Pratik Savla
San Jose,CA
Summary
Security professional with 17+ years of experience leading enterprise, corporate, product, and cloud security programs. Proven record of owning GRC strategy, reducing material business risk, enabling regulated revenue, and leading security through M&A, divestitures, and post-acquisition integrations. Trusted advisor to executives, boards, auditors, and regulators, combining deep technical authority with executive-level risk, governance, and investment decision-making.
Overview
18
18
years of professional experience
1
1
Certification
Work History
Sr. Staff Analyst – Office of the CISO, Enterprise Security & Compliance
Synaptics
05.2023 - 11.2025
- Scope: Enterprise and corporate security ownership across global endpoints, cloud, SaaS, GRC, vendor risk, and M&A activities.
- Owned enterprise and corporate security programs across 15K+ endpoints and 3K+ cloud/SaaS assets, spanning vulnerability management, endpoint security, penetration testing, and social engineering.
- Advised executive leadership on risk acceptance, remediation prioritization, audit posture, and security investment decisions across enterprise and corporate environments.
- Owned enterprise GRC strategy across NIST CSF, SOC 2, ISO 27001, GDPR, and PCI DSS, serving as primary liaison to auditors, customers, and regulators.
- Led enterprise SaaS and corporate application security governance across 20+ Tier-1 platforms (Microsoft 365, GitHub, Zoom), reducing high-risk findings by ~35% YoY.
- Authored and operationalized enterprise security policies, standards, and control frameworks, reducing policy exceptions by ~40% and improving audit readiness.
- Directed internal, external, and customer-driven audits, closing 95%+ of findings within SLA through cross-functional remediation.
- Advanced enterprise security tooling aligned with NIST and COBIT, increasing vulnerability coverage from ~65% to >90% across corporate, cloud, and acquired environments.
- Translated technical vulnerabilities into business-impact-driven risk decisions, enabling remediation of ~70% of aggregate enterprise risk exposure.
- Led security due diligence, divestiture assessments, and post-merger integration, advising Corporate Development, Legal, and Finance on inherited risk and remediation sequencing.
- Evaluated third-party and vendor security posture and negotiated security, privacy, and data protection clauses across $XM+ in SaaS and vendor contracts.
- Defined executive KPIs, SLAs, and risk dashboards supporting senior leadership and board-level visibility.
- Managed enterprise security budgets and vendor consolidation, delivering 15–20% cost optimization through tooling rationalization and contract negotiation.
Principal Product Security & Compliance Officer
Venafi, Inc.
09.2019 - 05.2023
- Built and led Product Security, GRC, Third-Party Risk, and Business Continuity programs supporting enterprise SaaS and on-prem product portfolios.
- Established product security governance, secure SDLC standards, and threat modeling practices across the full product lifecycle.
- Launched Vulnerability Disclosure and Bug Bounty programs, increasing external vulnerability discovery by 3× and reducing MTTR by ~40%.
- Achieved and maintained SOC 2, ISO 27001, and Common Criteria certifications, enabling $XXM+ in regulated and enterprise revenue.
- Led threat modeling, architecture reviews, penetration testing, and incident response, reducing critical vulnerabilities by ~50%.
- Integrated SAST, DAST, and SCA into CI/CD pipelines across 100+ repositories, reducing late-stage security defects by ~45%.
- Served as senior technical escalation point for complex security architecture, vulnerability risk decisions, and incident response.
- Managed and mentored a team of 4 security engineers, delivering executive dashboards and risk scorecards used by senior leadership.
Lead Information Security Operations Engineer – US West Coast Lead
FireEye, Inc.
01.2016 - 09.2019
- Led enterprise corporate and cloud vulnerability management programs, reducing critical vulnerabilities by ~60% globally.
- Implemented enterprise phishing reporting and response platforms, increasing employee-reported phishing by 4×.
- Conducted APT hunting and threat intelligence analysis, mapping adversary TTPs to enable proactive defenses.
- Led incident response and investigations, including executive communications, forensics, and root-cause analysis.
- Optimized security monitoring and remediation workflows, reducing response times by ~30%.
- Deployed and tuned WAF protections for mission-critical applications.
- Managed enterprise PKI and certificate services infrastructure supporting thousands of certificates.
Supervisor, Security & Privacy Services
RSM LLP
09.2014 - 12.2015
Threat Intelligence Lead
VMware, Inc.
11.2012 - 07.2014
Security Engineer
Intuit, Inc.
07.2012 - 11.2012
Security Analyst / Programmer
CERIS (Purdue Research Park)
09.2010 - 08.2011
Technical Associate
Tech Mahindra Ltd.
06.2007 - 09.2007
Education
MS - Information Security
Purdue University
BE - Computer Engineering
University of Mumbai
Skills
- GRC & Risk: OneTrust, AuditBoard, UpGuard, BitSight, Axonius
- Vulnerability & Threat: Tenable, Qualys, CrowdStrike, Proofpoint, Hoxhunt
- Cloud & Identity: Wiz, Microsoft Purview & Defender, Okta, Entra, CyberArk EPM
- SIEM & Ops: Splunk, Exabeam, ELK
- Enterprise Platforms: ServiceNow, Jira, Confluence, Microsoft 365
- Security & Analysis: Incapsula WAF, Wireshark
- Scripting: Python, PowerShell
Affiliations
- Co-Chair, IEEE Program Committee — NextGen Security
- Member, AI Security Council
- Co-author, Purple Book Community (AppSec & AI)
- Core Member, Google MVSP
- Education Director, ISACA Silicon Valley Board
- Advisory Board Member, Cybersecurity for Executives — CSU Chico
- Contributor, Vendor Security Alliance (VSA), CWE & CAPEC Working Groups
Certification
- CISA
- CDPSE
- CEH
- CCISO
- CISSP (In Progress)
Timeline
Sr. Staff Analyst – Office of the CISO, Enterprise Security & Compliance
Synaptics
05.2023 - 11.2025
Principal Product Security & Compliance Officer
Venafi, Inc.
09.2019 - 05.2023
Lead Information Security Operations Engineer – US West Coast Lead
FireEye, Inc.
01.2016 - 09.2019
Supervisor, Security & Privacy Services
RSM LLP
09.2014 - 12.2015
Threat Intelligence Lead
VMware, Inc.
11.2012 - 07.2014
Security Engineer
Intuit, Inc.
07.2012 - 11.2012
Security Analyst / Programmer
CERIS (Purdue Research Park)
09.2010 - 08.2011
Technical Associate
Tech Mahindra Ltd.
06.2007 - 09.2007
BE - Computer Engineering
University of Mumbai
MS - Information Security
Purdue University
SECURITY LEADERSHIP SCOPE & EXPERTISE
- Enterprise & Corporate Security Program Ownership
- Governance, Risk & Compliance (NIST CSF, SOC 2, ISO 27001, GDPR, PCI DSS)
- Executive Risk Acceptance & Security Investment Decisions
- M&A Security Due Diligence, Divestitures & Post-Merger Integration
- Product Security & Secure SDLC (Threat Modeling, DevSecOps)
- Cloud, SaaS, Endpoint & Identity Security
- Vulnerability Management, Threat Intelligence & Incident Response
- Third-Party, Vendor & Contract Security Risk
- Security Architecture, Policy & Control Design
- Executive Metrics, KPIs, Budgets & Board-Level Reporting
PUBLICATIONS & MEDIA (Selected)
Quoted or featured as a security subject-matter expert in Forbes, Dark Reading, WIRED, BankInfoSecurity, TechRadar, Threatpost, and others on enterprise security incidents, vulnerability disclosure, certificate security, identity breaches, and supply-chain attacks -
- https://www.forbes.com/sites/daveywinder/2020/01/15/us-government-issues- critical-windows-10-update-now- alert/?sh=2331384f6251
- https://www.darkreading.com/vulnerabilities-threats/nft-thefts-reveal-security-risks-in- coupling-private-keys-and-digital- assets/a/d- id/1340577
- https://www.darkreading.com/attacks-breaches/okta-says-366- customers-impacted-via-third-party- breach
- https://www.wired.com/story/okta-hack-customers-lapsus-breach/
- https://www.itpro.co.uk/security/malware/365023/nvidia- certificates-sign-malware-bypassing- windows-detection
- https://www.bankinfosecurity.com/how-lapsus-uses-stolen-source-code-to-disguise-malware-a-18684
- https://www.techradar.com/news/russia-creates-its-own-tls-certificate-authority-to-bypass-sanctions
- https://threatpost.com/lets-encrypt-revoke-millions-tls-certs/153413/
- · https://www.dailymail.co.uk/sciencetech/article-7922171/Cybercriminals-using-fake-Citibank-website- access-bank-account.html