Nov 2023 – Present · 2 yrs 6 mos

• Continuous Pentesting for the AI Era, Shinobi security is an AI company that develops autonomous offensive and defensive security agents.

Apr 2022 – Present · 4 yrs 1 mo

• Lead a global team of over 90 professionals across Product/AppSec, InfraSec, Offensive Security, and Blockchain Security.
• Spearhead the development of AI-led Product Security 2.0, focusing on innovative security solutions.
• Drive measurable risk reduction through high-impact security controls that scale with business growth.
• Successfully scaled the organization by 4X while enhancing governance and engineering partnerships.

Mar 2020 – Apr 2022 · 2 yrs 1 mo · Seattle, Washington, United States

• Own Product Security at Uber which includes vulnerability management, bug bounty program, secure design reviews and pen testing services.
• Own security partner program to establish stronger ties with key businesses (Eats,Money,Product Platform) to accelerate the ‘security-first’ culture in Uber.
• Own Merger & Acquisitions (M&A) security team for conducting pre/post due diligence for all deals and manage cybersecurity of our subsidiaries.
• Leading a team of security & privacy PgMs to drive strategy, planning and execution of various risk reduction initiatives across multiple organizations.
• Own data analytics and reporting team to define, track and report on enterprise security health metrics to drive AAA (Accountability, Action & Achievement).

Jan 2019 – Mar 2020 · 1 yr 2 mos · Greater Seattle Area

• Led global privacy review program, CCPA readiness and privacy engineering teams to deliver Tier-1 privacy services (Opt-outs, data access, data deletion etc.) for honoring customer’s choice for Amazon Advertising systems.
• Led a team of high performing TPMs and privacy engineers to ensure “Customer Trust” remains top priority while enabling the Advertising business to scale globally.
• Operationalized Privacy by Design (PbD) program across all product teams and developed continuous compliance service to identify issues proactively by intelligent automation.

Apr 2017 – Jan 2019 · 1 yr 9 mos

• Leading & managing Security Engineering Team.
• My team owns & delivers SDL Process, Security Tooling Infrastructure/Services to support full stack security for modern engineering.

Sep 2013 – May 2017 · 3 yrs 8 mos

• Currently leading the effort to modernize security processes to align with DevOps.
• Lead the security integration effort to onboard Nokia Devices and Server Business on to Microsoft’s SDL as part of company wide Venture Integration project.
• Managed a global team of full time and vendors across time zones to deploy “Fortify - Static Code Analysis” and “WebInspect - Dynamic Analysis” enterprise security tools across engineering groups.

Sep 2011 – Sep 2013 · 2 yrs

• Leading the development of Control Assessment Methodology and onboarding RSA Archer tool for Governance, Risk and Compliance Implementation for various risk assessments.
• Invited speaker on “Making Security Truly Matter: Security Controls, Threats and Assessments” at Archer GRC Summit 2013.
• Process owner and lead for defining the process and framework for implementing EGRC solution for Microsoft Enterprise. Successfully on boarded multiple solutions on Archer SmartSuite Framework which streamlined ACE’s assessment processes.
• Developed and implemented a new age of security assessment methodology based on controls for assessing critical targets in the enterprise for security, privacy & regulatory requirements.

Aug 2007 – Sep 2013 · 6 yrs 1 mo

• Responsible for developing and implementing Security Development Lifecycle for Line-of-Business Applications (SDL-LOB) process Link: http://msdn.microsoft.com/en-us/library/dd831975.aspx which defines the standards and best practices for securing business critical applications in Microsoft.

Feb 2005 – Aug 2007 · 2 yrs 6 mos

• Provide application security consultancy to Microsoft internal customers and external customers.
• Successfully hired & managed team of Security experts to deliver quality security assessment services in India and was instrumental in establishing and growing ACE team in India.
• Conducted security code reviews, design review and black box assessments of over 200 LOB applications for Microsoft IT and external customers for Microsoft via MCS- Microsoft Consulting Services.
• Invited Speaker for various Security events and briefings on application security and technology events such as TechMela’07.

Jul 2004 – Feb 2005 · 7 mos

• Worked for HP’s “Digital Defense” security team responsible for providing world class security services to fortune 500 companies spanning across verticals like banking and finance, telecommunications and automobile.
• Designed and executed black box testing procedures for mission critical web applications.
• Recipient of Spot Award from Hewlett Packard for excellent performance in Application security code review project for Microsoft.

Jan 2001 – Jun 2004 · 3 yrs 5 mos

• Lead the Information Warfare security team in the company and developed training offerings on defensive & offensive Information operations, ethical hacking techniques, intrusion detection and network security awareness.
• Responsible for trainings & building up security team to offer security consultancy to our customers such as government and Indian defense organizations.
• Chief instructor for Information warfare trainings which covered topics such as Defensive & Offensive Information Operations, ethical hacking techniques, Intrusion Detection Tools and Network Security Awareness.