San Francisco Bay Area
• 33+ years of executive leadership in IT, cybersecurity, risk, and regulatory compliance across complex enterprise environments • Enterprise security leader driving AI governance, incident response, and security engineering with a strong business-alignment focus • Proven track record leading organizations through SOC 2 and PCI DSS compliance and strengthening enterprise control maturity • Deep expertise across security frameworks including ISO 27001/27002, NIST CSF, FIPS, ITIL, and COBIT • Broad technical foundation spanning network security, security operations, cryptography, PKI, SSO, application security, and disaster recovery • Cloud security leadership across AWS (EC2, S3) and Microsoft Azure environments • Champion of secure-by-design architecture and shift-left security integration within engineering lifecycles • Trusted cross-functional collaborator translating risk into business outcomes and customer trust • Certifications: CISSP, CISA, CISM, PCI-ISA, Security+, Six Sigma Black Belt • Education: MBA (Information Technology concentration); B.S. in Management Information Systems
• Built and led high-performing Security and IT organizations, scaling the teams across key functions including infrastructure, support, applications, and security. • Spearheaded AI adoption and governance enterprise-wide; established and chaired the AI Adoption Council to ensure responsible and strategic use of generative AI. • Drove IT transformation initiatives that enabled the company to achieve breakeven, reach default-alive status, and ultimately attain profitability. • Designed and deployed agentic AI systems for employee self-service, improving operational efficiency and reducing response times by 80%. • Developed and executed a four-pillar enterprise security strategy aligned with corporate mission, vision, and business objectives. • Led a successful enterprise-wide migration from OneLogin to Okta and transitioned endpoint management from Jamf to Kandji, enhancing identity and device security. • Reduced alert fatigue and enhanced detection capabilities by deploying and tuning Rapid7 InsightIDR across the environment. • Implemented scalable customer identity access management using Auth0, establishing foundational product security practices. • Decreased customer-facing fraud by 95% through the deployment of a proprietary Branch Abuse Management System. • Hardened perimeter defenses by rolling out Web Application Firewalls across all internet-facing assets, significantly reducing Layer 7 attacks. • Built and operationalized a comprehensive Application Security program, incorporating bug bounty, SAST, DAST, and container security controls. • Consolidated enterprise applications and optimized licensing, resulting in over $3M in annual cost savings. 2 • Re-engineered the customer security RFP response process, reducing turnaround from two weeks to three days. • Championed the deployment of enterprise AI tools including Google Gemini, Zoom AI Companion, and ChatGPT, accelerating productivity and innovation. • Oversaw all IT operations
Advise seed and series A security startups on products, strategy, and sales
Security Advisor at Ox.work supporting all security, governance, risk, and compliance
• Directed Security and IT functions for a high-growth fintech startup, leading a high-performing team of security and IT professionals. • Designed and implemented a customer-centric product security strategy that reduced fraud, mitigated risk, and enhanced user trust. • Led cross-functional collaboration to build and execute the company’s first enterprise security strategy, aligned with corporate vision, objectives, and growth goals. • Launched the company’s first Application Security program, including the successful rollout of the HackerOne bug bounty initiative. • Partnered with the Risk Sub-Committee of the Board of Directors to deliver quarterly reporting on key security, privacy, and fraud KPIs. • Established and operationalized a vulnerability management program, including SLA-driven remediation processes in collaboration with engineering. • Piloted and implemented Glean as the company’s first enterprise AI tool, improving knowledge access and employee productivity. • Designed the foundational security architecture for KOHO Bank, ensuring compliance with Canadian federal regulatory requirements. • Successfully led the company to its first PCI-DSS 4.0 certification within 8 months, and achieved compliance with Quebec’s privacy regulations.
• Joined Zoom at the onset of the global pandemic and led the design and execution of a company-wide security transformation during unprecedented hyper growth. • Scaled the global security organization professionals within 14 months, building functions across enterprise security, product security, DevSecOps, security operations, and red teaming. • Designed and operationalized the Zoom Apps third-party governance and risk review program • Led the development, implementation, and testing of Zoom’s enterprise-wide Security Incident Response Program; acted as Incident Commander and ran regular tabletop exercises. • Partnered with global engineering teams in the U.S. and China to prioritize and remediate critical vulnerabilities, achieving SLA targets and reducing security exposure. • Drove a 90% reduction in account takeover incidents through strategic implementation of Shape Security and deep engineering collaboration. • Supported enterprise HR systems modernization by partnering with HR and IT teams to deploy and secure Workday across the organization. • Expanded and matured enterprise SIEM capabilities using Splunk, ensuring comprehensive log ingestion and analytics across AWS, Oracle Cloud Infrastructure (OCI), and endpoint environments. • Implemented and integrated ServiceNow CMDB to improve enterprise asset, application, and service visibility and governance. • Led the evaluation and deployment of CrowdStrike EDR, replacing Carbon Black to improve endpoint threat detection and response capabilities. • Implemented Palo Alto Networks Prisma Cloud for cloud security posture management and SaaS visibility, enhancing infrastructure and application compliance. • Achieved HIPAA and FedRAMP file integrity monitoring requirements through deployment and operation of CimTrak. • Strengthened cloud DLP and SaaS data governance by collaborating with IT to implement application whitelisting and BetterCloud