Akira Brand

Application Security Program Leadership

Led comprehensive application security program serving financial platforms handling sensitive consumer data, defining SDLC security strategy and establishing continuous improvement processes across development teams

Owned Security Architecture Review (SAR) process including intake, risk evaluation, documentation, and stakeholder engagement for new applications and integrations

Performed threat modeling for high-risk workflows involving financial systems and sensitive consumer data, identifying and mitigating application-layer vulnerabilities before deployment

Secure Development & Tooling

Deployed and maintained AppSec tooling including SAST, DAST, and SCA platforms, aligning tool selection with developer workflows and organizational risk profile

Established vulnerability remediation framework with clear SLAs, overseeing application-layer vulnerability triage, analysis, and escalation from internal testing and external penetration testing

Created developer security education program achieving 75% regular attendance, embedding secure coding practices and security awareness throughout engineering organization

Cross-Functional Security Partnership

Partnered with platform owners and engineering teams to validate application-level security controls including authentication, authorization, audit logging, and session handling

Assessed cloud applications, workflow automations, and internal tools for security risks, collaborating with stakeholders to implement appropriate controls

Delivered regular security updates to board committees, translating technical vulnerabilities into business risk context

Program Maturity & Governance

Increased organizational security maturity 163% (OWASP SAMM: 0.3 → 0.79) through systematic assessment and improvement of security practices across all SDLC phases

Developed security policies and standards through stakeholder collaboration, ensuring practical adoption across development, operations, and IT teams

Managed application security engineering team while coordinating penetration testing operations and vendor security assessments

SDLC Security Integration

Built application security program from ground up for late-stage startup, establishing secure development practices integrated throughout software development lifecycle

Increased CIS Security Control score from 20 to 60 within one year by implementing automated security gates, threat modeling processes, and vulnerability management workflows

Designed secure coding training program achieving 100% developer completion, reducing vulnerability discovery and remediation time while building security champions across product teams

Security Architecture & Risk Assessment

Conducted threat modeling sessions for new features and integrations, identifying data flow risks and defining secure design patterns for authentication, API authorization, and secrets management

Standardized AppSec audit process across product teams, ensuring consistent vulnerability discovery, risk evaluation, and remediation tracking

Partnered directly with development pods to assess application design, evaluate third-party integrations, and implement security controls appropriate to risk level