#Secful #BeSecful

sec·ful /sec-fɘl/ - being security mindful, aware, or conscious     1. If i do x, the security impact is y
 

About Secful (Ronnie Hash)

Overview

Passionate Cybersecurity Leader and trailblazer with over 20 years of IT professional experience in management and SecDevOps philosophies across multiple industries. I have a proven track record of leading people and projects and improving the security posture for highly demanding, fast-paced environments while delivering quality results.

web-development

Cybersecurity Leader

web-development

Cloud Security

web-development

SecDevOps

web-development

Vulnerability Management

 

Amazing companies I've worked with

Having Fun!

 
 

Impact

Getting it done!

Throughout my career, I’ve had the privilege to learn and grow at many amazing companies while bringing value and impact. I always get the question, what project have you led that excited you the most, which is a tough question for me because there are many, and being in M&A Security, everything was exciting. We touched all domains of security. It was like being a mini CISO, implementing security programs, getting our hands in the weeds by helping fix security issues and partnering with the business to ensure we are aligned. Here are a few cool things I’ve done over the last decade.

project_image
source code

Cloud Security

As a Security Leader, I’ve led many cloud security assessments identifying critical issues such as over-privileged IAM policies for systems and users, public and internal weak network ACLs, misconfiguration of services, and lack of encryption in transit and at rest. After manually assessing and using different security tools to identify issues, I aided in implementing CSPM tools for ongoing security monitoring and detection.

#CloudSecurity

#besecful

#secful

project_image
source code

Leaderhsip and Management

As a leader, I’ve blazed trails by learning new technology and how to secure it, sharing knowledge, providing feedback that led to growth and promotions, and challenging the norm to make sure we are still on the right path and aligned with the business objectives, and always making myself available to the team when they need someone to talk to. I carried the same spirit into People management.

#Leadership

#besecful

#secful

project_image
source code

Security Partnerships

Led several successful initiatives in developing trusted relations between internal Security teams, Engineering, and the Business. Identified opportunities to improve, create, or remove processes. Created SLAs and KPIs to help track our impact and value. Most importantly, I’m a great listener and open to how we can resolve challenges.

#SecurityPartnerships

#besecful

#secful

project_image
source code

Vulnerability Management

Led and implemented several vulnerability management programs for systems and products, including aiding teams in resolving identified issues.

#VulnerabilityManagement

#besecful

#secful

project_image
source code

Detection and Response

Led and implemented several detection and response programs, resulting in secure environments and being prepared for when an incident occurs. Through threat modeling and review of Engineering product environments, I could identify what detections should be in place and how to respond if a security incident happened.

#DetectionAndResponse

#besecful

#secful

project_image
source code

Secure CI/CD

Led security assessments for the path to production. Development starts on the developer's machine and then moves through several parts. A build environment consists of many parts, and each part can bring a level of risk, such as secrets being exposed in code or on the build server, vulnerable libraries, where we are pulling our libraries from, vulnerable build systems, not signing binaries or commits, signing keys not secure, etc..

#ShiftLeft

#besecful

#secful

project_image
source code

Threat Modeling

Led and participated in several Threat Modelling sessions, identifying and remediating potential risks to the application and cloud security environment using Industry methodology frameworks like stride.

#ThreatModeling

#besecful

#secful

project_image
source code

Identity and Access Management

Led the implementation of an Internal Identity Access Management using scalable opensource solutions, Keycloak and FreeIPA. Participated in integrating 3rd party vendor and internal systems access using Okta. I follow the ileast privilege and role-based access methodology.

#IdentityAccessManagement

#besecful

#secful

project_image
source code

Lift and Shift

Led several on-prem to the cloud and between-cloud migrations. Identifying architecture improvements and removing legacy security issues.

#SecureCloudMigration

#besecful

#secful

 

Additional recommendations can be found on my  Linked in page.

Recommendations

"

Ronnie's deep knowledge of software security and his ability to guide us through the complex M&A process were invaluable.

@ Janis Walliser

Principal Software Engineer at Salesforce

feedback_by-Janis Walliser

"

When Ronnie says he will do something, it gets done - he always demonstrated accountability in everything we worked together in. Ronnie also demonstrates innovation - he is open to doing things differently and often brings recommendations forward.

@ Cindy Gagliano

Sr. Director, Incident Response at DEF Corp

feedback_by-Cindy Gagliano

"

Ronnie always prioritized risk reduction for the customer and business putting the greatest impact first.

@ Courtney Grey

TPM Leader at AWS, Salesforce Alum

feedback_by-Courtney Grey

"

Ronnie is truly passionate about Security and is a great people leader. I would feel super motivated to learn new things and try to tackle new tasks after our chats.

@ Emmanuel Gonzalez

Security Administrator at Preferred Risk Insurance, Salesforce Alum

feedback_by-Emmanuel Gonzalez

"

Ronnie develops his team – both by directly aiding and training new members, and arranging, and providing technical training for other senior staff to continue their education. I observed this happening to several team members, as well as was on the receiving side of technical training provisioned for me.

@ Cory Carson

Offsec, Product Security Lead at Salesforce

feedback_by-Cory Carson

"

Ronnie is an incredible people leader and engineer. In our time working together, Ronnie has been instrumental in driving multiple public cloud security engineering initiatives, the successful establishment of a new security engineering team and scope, and continual improvement of our cross-functional team relationships.

@ Mike Ring

Directory, M&A Security at Salesforce

feedback_by-Mike Ring
 

Let's Connect on  Linkedin!.

Thank You

I appreciate you taking the time to review my site. Please reach out by connecting with me on Linkedin. I would love to hear how I can serve you or your business

Ronnie Hash

#BeSecful #Secful