Trur Security, a veteran-owned and operated company founded in 2023, embodies my belief that security doesn't have to be a daunting challenge. I am committed to making security an integral and accessible aspect of products, emphasizing that the journey to robust protection can be a seamless and user-friendly experience. Trur Security is dedicated to enhancing the overall quality of products, employing a secure-by-design approach that ensures a foundation of resilience against potential threats. By positioning security as a feature rather than an obstacle, Trur Security aims to empower new and small companies, guiding them in constructing secure foundations for their endeavors.
Previous Experience:
Director - Product Security, Zillow Group (2019 – 2023):
Built and led a DevSecOps team, integrating automated security into Zillow Group's GitLab and SDLC environments.
Developed CI/CD processes for identifying and addressing security vulnerabilities, ensuring compliance with regulatory bodies.
Consolidated security findings into data-centric reporting, providing leadership with insights for informed decision-making.
Target (2015 – 2019):
Principal Cyber Security Engineer (2016 – 2019): Led the Computer Incident Response team, deploying the Hunt Maturity Model to enhance threat detection.
Lead Offensive Security Engineer (2015 – 2016): Built and maintained Pen Testing procedures and standards, introducing automated testing routines.
Professional Bio:
With over 12 years of management experience in both military and civilian contexts, I am a seasoned professional known for spearheading comprehensive security initiatives that foster a culture of awareness and resilience within diverse enterprises. As the Director of Product Security at Zillow Group since 2019, I have built and led a dynamic DevSecOps team, driving the integration of security practices into the development lifecycle. My expertise lies in building intelligence-driven security programs, orchestrating the implementation of application security initiatives, and optimizing security budgets for maximum effectiveness.
Core Competencies:
Web Application Security
Team Training & Leadership
Vulnerability Assessment
Regulatory Compliance
Incident Management
Continuous Improvement
Security Governance
Cross-functional Collaboration
Strategic Planning & Execution
Risk Assessment & Mitigation
Vendor Management
Key Accomplishments:
Built and led security functions across all areas, transitioning enterprises to intelligence-driven security programs.
Empowered businesses to make informed decisions regarding security posture and risk tolerance.
Orchestrated the implementation of application security programs integrating with DevOps practices.
Recognized as a featured speaker on various information security topics.