Chief Information Security Officer (CISO) @ Gates Corporation
Director - CISO Programs @ Colorado Cyber (C2)
National Advisory Board Member @ SecureWorld Expo
Strategically focused, self motivated, results driven security professional with over 20 years of email system and IT management experience including over 10 years of SaaS and network and security systems management. Driving force behind security improvements, ensuring compliance, and facilitating advancement toward organizational goals. Expert at leveraging existing resources to introduce an effective security posture and vision
Strategically focused, self motivated, results driven security professional with over 20 years of email system and IT management experience including over 10 years of SaaS and network and security systems management. Driving force behind security improvements, ensuring compliance, and facilitating advancement toward organizational goals. Expert at leveraging existing resources to introduce an effective security posture and vision as well as cost conscious and highly effective solutions. Strong relationship builder across senior management, internal and external customers, and industry organizations. Excellent collaborator and forward thinker with a mind and vision focused on the big picture. Recognized industry leader who is frequently quoted in the media, authored or co-authored many whitepapers and published articles. Valued member of leadership teams and an ethical steward of highly confidential data.
My ideal roles continually challenge me to think on my feet and give me the ability to continue my role as a visionary in a management capacity. I thrive in an environment with constant challenge. I take pride in identifying a need within any aspect of a company and coming up with a creative, cost-effective solution for filling that need.
Specialties:Information Security, Email Security, Network Security, Security Best Practices, Software Quality Assurance, Software Development, Project Management, Product Management, Linux Systems Administration
Chief Information Security Officer (CISO) @ From January 2015 to Present (10 months) Englewood, CONational Advisory Board Member @ From August 2014 to Present (1 year 3 months) Executive Advisory Board - Denver Conference @ From June 2013 to Present (2 years 5 months) Denver, COBoard of Directors @ CAUCE is an all-volunteer Internet end-user advocacy organization. CAUCE has moved beyond its original mission of advocating for anti-spam laws, to a broader stance of defending the interests all users in the areas of privacy and abuse in all its forms on the Internet.
Founded in 1997, CAUCE is an active participant with the following internet groups:
The Messaging Anti-abuse Working Group (MAAWG)
The Anti-phishing Working Group (APWG)
The Microsoft Digital Crimes Consortium
National Cyber-Forensics & Training Alliance (NCFTA)
The U.S. National Cyber Security Alliance
The Stop Spam Alliance
The London Action Plan (LAP)
The Internet Governance Forum (IGF)
The Internet Corporation for Assigned Names & Numbers (ICANN)
...and has participated in...
The Canadian Task Force on Spam
The U.S. Federal Communications Commission (FCC) Communications Security, Reliability And Interoperability Council (CSRIC)
The Anti-spyware Coalition (ASC) From October 2012 to Present (3 years 1 month) Owner @ From November 2013 to Present (2 years) Denver, COHead of Application Security @ From November 2012 to December 2014 (2 years 2 months) Denver, COGM/Chief Security Officer @ From February 2011 to October 2012 (1 year 9 months) Broomfield, COBoard of Directors @ Served as a member of the Board of Directors at M3AAWG (Messaging, Malware, and Mobile Anti-Abuse Working Group, formerly MAAWG).
M3AAWG is a large, world-wide consortium of ISPs, ESPs, Brands, and Vendors focused on implementation and recommendation of best practices in fighting abuse in the messaging, malware, and mobile spaces. From February 2007 to October 2012 (5 years 9 months) Director, Messaging Security Research @ Global head of a a cross-geo engineering and research team responsible for the customer support and identification and remediation of internet threats across all of McAfee’s Messaging Security product lines including SaaS, network edge appliance, and consumer endpoint. Lead visionary on future of messaging security space and architect of leading edge solutions.
• Architected next generation platform concept and infrastructure to address current and future security threats across all primary Internet threat vectors: file, email, web, and network.
• Manage cross-geo server infrastructure (physical and virtual) responsible for delivering real-time updates to approximately 10 million McAfee customers
• Responsible for execution of roadmap, philosophy, support and strategy for Messaging Security program, including handling and prioritization of internal and external customer escalations and requirements
• One of the lead spokespeople for the organization in the area of Internet security and threat research. Conducted frequent interviews for radio and print publications including being an active contributor to McAfee’s quarterly published threat reports and research blogs. From February 2010 to February 2011 (1 year 1 month) Englewood, CODirector, Threat Management @ See Director, Messaging Security Research From September 2009 to February 2010 (6 months) Englewood, COVice President, Information Security @ Developed an effective security strategy in an organization lacking uniform best practices, meeting individual changing department needs while achieving major cost savings. Lead implementation of company’s first formal Information Security program. Focus on nurturing and development of a strong internal security culture and driving corporate visibility through thought leadership and a forward thinking style. Evangelist of best corporate security practices.
• Created security aware culture through corporate InfoSec policy development, training, education, and continual process improvement
• Prevented corporate intellectual property and sensitive data loss by performing risk assessments on systems, network and applications and developing internal security remediation and incident response plans
• Helped to secure sensitive information by creating physical and logical separation between internal networks, isolating business critical systems
• Built security into the software development life cycle through training of internal engineering and QA staff on secure coding best practices, nearly eliminating software vulnerabilities from reaching the customer facing environment
• Coordinated annual third party vulnerability assessments and penetration tests and worked closely with internal IT and engineering to bring closure to findings and advance best practices
• Increased corporate exposure and thought leadership through blogs and podcasts. Regular contributor to SC Magazine, InSecure Magazine, and Security Matters. Frequently quoted as a security expert in the New York Times, USA Today, eWeek, Wired, CNET, ComputerWorld, and others. Speak at security conferences globally. From July 2008 to September 2009 (1 year 3 months) Englewood, CODirector, Threat Management @ Business unit lead for MX Logic's flagship product, a SaaS based internet email and web filtering product. Lead a diverse team of software developers, NOC Technicians, Data Analysts and Support Engineers. Focused on process improvement and efficiency gains made my department a model for the organization
• Improved departmental efficiencies by architecting processes that caused us to only have to increase Threat Management department staff by 33% while overall mail processing increased by over 2000%
• Designed product process improvements which reduced capital expenditures and bandwidth costs by over $300k annually and storage costs by over 75%.
• Products received multitudes of technology awards for usability and effectiveness in protecting users and businesses from security threats
• Authored and co-wrote several corporate and industry consortia sponsored white papers on emerging internet threats and trends across various technologies (e.g. email, social media, botnets, and malware)
• Positioned company as thought leaders through close working relationships with media outlets around the world. Quoted frequently as an industry expert in the media. Frequently authored byline articles published in various major internet security related publications From March 2005 to July 2008 (3 years 5 months) Englewood, COManager of Quality Assurance @ Architected and developed the company’s first automated software build and testing procedures. This laid the groundwork for the expansion of the quality assurance team and increased the focus on software quality within a fully scoped software development life cycle (SDLC)
• Implemented automated testing and software build procedures using Java and Ant which decreased software testing and build cycles by over 75%
• Drove effective software testing practices by incorporating a collaborative system between the software development and quality assurance teams increasing code quality and driving down testing times.
• Developed first corporate formalized software build, patch, testing and quality assurance platform. Reduced software build processing times by 80% and overall testing cycles by 75%.
• Communication of software defect fixes through company defect tracking system, Bugzilla. Also, managed expectations of all internal stakeholders through regular status update meetings. From August 2004 to March 2005 (8 months) Englewood, COWeb Applications Developer @ Programmed the company’s first automated portal which enabled members of the Threat Management department to perform their daily functions through a web based interface. Previously this work had been done through the use of inefficient command line tools.
• Performed DBA functions by creating and managing a multi-database system running PostgreSQL
• Became trusted liaison between key internal and external stakeholders From December 2003 to August 2004 (9 months) Englewood, COIndependent Contractor @ From July 2003 to December 2003 (6 months) Project Manager @ Built robust web email and consumer ISP premium service solutions. Consulted with company clients and vendors to architect and coordinate software integration solutions.
• Managed successful software integration projects from cradle to grave with vendors such as ABC News, FOX Sports, Major League Baseball, the Best Buy chain of retail stores and the Walt Disney Internet Group
• Managed project task scheduling for group of 25 people including software developers, system administrators, graphic designers, product marketers, and account managers.
• Designed and implemented a SaaS content delivery and account aggregation platform which enables Internet Service Providers to deliver subscription based content from many different content providers via a web based portal.
• Strong knowledge of dependencies between the different entities involved throughout the different phases of a project (Marketing, Sales, Technology, etc) and an ability to effectively interface and communicate to the different teams in language they understand.
• Developed software quality testing plans and procedures used by the company as well as standard operating procedures for the development team From February 2002 to July 2003 (1 year 6 months) Buffalo, NYProgrammer/Analyst @ From February 2000 to February 2002 (2 years 1 month) Programmer/Analyst @ Architected and developed a cutting edge client reporting system. The system included an automated scheduler, complex business logic, and code to create multi-dimensional client data reports in PDF format. The scheduler and reporting systems were developed in perl and PHP and utilized Oracle as an RDBMS. From December 1999 to February 2000 (3 months) Buffalo, NYProgrammer/Analyst @ From September 1997 to December 1999 (2 years 4 months) Buffalo, NYTechnical Support Specialist @ Provided telephone technical support for Sony's VAIO line of personal computers and portable media player (PRD). While in this role I also developed a multi-user call logging system using Visual C++ as prior to this application calls for the PRD campaign were logged using paper. From February 1997 to September 1997 (8 months) Buffalo, NY
BS, Computer Science @ University at Buffalo From 1998 to 2000 None, Computer Science @ University of Colorado Boulder From 1994 to 1996 Standley Lake High School From 1990 to 1994 Sam Masiello is skilled in: Network Security, Security, Software Development, Product Management, Business Management, Business Strategy, Visionary, Email Security, Security Research, Cross-functional Team..., Internet Security, Spokesperson, Media Spokesperson, Technology Evangelism, Technology Evangelist, Information Security, System Administration, Software Quality..., Project Management, Perl, PHP, Bash, Secure SDLC, Information Security..., Computer Security, Business Development, Security Architecture..., Application Security..., Application Security, Web Application Security, Web Application..., Infrastructure Security, Podcasting, Public Speaking, Management, Enterprise Software, Cloud Computing, Linux, SDLC, SaaS, Servers, Shell Scripting, Mobile Devices, Malware Analysis, Strategy, Cloud Security, Networking