Proven Information Security Leadership for all industry verticals at every stage.
Quick navigation
Highlights
    Resume
    References
    What to Know
    Information Security and Privacy Program Management Skills
    Risk Assessment and Management:
    +Conducting thorough risk assessments to identify potential security threats and vulnerabilities.
    +Developing and implementing risk management strategies to mitigate identified risks.

    Security Policy Development and Implementation:
    +Crafting comprehensive information security policies and procedures.
    +Ensuring policies are up-to-date with current regulations and best practices.

    Compliance and Regulatory Requirements:
    +Understanding and ensuring compliance with relevant regulations such as GDPR, HIPAA, and PCI-DSS.
    +Keeping abreast of changes in laws and regulations that impact information security and privacy.

    Project Planning and Execution:
    +Defining project scope, objectives, and deliverables in line with business goals.
    +Developing detailed project plans, timelines, and budgets.
    +Leading cross-functional teams to execute security and privacy initiatives.

    Incident Response and Management:
    +Developing and managing incident response plans.
    +Coordinating responses to security breaches and privacy incidents.
    +Conducting post-incident analysis to improve future response efforts.

    Security Awareness and Training Programs:
    +Designing and implementing training programs to raise awareness of security and privacy practices among employees.
    +Ensuring continuous education and training to keep the workforce informed about the latest threats and best practices.

    Vendor and Third-Party Risk Management:
    +Evaluating the security posture of vendors and third parties.
    +Managing relationships and ensuring third-party compliance with security standards.

    Monitoring and Auditing:
    +Implementing monitoring tools to detect and respond to security incidents.
    +Conducting regular audits to assess the effectiveness of security controls.

    Leadership and Communication:
    +Leading and motivating security teams, and their partners across the business.
    +Communicating security policies, incidents, and risks to senior management and stakeholders.

    Data Privacy and Protection:
    +Implementing data protection measures to safeguard personal and sensitive information.
    +Ensuring compliance with data privacy laws and regulations.
    Revenue and Capital Management Knowledge for Business-Centric Information Security
    Budgeting and Financial Planning:
    +Developing and managing budgets for security initiatives.
    +Allocating resources effectively to ensure the success of security projects.

    Cost-Benefit Analysis:
    +Conducting cost-benefit analyses to determine the financial impact of security investments.
    +Prioritizing security projects based on financial returns and risk mitigation.

    Financial Risk Management:
    +Identifying financial risks associated with security threats.
    +Implementing strategies to mitigate financial risks through effective security measures.

    Capital Allocation:
    +Allocating capital to critical security projects to achieve positive net present value.
    +Ensuring optimal use of financial resources to support security objectives.

    ROI Measurement:
    +Measuring the return on investment (ROI) for security projects.
    +Demonstrating the financial benefits of security investments to stakeholders.

    Vendor Contract Negotiation:
    +Negotiating contracts with vendors to ensure cost-effective security solutions.
    +Managing vendor relationships to achieve favorable financial terms.

    Funding and Grants:
    +Securing funding and grants for security initiatives.
    +Identifying opportunities for external financial support to enhance security programs.

    Financial Reporting and Compliance:
    +Ensuring compliance with financial regulations related to security expenditures.
    +Preparing financial reports to demonstrate the alignment of security investments with business goals.

    Resource Optimization:
    +Optimizing the use of financial and human resources to enhance security.
    +Implementing cost-saving measures without compromising security effectiveness.
    Principle Engineer Caliber Technical Abilities to Address Security Needs Deeply
    Advanced Threat Detection and Response:
    +Developing advanced techniques for detecting and responding to security threats.
    +Implementing automated threat detection systems to improve response times.

    Network and System Security:
    +Designing secure network architectures to protect against cyber threats.
    +Implementing robust system security measures to safeguard critical assets.

    Cryptography and Encryption:
    +Utilizing advanced cryptographic techniques to protect sensitive data.
    +Implementing encryption protocols to secure data in transit and at rest.

    Penetration Testing and Vulnerability Assessment:
    +Conducting in-depth penetration tests to identify security weaknesses.
    +Performing comprehensive vulnerability assessments to strengthen defenses.

    Security Architecture Design:
    +Designing secure system architectures to prevent unauthorized access.
    +Implementing layered security approaches to enhance protection.

    Application Security:
    +Ensuring the security of software applications through secure coding practices.
    +Conducting code reviews and security testing to identify and mitigate vulnerabilities.

    Incident Analysis and Forensics:
    +Analyzing security incidents to determine root causes and prevent recurrence.
    +Conducting digital forensics to investigate and resolve security breaches.

    Identity and Access Management (IAM):
    +Implementing IAM solutions to control user access to critical systems.
    +Ensuring secure authentication and authorization mechanisms.

    Advanced Security Tools and Technologies:
    +Utilizing cutting-edge security tools to enhance threat detection and response.
    +Staying updated with the latest security technologies to address emerging threats.
    Executive Leadership that Emphasizes Excellent Judgement and Reliability
    Strategic Vision and Planning:
    +Developing a clear strategic vision for the organization’s security program.
    +Planning long-term security initiatives that align with business objectives.

    Decision Making Under Pressure:
    +Demonstrating excellent judgement in high-pressure situations.
    +Making informed decisions quickly during security incidents.

    Ethical Leadership and Integrity:
    +Upholding the highest standards of ethics and integrity in all security activities.
    +Fostering a culture of trust and accountability within the security team.

    Stakeholder Communication and Management:
    +Communicating effectively with stakeholders about security risks and strategies.
    +Building strong relationships with stakeholders to gain support for security initiatives.

    Crisis Management and Resilience:
    +Leading the organization through security crises with calm and effective strategies.
    +Ensuring the organization’s resilience against security threats.

    Team Building and Development:
    +Building and nurturing high-performing security teams.
    +Investing in the professional development of team members.

    Policy and Governance Oversight:
    +Establishing and overseeing security policies and governance frameworks.
    +Ensuring policies are enforced consistently across the organization.

    Risk Communication:
    +Effectively communicating security risks to executive leadership and the board.
    +Providing clear and actionable recommendations to mitigate risks.

    Innovation and Adaptability:
    +Encouraging innovation in security practices and solutions.
    +Adapting to changing security landscapes and evolving threats.
    Latest as of July 11th, 2024
    Changelog
    • Experienced in Developing Security Programs for highly successful Venture-Backed Companies of all Sizes (Seed-IPO)
    • 15 Years of Information Security Experience across Security Operations, Risk Management, and Security Engineering
    • 20 Combined Years in Information Technology and Engineering
    • Strong Endorsements from Executive Leadership and Peers

    Resume

    Licenses, Certifications, and Memberships
    • C|CISO Certified
      Licensed Private Investigator
      AICPA Member
      ABA Partner Network Member

    References

    Alberto Martinez

    Head of Security Angel List, Ex-Rippling

    "Cody has been both a colleague and, later, a mentor to me. He consistently offers invaluable guidance on building scalable security programs. His strong risk management skills, combined with his deep security engineering knowledge and solid experience in incident response, enable him to implement effective risk-based security programs.

    Cody's passion for security, along with his commitment to continuous learning and staying current with industry trends, make him an invaluable asset to any organization. I am grateful to call him a friend."

    Rukmini Banerjee

    Chief Operating Officer Vouch, Ex-Fetch

    "Cody, as our security leader at Vouch, single handedly designed and executed on a security program for us that balanced our need for speed and experimentation with critical security postures, both proactive and reactive - a program that secured our position effectively for our partners, reinsurers, regulators and clients. Not an easy feat!But that’s not Cody’s biggest strength - Cody is through and through a team player, who will do anything for the team to play its best game, always! Motivated by learning, by operating excellence and by helping the entire team thrive - Cody is an absolute gem on our team!"

    Nate Dunning

    Cybersecurity at Starling Bank, Ex-Funding Circle

    "I have had the pleasure of working with Cody on two occasions. Cody's ability to handle incidents swiftly and effectively, coupled with his strategic approach to security operations, has consistently ensured the security of our systems and data. I highly recommend Cody for any role that requires top notch technical and security management skills."

    What to know before hiring an InfoSec professional for your business

    Plotting Your InfoSec Journey
    A helpful guide to understanding where you and your company are with regards to Information Security. This will help you to make the decision as to what challenges you may be currently facing, if you should make any further investments in your information security program, and what you'll need to do to get to the next level if so.
    Balancing the InfoSec Budget
    Information Security is a complex function to manage in any business due to the complexity of the problems involved, and the uncertainty inherent in any risk-based discipline. This guide will help you to understand the different approaches to funding an information security program and keeping the resources you expend optimized for your goals.
    Regulatory Provenance and InfoSec
    This guide will help you to understand generally how regulations concerning Information Security and Data Privacy may impact your business with specific examples from some of the most regulated industry verticals.