Eddy Wong

BISO at Salesforce, Inc. | CISSP | CSSP | SAFe | PMI-ACP

San Francisco, California, United States

About

Security and EngOps leader with 20+ years experience building globally diverse, engineering, operations, and PMO organizations focused on operational excellence and delivery of customer centric services, programs, and infrastructure. Experienced leader who can attract, maintain, and grow cross disciplined DevOps and DevSecOps talent. Trusted security advisor for Business Unit C-level executives on a wide variety of IT risks, issues, concerns, and problems, ensuring business processes incorporate adequate information security controls and processes that elevate our NIST CSF maturity. Program leader with a track record delivering high profile revenue generating and foundational infrastructure programs in Global Retail, E-Commerce, PaaS, and Security at Scale.

Experience

  • Business Information Security Officer (BISO) of Mulesoft at Salesforce
    Dec 2019 - Present · 6 yrs 8 mos

    M&A Security Integration Oversees strategic programs and drives operational excellence by working closely with key stakeholders and executives on trade offs and prioritization of board level Trust commitments. These include programs such as: FedRamp, PCI, SOC2, and SOX audit and remediation, Customer MFA, Infrastructure MFA, IDM migration, SSDL adoption, Bug Bounty program, secrets management, and Sev0 remediation.

  • Gap Inc. (21 yrs 1 mo)
    • Director of Information Security, CloudSecOps
      Jul 2018 - Nov 2019 · 1 yr 5 mos

      Led the cloud security architecture, engineering, and operations teams responsible for foundational security services in multi-substrate clouds on Azure and Oracle Cloud, providing a secured framework that enabled the digital transformation and migration from our first party data center into the cloud. Responsible for all 3rd party security SaaS solutions and integrations and security tooling that enabled discovery, identification, and protections capabilities such as TVM, container scanning, secrets management, IDM, and security admin.

    • Director of Information Security – Security Engineering and Operations - SecOps
      Aug 2015 - Jul 2018 · 3 yrs

      SecOps leader responsible for end-to-end design, engineering, and operations of critical security functions, such as data protection, encryption, tokenization, vulnerability management, logging, and endpoint hardening. Promoted DevSecOps culture by hiring a team of security centric DevOps engineers with a desire to simplify and automate shift-left security controls into CI/CD and source pipelines. Recruited and hired a security operations center in Hyderabad, India to provide 24x7 global support and coverage for our critical encryption, PKI, tokenization, database monitoring and endpoint security agent services. Designed and led the GDPR data protection and data governance program providing general counsel the data mapping, flow, and classification of sensitive PII and PCI data across 700 applications and hundreds of structured and unstructured databases.

    • Director of Technical Program Management, Global Infrastructure Delivery
      Feb 2012 - Aug 2015 · 3 yrs 7 mos

      Technical program director leading cross-functional security initiatives, e-commerce integrations, along with store technology refreshes. Responsible for portfolio program management consists of dozens of Agile, Lean, and Waterfall initiatives in security, stores, and e-commerce enabling large scale application deployments running the next generation point of sales applications to revamping online and store networks enable segmentations and firewall policies in support of PCI DSS. Accountable for a multi-year, $30 million dollar project to modernize and overhaul the store network and wireless infrastructure across 2600 stores