#Secful #BeSecful
About Secful (Ronnie Hash)
Overview
Passionate Cybersecurity Leader and trailblazer with over 20 years of IT professional experience in management and SecDevOps philosophies across multiple industries. I have a proven track record of leading people and projects and improving the security posture for highly demanding, fast-paced environments while delivering quality results.
Cybersecurity Leader
Cloud Security
SecDevOps
Vulnerability Management
Amazing companies I've worked with
Having Fun!
Cybersecurity Leader
Salesforce
- Managed and developed a team of four highly performant remote Security Engineers.
- Provided risk analysis for M&A strategic business partners (Business Tech, Legal, Compliance, Go To Market, and People Operations)
- Reduced acquired companies security risk by leading efforts to remove 100% of critical vulnerabilities within 12 months, preventing loss of customer data and trust.
- Conducted Threat-Models and Security risk assessments for over 100 Cloud environments.
- Guided Engineering teams to implement secure SDLC frameworks and tools
- Implemented and provided Engineering guidance for Threat and Vulnerability Management programs
Sr. DevSecOps Engineer
Mulesoft
- Architected, deployed, and managed a distributed identity access management solution using FreeIPA and Keycloak.
- Architected and deployed a zero-trust VPN solution using Appgate VPN for our product engineering environments.
- Led the implementation of NexusIQ and Veracode for security code assessments, resulting in better code quality and reducing security vulnerabilities within the Mulesoft products.
- Led the creation of SOC dashboards in SumoLogic for detecting security issues within our cloud environments.
- Acted as the subject-matter expert for PCI, SOC 2, ISO 27001, HITRUST, and HIPPA audits until we were able to build the compliance team.
- Security Incident Commander, leading resources through incident response procedures during security incidents.
Sr. DevOps Engineer
MobiTv
- Simplified the Engineering application micro-service deployments using python fabric and Rundeck
- Developed and supported custom puppet modules for system and service management
Lead Devops Engineer
xMatters
- Managed the team's projects using agile scrum methodologies.
- Worked with leadership on negotiating and prioritizing the Cloud Operations project work.
- Led the refactoring efforts of xMatters puppet and virtualization implementation using Foreman and RHEV, resulting in easier environment management and reduced operational costs.
- Led the overhaul of our customer deployment processes using automation, leading to a reduced time to deploy from 3 days to 2 hours.
DevOps Engineer
Ubisoft
- Led the Puppet configuration management implementation to manage the gaming instances in AWS.
- Deployed, configured, and managed several MySQL primary/replication with sharding.
- Deployed, configured, and managed several Couchbase clusters.
- Deployed, configured, and managed several MongoDB clusters.
Once Upon A Time....
Back In The day
- Profitability.net (DartPoints), Feb 2011 - Feb 2012, Sr. Systems Engineer
- Cengage Learning, Jan 2008 - Feb 2011, Systems Engineer
- Cincinnati Insurance Company, Oct 1999 - Jan 2008
Impact
Getting it done!
Throughout my career, I’ve had the privilege to learn and grow at many amazing companies while bringing value and impact. I always get the question, what project have you led that excited you the most, which is a tough question for me because there are many, and being in M&A Security, everything was exciting. We touched all domains of security. It was like being a mini CISO, implementing security programs, getting our hands in the weeds by helping fix security issues and partnering with the business to ensure we are aligned. Here are a few cool things I’ve done over the last decade.
Cloud Security
As a Security Leader, I’ve led many cloud security assessments identifying critical issues such as over-privileged IAM policies for systems and users, public and internal weak network ACLs, misconfiguration of services, and lack of encryption in transit and at rest. After manually assessing and using different security tools to identify issues, I aided in implementing CSPM tools for ongoing security monitoring and detection.
#CloudSecurity
#besecful
#secful
Leaderhsip and Management
As a leader, I’ve blazed trails by learning new technology and how to secure it, sharing knowledge, providing feedback that led to growth and promotions, and challenging the norm to make sure we are still on the right path and aligned with the business objectives, and always making myself available to the team when they need someone to talk to. I carried the same spirit into People management.
#Leadership
#besecful
#secful
Security Partnerships
Led several successful initiatives in developing trusted relations between internal Security teams, Engineering, and the Business. Identified opportunities to improve, create, or remove processes. Created SLAs and KPIs to help track our impact and value. Most importantly, I’m a great listener and open to how we can resolve challenges.
#SecurityPartnerships
#besecful
#secful
Vulnerability Management
Led and implemented several vulnerability management programs for systems and products, including aiding teams in resolving identified issues.
#VulnerabilityManagement
#besecful
#secful
Detection and Response
Led and implemented several detection and response programs, resulting in secure environments and being prepared for when an incident occurs. Through threat modeling and review of Engineering product environments, I could identify what detections should be in place and how to respond if a security incident happened.
#DetectionAndResponse
#besecful
#secful
Secure CI/CD
Led security assessments for the path to production. Development starts on the developer's machine and then moves through several parts. A build environment consists of many parts, and each part can bring a level of risk, such as secrets being exposed in code or on the build server, vulnerable libraries, where we are pulling our libraries from, vulnerable build systems, not signing binaries or commits, signing keys not secure, etc..
#ShiftLeft
#besecful
#secful
Threat Modeling
Led and participated in several Threat Modelling sessions, identifying and remediating potential risks to the application and cloud security environment using Industry methodology frameworks like stride.
#ThreatModeling
#besecful
#secful
Identity and Access Management
Led the implementation of an Internal Identity Access Management using scalable opensource solutions, Keycloak and FreeIPA. Participated in integrating 3rd party vendor and internal systems access using Okta. I follow the ileast privilege and role-based access methodology.
#IdentityAccessManagement
#besecful
#secful
Lift and Shift
Led several on-prem to the cloud and between-cloud migrations. Identifying architecture improvements and removing legacy security issues.
#SecureCloudMigration
#besecful
#secful
Additional recommendations can be found on my Linked in page.
Recommendations
"
Ronnie's deep knowledge of software security and his ability to guide us through the complex M&A process were invaluable.
@ Janis Walliser
Principal Software Engineer at Salesforce
"
When Ronnie says he will do something, it gets done - he always demonstrated accountability in everything we worked together in. Ronnie also demonstrates innovation - he is open to doing things differently and often brings recommendations forward.
@ Cindy Gagliano
Sr. Director, Incident Response at DEF Corp
"
Ronnie always prioritized risk reduction for the customer and business putting the greatest impact first.
@ Courtney Grey
TPM Leader at AWS, Salesforce Alum
"
Ronnie is truly passionate about Security and is a great people leader. I would feel super motivated to learn new things and try to tackle new tasks after our chats.
@ Emmanuel Gonzalez
Security Administrator at Preferred Risk Insurance, Salesforce Alum
"
Ronnie develops his team – both by directly aiding and training new members, and arranging, and providing technical training for other senior staff to continue their education. I observed this happening to several team members, as well as was on the receiving side of technical training provisioned for me.
@ Cory Carson
Offsec, Product Security Lead at Salesforce
"
Ronnie is an incredible people leader and engineer. In our time working together, Ronnie has been instrumental in driving multiple public cloud security engineering initiatives, the successful establishment of a new security engineering team and scope, and continual improvement of our cross-functional team relationships.
@ Mike Ring
Directory, M&A Security at Salesforce
Let's Connect on Linkedin!.
Thank You
I appreciate you taking the time to review my site. Please reach out by connecting with me on Linkedin. I would love to hear how I can serve you or your business
Ronnie Hash
#BeSecful #Secful