Dec 2025 – Present · 6 mos

• Co-lead the definition and evolution of AIBOM requirements, use cases, and open-source tooling to improve transparency and risk management across AI supply chains.

Sep 2025 – Present · 9 mos

• Serve as an initiative lead and core team member shaping OWASP’s approach to securing agentic AI systems, including threat modeling, guidance, and community direction. Core contributor for security papers, including OWASP Top 10 for Agentic Applications.

Jul 2025 – Present · 11 mos

• Created and co-lead OWASP FinBot CTF, an open-source agentic AI CTF that operationalizes real-world agentic threat scenarios and translates research into hands-on security learning. Adopted by academia and security training programs, with ongoing expansion through new modules.

Nov 2024 – Present · 1 yr 7 mos

• Co-author and co-lead OWASP Agentic AI guidance defining key agentic AI threats and practical mitigations, helping organizations understand and address emerging agentic risk patterns.

Apr 2025 – Present · 1 yr 2 mos

• As part of SAP’s Global Security & Cloud Compliance organization, Helen leads the strategy for securing software and AI systems across SAP’s ~€36 billion global business. She drives the implementation of security-by-design across development, CI/CD, and open-source ecosystems supporting about 40,000 engineers worldwide.
• Helen advances SAP’s AI and agentic AI security initiatives — spanning MLSecOps, trustworthy AI development, and readiness for the EU AI Act and ISO 42001 — ensuring innovation, compliance, and resilience move together. Her leadership shapes how secure and responsible AI is designed and implemented across one of the world’s largest enterprise software portfolios.

Apr 2024 – Apr 2025 · 1 yr

• Helen plays a pivotal role in SAP’s Global Security and Cloud Compliance organization, driving strategic initiatives that embed security-by-design and security-by-default principles across SAP’s vast engineering ecosystem. She spearheads the optimization of security processes for thousands of teams through Secure Development and Operations Lifecycle automation and leads efforts to secure SAP’s software supply chains, including safeguarding CI/CD pipelines, enhancing open-source security, and advancing AI security with cutting-edge MLSecOps and AI transparency practices. As a recognized leader, Helen directs a team of senior security experts, developers, and architects, ensuring alignment on critical objectives. Her ability to cultivate strong stakeholder relationships and communicate effectively with executive leadership underscores her position as a trusted authority in driving SAP’s security strategy.

Feb 2022 – Apr 2024 · 2 yrs 2 mos

• Helen Oakley, CISSP, GPCS, GSTRT, is a Lead Security Architect for software supply chain security at SAP - a multi-pillar environment, complex landscapes of technologies and pipelines. She defines the strategy and architecture for software supply chain security, including AI/ML software supply chain and security, defining automation and orchestration of software bill of material (SBOM) across all pipelines and assemblies, leading a team of architects, senior developers and DevOps professionals who implement the solution. Helen directs a team of security professionals to document and implement security requirements for DevSecOps and MLSECOPS, defining the safeguards and open-source & 3rd party software practices to mitigate software supply chain risks across cloud application infrastructure.

Jul 2021 – Apr 2024 · 2 yrs 9 mos

• Product standard security and secure software development and operations lifecycle owner.
• As part of SAP Global Security, Helen is responsible for defining requirements and controls for SAP’s Secure Software Development & Operations Lifecycle, Product Standard Security and Data Protection. It is accomplished through the tasks and responsibilities that support these 3 main pillars:
• Translate legal requirements and industry standards into software and architectural requirements, contributing into a cross-product architecture at SAP, provide direction to product / development teams to implement the correct technical capabilities
• Define and continuously improve SAP’s secure software development & operations life cycle that guides development teams to apply an appropriate level of security measures, including mitigation of software supply chain risks
• Provide training and consulting to the product / development teams to ascertain their understanding of the data security and data protection product standard requirements are correct, and the technical capabilities will be implemented correctly

Nov 2020 – Jul 2021 · 8 mos

• Collaborating with business and technology stakeholders to define and enhance security solutions based on changing threat and regulatory landscape. Translating business requirements into well-defined architecture guidance for development teams.

Jan 2018 – Nov 2020 · 2 yrs 10 mos

• Responsible for security of applications across Financial Services portfolio, banking and insurance, at SAP. Responsibilities include but not limited to: data protection and privacy, security assessments, security compliance processes and procedures throughout software development lifecycle, penetration test.

Dec 2016 – Jan 2018 · 1 yr 1 mo

• Applied application security practices to Financial Services solutions, banking and insurance applications, ensuring compliance, risk mitigation, and secure development practices.

Jul 2015 – Dec 2016 · 1 yr 5 mos

• Led security and quality assurance testing efforts, including penetration testing, installation testing, component and process integration testing, upgrade/migration testing, and full system validation.
• Defined test strategies and plans; coordinated test execution across teams; delivered training, reviewed test cases/scripts, and prepared comprehensive test summaries.
• Conducted manual and tool-assisted penetration testing using tools like Burp Suite and OWASP ZAP; identified software vulnerabilities and designed targeted test attacks.
• Developed installation and upgrade test strategies based on supported platforms and application dependencies, ensuring smooth deployment for new and existing customers.
• Designed end-to-end process integration tests by mapping cross-system dependencies and validating successful business flow integration through white-box and black-box testing approaches.

Jan 2014 – Dec 2016 · 2 yrs 11 mos

• Planning and executing complex development projects for insurance applications.
• Responsible for the planning, management and co-ordination of the Release deliverables across teams of on-premise and on-demand (SaaS) web applications; working with SAP technologies such as HANA, NetWeaver, Enterprise Services, SAPUI5 / Fiori
• Provides release strategy and delivery method based on product vision, architectural design, complex integrations with other SAP components and SAP Product Standards compliance
• Develops, audits, monitors and enforces established release management and change management processes and policies
• Acts as the gatekeeper through SDLC, ensuring completeness, consistency and accuracy in policies and operational procedures; assures compliance across SDLC (including security)
• Develops a common understanding of priorities for multiple complex releases spanning across multiple customer projects; facilitates information to involved teams
• Provides details on improvements for process areas, such as procedural changes, staff training, technology changes

Jan 2025 – Present · 1 yr 5 mos

• Delivering high-end keynotes on the intersection of AI and cybersecurity, including topics such as agentic AI, software supply chain security, and software transparency. Represented by A-Speakers — an award-winning global speakers bureau known for its focus on growth and exceptional service.

Sep 2024 – Present · 1 yr 9 mos

• The AI Integrity and Safe Use Foundation (AISUF) is a non-profit organization dedicated to developing an AI transparency framework that empowers organizations to create and acquire secure, resilient, and ethically sound AI systems.

Jul 2024 – Feb 2025 · 7 mos

• Helping the company navigate the dynamic industry landscape, ensuring innovative approaches and robust security measures.

May 2024 – Jun 2025 · 1 yr 1 mo · United States · Remote

• Co-lead the AIBOM Tiger Team under Cybersecurity and Infrastructure Security Agency (CISA), driving definition and publication of AIBOM use cases and aligning AIBOM requirements with CycloneDX and SPDX standards to support real-world adoption.

Nov 2023 – Jun 2025 · 1 yr 7 mos · Toronto, Ontario, Canada

Feb 2023 – Present · 3 yrs 4 mos · Toronto, Ontario, Canada

• Advisory for SecTor Executive Summit - Canada's Premier CISO Event, regional BlackHat event.

Feb 2021 – Present · 5 yrs 4 mos

Oct 2019 – Present · 6 yrs 8 mos · Toronto, Ontario, Canada

Nov 2018 – Present · 7 yrs 7 mos · Toronto, Ontario, Canada

• Co-founded and lead the Toronto chapter of a global community advancing women in cybersecurity. Drive strategy, partnerships, and long-term growth, scaling programs across meetups, education, and mentorship while building strong cross-community and industry collaboration.

Oct 2018 – Dec 2021 · 3 yrs 2 mos · Toronto, Canada Area

• Providing educational sessions and mentoring in cybersecurity for kids.

Sep 2012 – Dec 2013 · 1 yr 3 mos

• Responsible for the planning, management and co-ordination of the Release deliverables of on-premise and on-demand (SaaS) applications
• Develops, audits, monitors and enforces established release management processes and policies
• Acts as the gatekeeper through SDLC, ensuring consistency in policies and operational procedures
• Develops a common understanding of priorities for multiple complex releases spanning across multiple customer projects
• Provides details on improvements for process areas, such as procedural changes, staff training, technology changes

Sep 2010 – Sep 2012 · 2 yrs

• Team lead for test projects: test planning and daily coordination of activities according to plan; test case review and training
• Development of test documentation: test plan, test summary / report, test cases; system test scenarios (E2E, including data migration and integration) and other supporting documentation as configuration specs, test matrix and more
• Test execution: functional, system, regression, white box test, black box test, web services and more; developing scripts for test data; intercepting HTTP requests and responses using Fiddler for test verification
• Installation, configuration, migration, integration of web application
• Incident logging with JIRA and analysis
• Deployment of web application across various technology stack
• Automation test scripting (TestPartner, NeoLoad)
• QA process improvements: defining, implementing and documenting new processes, following industry best practices and adjusting to company's needs
• Participated in hiring process for Quality Analysts and Testers

May 2008 – Sep 2010 · 2 yrs 4 mos

• Development of test documentation: test cases, system test scenarios and other supporting documentation as configuration specs, test matrix and more
• Test execution: functional, system, installation, configuration, regression, white box test, black box test, web services and more
• Incident logging and analysis
• Deployment of web application
• Automation test scripting