Richard Lewis

Security Program Leader | Driving Secure Software & Enterprise-Scale Security Programs

United States

About

I’m a cybersecurity program leader focused on delivering measurable security outcomes, aligning initiatives with business priorities, and enabling cross-functional collaboration. My career journey started deep in the throes of application security, and these days I build security programs and manage risk! My ideal role is to serve as the strategic executor for the CISO, translating security vision into measurable, mature, enterprise-ready programs. Its a win-win: The CISO sets the strategic direction, and I partner with security owners and the business to drive execution, embed governance, and operationalize programs. Of course, always consulting with the CISO to ensure rigor and alignment! My approach is people-first, ensuring security programs goals incorporate the business context that’s often overlooked, so initiatives deliver real value while maturing the organization. This model lets the CISO focus on vision and priorities while I deliver operational impact and program maturity. As Security Principal at Smartsheet (IPO to Private Equity phase), I led embedding of secure SDLC practices, threat modeling, and developer tooling, reducing critical vulnerabilities by ~40% and cutting delivery bottlenecks by 60%. I later progressed to Security Program Director, reporting to the CISO and driving enterprise-wide program maturity and governance for the past 5 years. At Microsoft, I delivered similar results, reporting skip-level to the CISO and helping shape enterprise security strategy for IT. As a person of faith, integrity and quality guide everything I do, and I believe the most impactful security work combines technical rigor, strategic alignment, and strong professional relationships

Experience

  • Smartsheet (6 yrs 8 mos)
    • Director of Security Programs
      Aug 2024 - Oct 2025 · 1 yr 3 mos

      As Security Principal at Smartsheet (IPO to Private Equity phase), I led embedding of secure SDLC practices, threat modeling, and developer tooling, reducing critical vulnerabilities by ~40% and cutting delivery bottlenecks by 60%. I later progressed to Security Program Director, reporting directly to the CISO and driving enterprise-wide program maturity and governance for the past 5 years.

    • Principal Engineer
      Mar 2019 - Aug 2024 · 5 yrs 6 mos

  • Senior Application Security Architect at 2K
    Nov 2016 - Mar 2019 · 2 yrs 5 mos

    Responsible for architecting end-to-end cybersecurity technical strategy and subsequent technical management during solution engineering for anti-tamper/piracy/cheating, virtual currency fraud detection/elimination, data protection, and secure game development lifecycle across studios, games and IT apps at 2K.

  • Microsoft (9 yrs 9 mos)
    • Principal Security Architect
      Jan 2007 - Sep 2016 · 9 yrs 9 mos

      Conducted application security design and code reviews, threat modeling and security training for about 55 enterprise Microsoft customers.

    • Business Risk Manager
      Jan 2007 - 2016 · 9 yrs 1 mo

      Led security and risk management for two of Microsoft largest IT divisions. I helped create IT's risk posture to support business objectives, and provided emerging technologies guidance/trends to help make risk-aware decisions. I also contributed to Microsoft's third-party supplier/solution security and privacy assurance program.

  • Lead Security Engineer at Tata Consultancy Services
    1998 - 2005 · 7 yrs

    - Designed and implemented the security overlay for a nation-wide classified Indian Army project. later dedicated by the President of India – http://www.indiaprwire.com/pressrelease/computer-networks/2006022552.htm - Led a UK nationwide PKI-based e-assessment system for the QCA. The project won the "Computing Awards 2005: Innovative Project of the Year" award. - Designed and co-developed security products – Desktop encryption client, Cryptographic Soft-token API and a JNI-implementation for a C++ based cryptographic API. - Developed Smart Rupee Systems (SMARS) for the Reserve Bank of India.