Irvine, California, United States
Innovative leader with a proven track record of building industry-leading cybersecurity and product security programs across healthcare and life sciences organizations. Deep expertise spanning medical device security, enterprise cybersecurity, FDA regulatory frameworks, and cross-organizational security initiatives. Frequent speaker at industry conferences and universities, passionate about advancing the field through teaching and mentorship.
Heading Edwards Lifesciences Product Cybersecurity program, Enterprise Cybersecurity Governance, Risk and Compliance and Vendor Risk Management programs.
• Established secure architecture and design framework for Baxter medical devices, working in pioneering field with no templates to follow • Led and oversaw architecture and secure design, risk management and regulatory submission aspects of cybersecurity on multiple product lines across two Baxter Global Business Units (Renal Acute and In-Center Renal) of total combined value over 4 billion dollars • Introduced number of unique, innovative models and processes, as part of secure architecture and design framework for medical devices development. Product decomposition or applying cybersecurity controls for medical devices would be good examples here. Patents were filled out by Baxter to protect those inventions • Designed and brought to life multitude of exemplary technical solutions, some tailored for individual products bringing them up-to-date with cybersecurity best practices from zero ground, and some forming cybersecurity platform, accepted across multiple business units and product lines in Baxter • Routinely oversaw and managed execution of multiple cybersecurity related projects, facilitating communication across number of business units, product lines and vendors, ultimately driving cybersecurity designs to their successful completion and significantly improving products’ cybersecurity posture
• Consulted VMware on improving security posture of vRealize product family (billion dollars project) • Led security assessment, re-design with security concerns in mind and mitigation efforts at database and application layers • Actively consulted on driving security assessment, re-design with security concerns in mind and mitigation efforts at web layer • Worked in conjunction with DISA and successfully generated new STIGs for PostgreSQL and Cassandra databases • Worked in conjunction with DISA and SME on site, actively participating in developing multiple new STIGs (HA Proxy, TC server, Lighttpd) at application and web server layers
• Conducted STIGs compliance audit for ASTRO system (over 150 individual products, servers and endpoints) • Performed risk assessment and risk analysis, based on the results of compliance audit • Drove implementation of security controls, based on results of risk analysis, interfacing with multiple product teams including third party vendors • Maintained NIST SP 800-53/DISA STIGs compliance database, keeping it up-to-date with latest findings and implemented compensation controls • Owned following security risks (on the whole ASTRO infrastructure level), performing security design reviews and consulting box teams across ASTRO platform on the compensating controls implementation topics: - Windows OS - Databases (PostgreSQL, Oracle) - Virtualization (VMware) - Antivirus (McAfee) - DNS Servers • Personally led architecture, design and development for multiple system level architecture features such as: - Integration of EMET across infrastructure - AAA authentication for ESXi and vCenter - Secure LDAP/ADLDS for DC Authentication - Moving /tmp to a separate partition • Led VMware hardening project affecting whole ASTRO infrastructure (STIGs analysis, findings assessment, hardening automation). Hardening involved all virtualization layers of the ASTRO system: from VMware vCenter and ESXi servers down to the individual VMs layer • Led integration of MVPN into the R7 Public Safety LTE Motorola Solution delivery package, resolving integration issues along the way. Delivered the MVPN Phase 2 project ready to be shipped to the customer, with high quality and on schedule • Architected, designed and developed Linux based PKI CA system (JBOSS, EJBCA). As part of the project personally led design and development of the following functionalities: - PKI CA/TA system upgrade - PKI CA/TA system backup and restore - JBOSS and EJBCA hardening - Ability of PKI CA/TA system to operate on non-root accounts - Certificates validation on CA/TA side of the PKI system