In this role, built a team dedicated to managing internal operations of GitHub’s security department, focused on strategic planning, resource management, workforce planning, and companywide security awareness. This was a previously under-resourced space within the department, frequently reliant on people managers to devote ad hoc time. Centralizing these functions with a single office has given the department a clearer vision and strategy set by our team in conjunction with Security leadership, and removed needless opacity from our planning process and departmental goals.

Working in technical risk, centralized cross-company risk management efforts into a singular program for tracking risk and security findings from a variety of sources including our vulnerability management program, various legal and compliance reviews, and acquisitional diligence. Additionally, led the third-party risk management program responsible for measuring the maturity of vendors and dependencies used at GitHub, and designed an internal implementation review to ensure that secure best practices are followed continuously post-contract.

Managed and executed projects to assess the health of complex IT control environments within major clients in the tech sector, including eBay, Twitter, GitHub, and Airbnb. This included identifying, investigating, reporting, and mitigating financial and technical risk across the client’s business. Critically, this also involved the building and maintaining of durable reporting and metric capture for project resourcing, risk burndown, and success criteria.

As a generalist, focused on a variety of endpoint management and general support activities, and initiated an overhaul of the company’s identity and access management program during a period of heavy acquisitions.