Lenny Mansilla

• Provide strategic direction for Netsurion's Managed XDR solution responsible for alerting & detections as well as investigations into customer breaches.
• Serve as expert advisor to C-suite & company leadership on cybersecurity across areas like cybersecurity strategy, risks, & delivery of key objectives.
• Oversee successful completion of organization wide security audits / certifications including HIPAA / HITRUST, SOC 2 Type II, ISO 27001, ISO 20000, PCI DSS, Privacy Shield (GDPR), identifying & remediating critical vulnerabilities, leading to improvement in overall security posture.
• Created a cyber threat intelligence team to curate content for organization's threat intelligence platform with indicators of compromise from variety of feeds as well as those discovered by CTI team while threat hunting through system telemetry.
• Developed cybersecurity roadmap that reflects long-term thinking, appropriately identifies/prioritizes risks & opportunities, & implementing security controls & technologies that raise bar for cybersecurity.
• Developed & implemented information security policies & procedures to ensure safety & security of confidential data.
• Managed security operations including vulnerability management, risk management, & incident response.
• Provided technical security guidance to internal teams on security best practices & solutions.
• Implemented comprehensive cybersecurity strategy resulting in 75% reduction in security incidents & 70% decrease in mean time to detect (MTTD) incidents.
• Monitor external feeds for emerging threats & advised stakeholders on appropriate courses of action. Liaised with external agencies, such as law enforcement as necessary to ensure that client maintains strong security posture.
• Designed & implemented automated tool-based vulnerability management framework that continuously monitors & detects cybersecurity threats & vulnerabilities.
• Performed evaluations & selections of IT security tools & successfully implemented IT security systems to protect availability, integrity, & confidentiality of critical business information & information systems.
• Developed & executed employee security awareness program, increasing staff adherence to security policies by 90% & reducing likelihood of successful phishing attacks by 95%.
• Ensure that disaster recovery plans & procedures for business-critical services satisfy client security standards & support recovery following occurrence of security event.

• Responsible for architecting presales deployments of Netsurion's Managed XDR solution as well as implementation, transition to security operations post sales. Spearheaded initiatives related to security incident investigations, customer retention renewals & customer churn management through customer success team spearheading.

• Architected, developed & led global team of business security managers imbedded within various business verticals at EMC such as Engineering, Global Services, Manufacturing, Marketing, Sales, Legal, Finance, etc. Business Security Enablement Team acted as liaison between various business functions & Global Security Organization. Developed executive level Governance, Risk & Compliance (eGRC) steering committee responsible for addressing information security risks throughout organization.

• Act as primary liaison to customers & prospective customers on information security diligence processes & audits. Oversee risk & compliance efforts for RSA Security's Software as a Service (SaaS) & EMC's Cloud Infrastructure Group (CIG). Assess current information security controls, policies & procedures in operations, R&D & third-party services. Prepared & managed RSA Hosted Operations & Cloud Infrastructure Group for SAS70 Type II (replaced by SOC 2), ISO 27001, PCI DSS, & Verified by Visa in US, Europe, Middle East & Asia.

Developed effective, sustainable & scalable information security program for a startup company. Oversaw every aspect of information security for Verid's Knowledge-based Authentication offering including:

• Developed, implemented & maintained security policies & procedures documentation.
• Performed risk assessments & analyzed system data to identify security risks, prioritize risks & present those risks to executive management along with identified controls to help mitigate risks.
• Act as primary liaison to customers & prospective customers on information security diligence processes & audits.
• Prepared Verid for SAS70 Type II audit & successfully completed audit.