Download PDF

Professional experience

Aug 2023present

Senior Director, Product Security (Secure Design, Secure AI)

Salesforce
  • Envision and execute secure SDLC practices for multi-billion dollar SaaS offerings.
    • Currently leading initiatives to securely design and develop scalable platforms that leverage AI technologies, by integrating cutting edge research with operational security.
    • Integrating tightly across the SDLC to assure e-commerce platforms, PaaS offerings, and additional internal efforts, by providing high quality SDL services.
    • Contributed to quarterly board reporting of Security Assurance outcomes.
  • Building a practical vision and strategy for large organizations
    • Influenced the work and direction of 200+ individuals by defining the annual and multi-year strategy for the Security Assurance organization along with fellow leaders.
    • Led high impact programs that positively impacted security champions, proactive SAST and supply chain risk.
    • Leveraging latest Generative AI techniques to improve the team's operational effectiveness.
  • Defined and executed a new security function from scratch.
    • Created a Secure Design function from scratch to set up durable controls that impact the earlier stages of the SDLC. Delivered projects and programs that positively impacted the entire organization.
    • Leading international and matrixed teams of highly skilled, junior and experienced engineers and leaders that collaborate with product, engineering and security organizations.
  • People-centric leadership of diverse, high impact teams with a focus on productivity, quality and wellness.
    • Fostered a culture of creativity and innovation in a 25+ person organization.
    • Cultivated a "start-up" mentality that adapted to a larger organization, thus allowing teams to experiment, prototype, fail fast within the team, and scale successes outside.
    • Coached first time and experienced leaders, supported their career and teams.
Dec 2020Aug 2023

Director, Security Assurance (Commerce, PaaS)

Salesforce
  • Promoted shift-left best practices across the SDLC
    • Led the vision and execution of integrating various activities within Commerce Cloud, such as architecture design reviews, threat modeling, automated workflows, security champions, bug bounty, static analysis and third party security.
    • Engaged in the development of security policies and their implementation.
    • Successfully developed and grew a security champions program by partnering closely with engineering teams, as a means of multiplying the security impact.
  • Provided pragmatic security services to technical teams in the Commerce and PaaS domains.
    • Domain expertise in e-commerce, digital payment workflows and payments integration.
    • Supported multiple tech stacks in both self-hosted and cloud environments.
    • Supported partner teams in compliance audits and risk prioritization conversations.
  • Successfully merged new acquisitions into existing security services by balancing centralized services with customized requirements.
    • Integrated security teams, tools and processes from acquisitions through active collaboration, and lessons learned from both merging businesses.
    • Created a culture where the security team is viewed as a partner, rather than a hurdle, by product, engineering, program and customer support teams.
  • Leading through changes, both internal and external to the organization.
    • Led through changes during the pandemic, balancing the needs of the team and the organization as we moved into a remote-first world.
    • Leveraged agile methodologies to efficiently operate the team, and deliver quality results.
    • Fostered innovations in tools and processes to support challenges faced by technical teams.
    • Leader of individual contributors, with a maximum span of control of 18.
Nov 2019Dec 2020

Principal Product Security Engineer

Salesforce
  • Technical Lead for application and infrastructure security efforts in Commerce Cloud. Actively collaborated with engineers and leaders from multiple teams to improve security controls. 
  • Actively performed and led architecture design reviews, threat models, code reviews and pentesting for high risk projects. 
  • Regularly contributed to product roadmap and security strategy, ensuring that security conversations are a part of early product plans.
  • Created and presented security content to developers regularly to educate them on security issues and mitigation strategies.
  • Built relationships with developers, architects, engineering and security leaders, and supported their security needs in a collaborative manner.
  • Subject matter expert in time-sensitive incidents, containment and mitigation strategies.
  • Mentored junior security engineers, supporting their career and technical growth.
July 2017Nov 2019

Lead Product Security Engineer

Salesforce
  • Primary point of contact for the application security efforts of several products in Commerce Cloud.
  • Engaged in threat modeling, code reviews, automation, static analysis and developer training.
  • Integrated newly acquired businesses with existing security tools and processes.
  • Built internal tooling that assisted with analyzing dependencies and code flows for .Net projects.
  • Supported agile efforts within the team to create efficient ways of driving and tracking work.
Nov 2015July 2017

Principal Security Researcher

Hewlett Packard Enterprise
  • Researched malware detection strategies by analyzing DNS traffic. 
  • Identified new detection and mitigation techniques for web application vulnerabilities using dynamic and runtime technologies.
  • Engaged in the design of a new runtime platform that created IAST and RASP capabilities.
May 2013Oct 2015

Software Security Researcher

HP Security Research
  • Researched new vulnerabilities and developed algorithms to attack, detect and protect web applications by leveraging dynamic and runtime technologies.
  • Developed detection rules for various vulnerabilities using DAST and IAST tools.
  • Presented at internal & external conferences on new attack and detection techniques.
  • Designed and developed industry-first solutions for automating attack scenarios using DAST and IAST techniques.
Jun 2011May 2013

Software Designer

HP Security Research
  • Research and Development of automating web application vulnerability detection.
  • Updated various parts of WebInspect's audit engine to improve detection capabilities.
  • Patented new ideas and implemented them into WebInspect's toolset.

Education

Aug 2009June 2011

Master of Science (MS), Information Security

Georgia Institute of Technology

Focused on systems and application security. Interned and co-oped at HP, resulting in a final thesis that was implemented in HP WebInspect.

Sep 2005May 2009

Bachelor of Engineering (BE), Computer Science & Engineering

Thiagarajar College of Engineering

Graduated by achieving the Best Outgoing Student Excellence recognition - an honor bestowed upon one male and female graduating student each year across the entire university.