Sep 2019 – Dec 2024 · 5 yrs 3 mos · Hybrid

• Served as CISO for the $45B convenience retailer to protect revenue from fuels, real estate, merchandising, digital banking, electric charging, drone delivery, fresh food, and convenience retail. Secured digital ecosystem with 120M in-store daily in-store transactions, 100M+ users and 30-minute deliveries.
• Started lean and scaled teams globally to enable global security operations and deploy multi-layer defense strategies focused on detection and mitigation of inventory fraud, payment processing, and consumer data protection. Empowered rapid innovation and compliance in an always-on, highly attacked environment. Operationalized strong law enforcement partnerships and community synergy. Achieved multimillion dollar YoY savings through optimizations and integrations. Reduced cybersecurity insurance. Set up hardware and software purple teams to secure store systems and maintain compliance across environments expanded through acquisitions. Reported risk through regular Board and Audit Committee presentations.
• Created global teams to partner with developer cohorts on-site, created trusted technical partnerships, and regularly initiated tabletop exercises to collaborate with product and engineering on security-by-design inclusions in mobile and API-driven features.
• Conducted cybersecurity due diligence on targets, managed post-acquisition integrations, and consolidated platforms to align with lean margins and PCI-DSS requirements.
• Managed teams dedicated to risk governance, PCI compliance, executive risk reporting, and risk mitigation strategies keeping pace with the global threat landscape. Operationalized the AI governance framework.
• Supported the EV charging infrastructure rollouts and drone delivery programs.

Feb 2017 – Sep 2019 · 2 yrs 7 mos · Mountain View, California, United States · On-site

• Scaled security engineering for the 4M+ user consumer protection platform before it was eventually acquired for $2.5B by Symantec in February 2017. Remit was the global security engineering capability for the Symantec Consumer Business Unit with a focus on facilitating data-driven risk narratives, transparency, governance, and industry-leading security outcomes. Designed security architectures for cloud-based applications and APIs, implementing Zero Trust and encryption to secure consumer data and prevent fraud, aligning with PCI-DSS and GDPR. Automated SOAR playbook creation with early generative AI detection and standardized processes for vulnerability management across hardware (Symantec wireless routers) and software. Collaborated with product teams to embed threat modeling and threat intelligence, resulting in the creation of new security features enhancing identity and financial protection.

Apr 2016 – Feb 2017 · 10 mos · Mountain View, California, United States · On-site

• Acquired by Symantec’s Consumer Business Unit (Norton)

Nov 2011 – Apr 2016 · 4 yrs 5 mos · Sunnyvale, California, United States · On-site

• Unified global enterprise security, supported product security and the Customer One journey, and secured automated support telemetry across the global supply chain. Achieved ISO 27001 certification and spoke extensively at customer conferences worldwide. Developed enterprise security policies and technical standards that integrated DevSecOps, reducing vulnerability dwell time by 45% and embedding controls for anomaly detection. Drove innovation cohorts that resulted in anti-ransomware controls.

Jan 2001 – Oct 2011 · 10 yrs 9 mos · Mountain View, California, United States · On-site

• Built global security programs for SaaS financial products (e.g., TurboTax, QuickBooks), supporting credit building, payment processing, and small business lending ecosystems. Awarded Intuit Innovation Award for scaling to 50K+ users internationally. Led third-party risk and supply-chain security for financial platforms, embedding compliance with SOX, GLBA, PCI, and privacy laws to protect consumer data and prevent fraud. Developed policies for secure development in lending and payment operations, reducing attack surfaces through encryption, APIs security, and DevSecOps optimizations. Conducted incident response and vulnerability management, collaborating with product teams to ensure security-by-design in AI-driven financial tools.

Jan 2000 – Jan 2001 · 1 yr · Mountain View, California, US · On-site

Jan 1998 – Jan 1999 · 1 yr