Chief Information Security Officer

Vision-driven and collaborative CISO with 20+ years of cybersecurity and IT leadership experience, including roles as both CISO and CIO across SaaS, Agentic AI, Physics AI, networking/telecom (SD-WAN, SASE, SSE, Video Conferencing, Collaboration, Telephony), financial services, and healthcare sectors. Proven ability to align security strategy with business objectives, reduce operational risk, and build trust with executives, boards, and customers. Adept at leading security transformations, driving compliance efforts, and embedding security into Agile and CI/CD environments to maintain velocity without compromising integrity. Known for building high-impact teams, reducing incident response times, and delivering security as a business and sales enabler driving revenue growth.

Security Programs: Enterprise Security Strategy, DevSecOps Integration, Secure SDLC, Cloud Security (GCP, AWS, Azure), Product Security, Security Operations, Security Awareness & Culture, Identity & Access Management, Third-Party Risk, Incident Response, Business Continuity, Disaster Recovery, Risk Management, Board Reporting, Governance & Policy Development, Metrics & KPIs, Security Champions Programs

Compliance Frameworks: ISO27001, 31000, 20000-1, 22301, 9001; SOC 2 (Type I & II), NIST 800-171, NIST 800-53 | Regulatory: FedRAMP, CMMC, HIPAA, GDPR, CCPA, PIPL

Professional Experience

Luminary Cloud, Inc • San Mateo, CA 05/2024 - Present
Head of Security (VP Security and Compliance) CISO/CIO

• Demonstrated transformational leadership skills, driving the adoption of mature practices with emerging technologies to significantly improve cyber resilience for the enterprise.
• Optimized cloud infrastructure configuration management eliminating low utilization tools resulting in significant cost savings resulting in a 20% reduction in cloud spend
• Designed and successfully implemented a robust DevSecOps framework, accelerating resilient software delivery and lowering the overall cost of development
• Developed security program for Generative AI around Physics AI simulation and chatbot assistant

Aryaka Networks, Inc • San Mateo, CA 06/2019 - 05/2024
Chief Information Security Officer (CISO) / Chief Information Officer (CIO)

Executive responsibility for the organization's cybersecurity, privacy, business systems and IT risk management. Directed a cross-functional team of 28 and managed a $10M budget, aligning security initiatives with business goals

• Drove security transformation initiatives, including the adoption of SSAE 18 standards for SOC 2 reporting and achieving ISO/IEC 27001 certification.
• Successfully created a comprehensive vulnerability management program, Implemented continuous security awareness training, increasing responsiveness of the security program across the org and reducing incidents by 30%.
• Scaled IT and security teams, enhancing the organization's ability to manage risk and security.

Elementum SCM, Inc • Mountain View, CA 2017 - 2019
Head of Security

Developed Information Security Management System (ISMS) based on ISO27001/ISO27002 framework for supply chain management service provider.

• Obtained ISO/IEC 27001 certification within the first 90 days after restart, resolving major non-conformity issues found during phase 1.
• Developed Security integration into CI/CD process through micro-services and micro-deployments reducing sprint to deploy from 4 weeks to continuous deployment.
• Drove SSAE 16 SOC2 Type 2 certification after one year with no documented findings
• Established regular vulnerability assessments and penetration testing and reduced exposed vulnerabilities by 20%
• Implemented 3rd party license compliance program and eliminated license violations such as copyleft, GPL. Reduced 3rd party library vulnerabilities by 60% and libraries with vulnerable methods in use by 90%.

Blue Jeans Network, Inc • Mountain View, CA 2014 - 2017
Sr. Manager, Information Security (acting CISO)

Developed Information Security Program based on ISO framework for cloud-based video conferencing solution.

• Provided critical support to the sales team on pre-sales and post-sales customer security evaluations to help close deals.
• Established Security Champions program leveraging cross-functional software engineering resources as a security force multiplier.
• Coordinated security efforts across departments and functions
• Three-years SSAE 16 SOC 2 security audit with unqualified reports
• Integrated and managed Security Information Event Management (SIEM) system
• Implemented software static code analysis systems

Kaiser Permanente • Pleasanton, CA 2010 – 2014
Information Security Consultant Specialist

Provided Risk Management and mitigation recommendations for projects in a large healthcare organization covering Kaiser's multiple regions providing Project Lifecycle Security Engagements for information technology projects.

• Identified potential risk, consulted on correcting or reducing risk and created reporting if uncorrected
• Performed risk assessments on new projects
• Consulted with Security Operations Team on security events

Security Operations Center Lead

Lead for a team of security analysts providing response and investigations into security events and incidents in a large healthcare organization.

• Developed automation for data-loss-prevention (DLP) tools, reducing workload from 16 man hours for single operation to 2 man hours / day
• Responded to events from Security Incident Event Management (SIEM) system distilling 50 million events into a few hundred actionable items per week.
• Investigate cases of fraud and abuse.

Education

• Masters of Science • Information Security and Assurance
• Bachelors of Science • Information Technology: Security
• Computer Communications Systems Control Specialist - U.S. Air Force
• Basic Military Training - U.S. Air Force

Certifications

• CISSP 53360 current
• GIAC GWAPT Web Application Penetration Tester
• CCNA Security CSCO12076222
• C|EH certified ethical hacker
• C|HFI certified hacking forensics investigator

Volunteer Leadership

Silicon Valley Chapter, Information System Security Association 2009 - Present
President (volunteer)

President of the board of directors for the Silicon Valley chapter of the Information System Security Association (SV-ISSA) from 2009 to present.

• Chairing board meetings, organizing community events, chapter meetings, and annual security conferences.
• Managing team of volunteers for non-profit 503(c)(6) professional organization

Command Pilot, Angel Flight West 2021 - Present
Pilot (volunteer)

Volunteer pilot providing free air travel for patients in need of medical care across the western U.S.

Pilot, Flying Samaritans Mother Lode Chapter 2022 - Present
Pilot (volunteer)

Volunteer pilot for medical missions to free clinics in Baja California, Mexico.