About Secful (Ronnie Hash)
Passionate Cybersecurity Leader and trailblazer with over 20 years of IT professional experience in management and SecDevOps philosophies across multiple industries. I have a proven track record of leading people and projects and improving the security posture for highly demanding, fast-paced environments while delivering quality results.
Amazing companies I've worked with
Salesforce
Mulesoft
MobiTv
xMatters
Ubisoft
Back In The day
Impact
Throughout my career, I’ve had the privilege to learn and grow at many amazing companies while bringing value and impact. I always get the question, what project have you led that excited you the most, which is a tough question for me because there are many, and being in M&A Security, everything was exciting. We touched all domains of security. It was like being a mini CISO, implementing security programs, getting our hands in the weeds by helping fix security issues and partnering with the business to ensure we are aligned. Here are a few cool things I’ve done over the last decade.
As a Security Leader, I’ve led many cloud security assessments identifying critical issues such as over-privileged IAM policies for systems and users, public and internal weak network ACLs, misconfiguration of services, and lack of encryption in transit and at rest. After manually assessing and using different security tools to identify issues, I aided in implementing CSPM tools for ongoing security monitoring and detection.
#CloudSecurity
#besecful
#secful
As a leader, I’ve blazed trails by learning new technology and how to secure it, sharing knowledge, providing feedback that led to growth and promotions, and challenging the norm to make sure we are still on the right path and aligned with the business objectives, and always making myself available to the team when they need someone to talk to. I carried the same spirit into People management.
#Leadership
#besecful
#secful
Led several successful initiatives in developing trusted relations between internal Security teams, Engineering, and the Business. Identified opportunities to improve, create, or remove processes. Created SLAs and KPIs to help track our impact and value. Most importantly, I’m a great listener and open to how we can resolve challenges.
#SecurityPartnerships
#besecful
#secful
Led and implemented several vulnerability management programs for systems and products, including aiding teams in resolving identified issues.
#VulnerabilityManagement
#besecful
#secful
Led and implemented several detection and response programs, resulting in secure environments and being prepared for when an incident occurs. Through threat modeling and review of Engineering product environments, I could identify what detections should be in place and how to respond if a security incident happened.
#DetectionAndResponse
#besecful
#secful
Led security assessments for the path to production. Development starts on the developer's machine and then moves through several parts. A build environment consists of many parts, and each part can bring a level of risk, such as secrets being exposed in code or on the build server, vulnerable libraries, where we are pulling our libraries from, vulnerable build systems, not signing binaries or commits, signing keys not secure, etc..
#ShiftLeft
#besecful
#secful
Led and participated in several Threat Modelling sessions, identifying and remediating potential risks to the application and cloud security environment using Industry methodology frameworks like stride.
#ThreatModeling
#besecful
#secful
Led the implementation of an Internal Identity Access Management using scalable opensource solutions, Keycloak and FreeIPA. Participated in integrating 3rd party vendor and internal systems access using Okta. I follow the ileast privilege and role-based access methodology.
#IdentityAccessManagement
#besecful
#secful
Led several on-prem to the cloud and between-cloud migrations. Identifying architecture improvements and removing legacy security issues.
#SecureCloudMigration
#besecful
#secful
Additional recommendations can be found on my Linked in page.
"
Ronnie's deep knowledge of software security and his ability to guide us through the complex M&A process were invaluable.
@ Janis Walliser
Principal Software Engineer at Salesforce
"
When Ronnie says he will do something, it gets done - he always demonstrated accountability in everything we worked together in. Ronnie also demonstrates innovation - he is open to doing things differently and often brings recommendations forward.
@ Cindy Gagliano
Sr. Director, Incident Response at DEF Corp
"
Ronnie always prioritized risk reduction for the customer and business putting the greatest impact first.
@ Courtney Grey
TPM Leader at AWS, Salesforce Alum
"
Ronnie is truly passionate about Security and is a great people leader. I would feel super motivated to learn new things and try to tackle new tasks after our chats.
@ Emmanuel Gonzalez
Security Administrator at Preferred Risk Insurance, Salesforce Alum
"
Ronnie develops his team – both by directly aiding and training new members, and arranging, and providing technical training for other senior staff to continue their education. I observed this happening to several team members, as well as was on the receiving side of technical training provisioned for me.
@ Cory Carson
Offsec, Product Security Lead at Salesforce
"
Ronnie is an incredible people leader and engineer. In our time working together, Ronnie has been instrumental in driving multiple public cloud security engineering initiatives, the successful establishment of a new security engineering team and scope, and continual improvement of our cross-functional team relationships.
@ Mike Ring
Directory, M&A Security at Salesforce
Let's Connect on Linkedin!.
I appreciate you taking the time to review my site. Please reach out by connecting with me on Linkedin. I would love to hear how I can serve you or your business
Ronnie Hash
#BeSecful #Secful