United States
I’m a cybersecurity program leader focused on delivering measurable security outcomes, aligning initiatives with business priorities, and enabling cross-functional collaboration. My career journey started deep in the throes of application security, and these days I build security programs and manage risk! My ideal role is to serve as the strategic executor for the CISO, translating security vision into measurable, mature, enterprise-ready programs. Its a win-win: The CISO sets the strategic direction, and I partner with security owners and the business to drive execution, embed governance, and operationalize programs. Of course, always consulting with the CISO to ensure rigor and alignment! My approach is people-first, ensuring security programs goals incorporate the business context that’s often overlooked, so initiatives deliver real value while maturing the organization. This model lets the CISO focus on vision and priorities while I deliver operational impact and program maturity. As Security Principal at Smartsheet (IPO to Private Equity phase), I led embedding of secure SDLC practices, threat modeling, and developer tooling, reducing critical vulnerabilities by ~40% and cutting delivery bottlenecks by 60%. I later progressed to Security Program Director, reporting to the CISO and driving enterprise-wide program maturity and governance for the past 5 years. At Microsoft, I delivered similar results, reporting skip-level to the CISO and helping shape enterprise security strategy for IT. As a person of faith, integrity and quality guide everything I do, and I believe the most impactful security work combines technical rigor, strategic alignment, and strong professional relationships
As Security Principal at Smartsheet (IPO to Private Equity phase), I led embedding of secure SDLC practices, threat modeling, and developer tooling, reducing critical vulnerabilities by ~40% and cutting delivery bottlenecks by 60%. I later progressed to Security Program Director, reporting directly to the CISO and driving enterprise-wide program maturity and governance for the past 5 years.
Responsible for architecting end-to-end cybersecurity technical strategy and subsequent technical management during solution engineering for anti-tamper/piracy/cheating, virtual currency fraud detection/elimination, data protection, and secure game development lifecycle across studios, games and IT apps at 2K.
Conducted application security design and code reviews, threat modeling and security training for about 55 enterprise Microsoft customers.
Led security and risk management for two of Microsoft largest IT divisions. I helped create IT's risk posture to support business objectives, and provided emerging technologies guidance/trends to help make risk-aware decisions. I also contributed to Microsoft's third-party supplier/solution security and privacy assurance program.
- Designed and implemented the security overlay for a nation-wide classified Indian Army project. later dedicated by the President of India – http://www.indiaprwire.com/pressrelease/computer-networks/2006022552.htm - Led a UK nationwide PKI-based e-assessment system for the QCA. The project won the "Computing Awards 2005: Innovative Project of the Year" award. - Designed and co-developed security products – Desktop encryption client, Cryptographic Soft-token API and a JNI-implementation for a C++ based cryptographic API. - Developed Smart Rupee Systems (SMARS) for the Reserve Bank of India.