like Scout Suite among others.
• Performed security design and architecture reviews, threat modeling and deployed static (SAST) and dynamic application security testing (DAST) tools as part of establishing secure SDLC process.
• Made presentations to the senior management on the status of security and governance on a regular basis.
• Built the security team by hiring and managing security engineers and security architects.

Jan 2017 – Jan 2019 · 2 yrs · Redwood City, California, United States

• As the first full time security hire established all core security processes including security and privacy incident response management, access provisioning, termination, user access reviews, BCP/DR etc.
• Helped close deals with large enterprise customers including Fortune 500, from a security perspective by presenting the company’s security posture and answering any security relevant questions.
• Initiated the SOC 2 compliance program and supported the GDPR program to meet customer security & privacy commitments and regulatory requirements.
• Deployed IBM Rational AppScan for static and dynamic application security testing.
• Deployed Zscaler Internet Security (ZIA) and Zscaler Private Access for network and AWS Security.
• Developed and operationalized the security incident management process from end to end.
• Helped secure the production infrastructure hosted on AWS using Evident.io, SumoLogic, AWS Inspector, AWS Guard Duty among other tools.
• Managed the annual penetration testing and bug bounty program.

Jan 2015 – Jan 2017 · 2 yrs · San Francisco Bay Area

• HelloSign is the easiest way to fill out and sign documents online. Customers love the platform and rave about our service. Funded by Y Combinator, Greylock, USVP, Google Ventures and other great investors.
• As the first security hire in a Google Ventures backed company, developed the whole information security program from scratch and built up the information security team.
• Owned IT apart from information security and managed the build out of the IT infrastructure to support company growth. Technologies deployed included Okta, JAMF Casper, Cisco Meraki, etc.
• Designed all core security and operations processes including access management, change management, release management, patch management, security incident management, physical access management and BCP/DR among others.
• Built and managed HelloSign’s SOC 2 and HIPAA compliance programs. Initiated the EU-US Privacy Shield compliance program.
• Deployed CheckMarx for source code security analysis, ThreatStack for threat monitoring, vulnerability management and file integrity monitoring, Sophos Cloud for end point security and Cisco Umbrella for DNS level security.

Apr 2014 – Aug 2015 · 1 yr 4 mos · San Francisco Bay Area

• As the first security hire, complete responsibility of company’s security and compliance posture while maintaining customer trust.
• Designed all core security and operations processes including access management, change management, release management, incident management, BCP/DR among others.
• Developed all information security policies, standards and procedures from scratch.
• Built and managed the Coupa FedRAMP, HIPAA, SOC 1/SSAE 16 compliance programs.
• Built and operationalized the application security program at Coupa. Worked hand in hand with the
• development team to build security into the product and remediate application security issues.
• Developed and operationalized the security incident response plan and managed a 24x7 security operations (SOC) team.
• Provided specific and pragmatic technical advisory to Cloud Operations, Development and IT teams to close security gaps.
• Represented Coupa’s security and compliance posture to customers, prospects and vendors.

Jan 2012 – Jan 2014 · 2 yrs · San Francisco Bay Area

• Responsible for the management of the Information Security Program at Esurance which included overseeing and coordinating security and risk management efforts across the company.
• Owner for all information security functions including: Security Engineering, Security Governance, Security Monitoring, Incident Response, Forensics, Network Security, Security Awareness, and Metrics.
• Managed the Esurance PCI Compliance Program from end to end including remediation work streams.
• Responsible for supporting all internal and external IT and security audits related to IT infrastructure and applications including SOX 404.
• Operationalized the IBM Rational AppScan dynamic application security testing tool ensuring complete business flow coverage in coordination with development and QA.
• Deployed CyberArk enterprise password management tool, FireMon Security Manager firewall management tool and QualysGuard vulnerability management tool.

Jan 2010 – Jan 2012 · 2 yrs · San Francisco Bay Area

• Managed a project providing assistance to Microsoft Corporation’s Server & Tools Business (STB) cloud offerings (SQL Azure/Windows Azure/AppFabric Services) to obtain FISMA(FedRAMP)-Moderate/ISO 27001/SOC-2 certifications by conducting a gap assessment, process/engineering remediation and preparation of various audit artifacts.
• Managed and executed an IT controls gap assessment project for one of Salesforce.com’s (SFDC) acquired companies, relative to the SFDC’s existing IT controls, ISO 27001/27002, Sarbanes Oxley (SOX), SAS 70, and PCI DSS v2.0 controls.
• Assisted with Oracle Corporation’s assessment of their IT Disaster Recovery capabilities for their major lines of business and streamlining of audit processes for their internal GRC tool.
• Assisted Yahoo Inc. with IT general controls testing around revenue service engineering and operations.
• Assisted with Information Security Business Risk Assessments for State of Oregon agencies based on ISO 27002 control domains and SEI Capability Maturity Model (CMM).
• Chosen to be part of the KPMG National Advisory Instructors pool for the development of practice professionals.
• Supervise and mentor resources with a focus in security, risk and compliance

Jan 2007 – Jan 2017 · 10 yrs

• Taught the CISA and CISM Review Courses for the ISACA Silicon Valley and San Francisco chapters.

Jan 2007 – Jan 2008 · 1 yr

• Organized ISACA - Silicon Valley Chapter Winter Conference - Jan 24, 25 2008
• Organized joint Conference with IIA (Internal Institute of Auditors) on IT Audit and Security Topics with industry leaders - 5th Jan 2007
• Organized joint Session with ISACA SFO - Introduction to IT Governance with CobiT 4.1 and CobiT Quickstart - April 23 2008

Jan 2007 – Jan 2009 · 2 yrs

• Performed vendor information security assessments for Cisco Systems, Inc.
• Authored information security policies and standards for GAP Inc. meeting PCI and ISO 27002 requirements.
• Performed a company wide ISO 27002 based information security assessment for Mentor Graphics, a leading EDA software company.
• Performed SOX 404 compliance testing of IT general controls at Sun Microsystems.
• Performed walk-throughs and testing of logical access and segregation of duties for SOX 404 compliance at Kaiser Permanente.

Jan 2006 – Jan 2007 · 1 yr

• Delivered lecture on “Project Management Methodology according to Project Management Body of Knowledge (IEEE Std 1490-2003)” at IEEE Kansas City Section Monthly Dinner Meeting - Aug 17th 2006
• (http://www.ieee-kc.org/archives/enewsarchive/enl2006-08-10.htm)

Jan 2003 – Jan 2004 · 1 yr

• Nominated to attend IEEE 2004 Region 5 Conference ; Annual Technical and Leadership Workshop, Norman OK
• Received Regional Student Membership Growth Award from National IEEE Chapter.

Jan 2004 – Jan 2007 · 3 yrs · Kansas City, Missouri Area

• Managed multiple concurrent projects to deploy IT initiatives for an ISO9001 organization, which included ERP and CRM solution management, business process re-engineering, system and network administration & disaster recovery planning.
• Directed the planning, development, and implementation of a custom-designed, state-of-the-art software and hardware infrastructure to improve corporate-wide business processes and IT operations.
• Executed the "Paperless Office" project from conception to completion, which involved managing workflow processes & triggers and implementing Integrated Document Management Project.
• Directed the conception, implementation, and configuration of a specialized, manufacturing-based ERP Solution, which defined workflow & mapped all business sectors and modules, including financials, inventory management, sales, production, accounts payable and receivable, purchasing, and inventory.

Jan 2004 – Jan 2005 · 1 yr

• Delivered lectures on information security topics
• An Advanced Introduction to Intrusion Detection Systems with focus on Snort 2.1 IDS.
• An Introduction to Intrusion Detection Systems
• Firewalls 101

Mar 2003 – Jun 2004 · 1 yr 3 mos

• Student Life Office (2003 – 2004)
• Conceptualized, directed, and organized the UMKC Emerging Leaders Program for 2006, which involved training students for leadership.
• Planned and organized the UMKC Community Service Day and UMKC Rickard B. Mentoring Program.
• Initiated technology enhancement directives for the UMKC Greek Life Website.
• UMKC Women’s Center (2003)
• Conducted research on national leadership programs for women.
• Initiated and executed IT projects, such as the design and development of databases.

Oct 2002 – Mar 2003 · 5 mos

• Conducted IT software/hardware troubleshooting and maintained lab equipment.
• Assisted lab supervisors on special projects and guided students through lab-related questions.