Relativity

March 2015 -- Jan 2018

Building a team

Starting from scratch, I built diverse team of 15 to cover Application Security, Network Security, Physical Security and Compliance. 50 are women. Additionally, the team has a very diverse cultural background, and was the most diverse at a company that strives for diversity.

Led start of ISO 27001 certification effort, later joined by other senior technical leadership. We completed certification in late 2017 and the start of SOC2.

Revised hiring practices to build talent from available engineers using work product samples to pre-qualify candidates.

Building Security Architecture

Working with multiple teams, drove the security architecture design of the RelativityOne cloud service. As the first security hire, delivered security awareness training in person for all engineers. Created basic security awareness for entire company. Was ambassador for Security Awareness thought the company, from the time there were 100 employees to the time that there were 800. Oversaw external penetration tests on Relativity Software, Network, and physical infrastructure. Responded to customer's penetration tests on the Relativity software, and coordinated the repair and retest. Designed and ran Incident response. We achieved 85% employee proper response to a massive phishing attack. Led technical security response to each customer's inquiries regarding the security measures we were using to build of RelativityOne

Security Awareness

For the duration of my work at kCura/Relativity, I conducted in-person Security Awareness training for all developers in the company, including contractors. This included case histories from security disasters in the news, with lessons from each of them. I co-authored the general security awareness training for the entire company. Further, I would walk around and check in with everyone, open to questions and concerns about security.

March 2012 -- March 2015 (as a consultant)

Security Model

Introduced concept of SAMM (Software Assurance Maturity Model) to kCura Product Development.

Security Training

Conduct training kCura developers in the art of penetration testing and leading the Software Security team.

Penetration Testing

Executed multiple rounds of penetration testing on kCura's Relativity. Authored and delivered Security Awareness training to all kCura development and QA staff. Delivered to each set of new onboarding staff. Advise kCura software architecture staff on security concerns. Advise kCura product managers on relative security of feature sets.

Communication with Leadership

Advise kCura's C-level executives on general matters of security. Build kCura's internal Software Security team. Review, respond and recommend responses to externally performed penetration tests on kCura's products.