SUMANTA DEY
Ashburn,VA
Summary
LEADER, INFORMATION SECURITY Experienced and skilled Head of Information Security with almost two decades of experience in building, managing, and mentoring high-performing security teams. Demonstrated ability in developing innovative and successful security strategies that effectively guide large organizations across multiple geographies. Proficient in communicating priorities and leading teams to achieve results. Proven expertise in designing and implementing comprehensive Security Programs, conducting Security Architecture reviews, managing Bug Bounty programs, conducting Application Security Assessments, developing and implementing secure code review processes, delivering security training, leading Security incident response efforts, and promoting security awareness across the organization. Experienced in vendor management and optimization of security processes. Capable of providing consultation to global cross-functional teams. Skills : Security Leadership, Global Team Building & Management, Multimillion-Dollar Budgeting, DevSecOps, Information Security, Vendor Sourcing & Management, Training, Risk Management, Partnership Development, Process Improvements, Program Management, Threat Modeling, PCI-DSS, GDPR, Pen Testing, Bug Bounty, Application Security, OWASP, Maturity Model, Vulnerability Management, C/C++, Strategic Planning
Overview
19
19
years of professional experience
3
3
Certification
Work History
Head of Product Security
NetWitness, RSA
08.2019 - 03.2023
- NetWitness, was owned by, till
- 03/2023
- Ensure products (on-prem and SAAS) are designed, developed, and deployed with security in mind
- DevSecOps
- Create and implement product security strategies that minimize security risks and ensure compliance with customer needs and relevant regulations and standards
- Lead a team of Product Security engineers working on security architecture reviews a.k.a
- Threat modeling, pentesting, SAST, DAST, SCA, vulnerability management, security automation capabilities
- Conduct product security assessments to identify potential vulnerabilities and risks in the products
- Create and implement product security training programs
- Collaborate with other scrum teams as well as other departments
- Lead, manage and respond to security incidents
- Oversee programs like Common Criteria, SOC2, and other compliance-related initiatives
Senior Manager
Capital One
03.2018 - 08.2019
- Responsible for managing a large part of the Application Security program at CapitalOne
- Some highlights of the role :
- Managed the launch of the first private Bug Bounty program for the company
- This included designing, promoting, implementing and managing the program
- Led a team of highly talented individuals working on various aspects of Application Security – Penetration testing (pentesting), DAST, SAST
- Wrote up a large part of the Responsible Disclosure policy (shared externally) and assisted launching of public Responsible Disclosure program.
Founding Partner
AimAndWin
03.2017 - 05.2018
- Aim And Win was a staffing company for IT recruitments aimed at bridging the gap between non-tech recruiters and busy hiring managers
- Responsible for helping establish business, developing client relationships, managing day-to-day operations, hiring employees, managing finances, and setting targets.
Manager
PayPal USA
03.2015 - 02.2017
- Revamped Bug Bounty and Pen Testing program in the US, developing processes, roadmaps, and tools for delivering security tests
- Expanded the Pen Testing program to a multimillion-dollar budget, streamlined vendor management, and tripled the vulnerability count identified during pen testing by focusing on quality
- Successfully managed the transition of Bug Bounty from eBay during the PayPal/eBay separation, collaborating with cross-functional teams, established processes to keep senior leadership informed of security risks, and worked with PR/Comms teams on external/internal communications related to security
- Sought new vendors, negotiated lower rates, and led the team through a large layoff while still delivering Bug Bounty and Pen Testing deliverables.
Manager
PayPal India
06.2013 - 03.2015
- Provided support for various security programs
- Served as a technical consultant on application security issues
- Played a role in workforce restructuring
- Oversaw the downsizing of the InfoSec team in India to align with the organization's needs
Associate Project Manager
Computer Science Corporation, CSC
10.2007 - 06.2013
Software Engineer
Electra Design Automation
02.2005 - 10.2007
Software Engineer
NIIT Technologies Ltd
03.2004 - 02.2005
Education
Master of Computer Applications - CONFERENCES
Birla Institute of Technology
2003
CISO Course
Carnegie Mellon University
Pittsburgh, PA06.2023
Indian Institute of Management,
2017
CISSP
ISC2
01.2018
Bachelor of Science -
Bachelor of Science
GCSA
SANS
01.2022
Skills
- Built and managed teams in various geo-locations - India, United States, Israel, Singapore, Egypt
- Experienced at managing DevSecOps, BugBounty, PenTesting, Responsible Disclosure, Security Architecture, Third Party Vendor Security, Network Security teams
- Experienced with 3rd party risk reviews, Application architecture reviews
- 14 years of experience at counseling Development teams on security
Certification
Created and/or streamlined processes to establish secure SDLC in various organizations
CISSP – Certified Information Systems Security Professional (license active)
GCSA – GIAC Cloud Security Automation Certification(license active)
Certified Ethical Hacker (CEH) ⎯ 2011 (license expired)
Work Availability
monday
tuesday
wednesday
thursday
friday
saturday
sunday
morning
afternoon
evening
swipe to browse
Quote
The first one gets the oyster, the second gets the shell
Andrew Carnegie
Timeline
Head of Product Security
NetWitness, RSA
08.2019 - 03.2023
Senior Manager
Capital One
03.2018 - 08.2019
Founding Partner
AimAndWin
03.2017 - 05.2018
Manager
PayPal USA
03.2015 - 02.2017
Manager
PayPal India
06.2013 - 03.2015
Associate Project Manager
Computer Science Corporation, CSC
10.2007 - 06.2013
Software Engineer
Electra Design Automation
02.2005 - 10.2007
Software Engineer
NIIT Technologies Ltd
03.2004 - 02.2005
Master of Computer Applications - CONFERENCES
Birla Institute of Technology
CISO Course
Carnegie Mellon University
Indian Institute of Management,
CISSP
ISC2
Bachelor of Science -
Bachelor of Science
GCSA
SANS
Similar Profiles
JULIUS OFOSU-ASANTEJULIUS OFOSU-ASANTE
Network Security Engineer Lead at RSA NETWITNESS RECAP, CACI, INCNetwork Security Engineer Lead at RSA NETWITNESS RECAP, CACI, INC
Mohamed El-GarfMohamed El-Garf
Africa Territory Manager & Egypt COE Lead at NetWitnessAfrica Territory Manager & Egypt COE Lead at NetWitness
Ayushi GhoshAyushi Ghosh
Software Engineer at NetWitnessSoftware Engineer at NetWitness
Felicia DyittFelicia Dyitt
Sortation Associate at AMAZONSortation Associate at AMAZON
Joshua HillJoshua Hill
Runner at Coastal Flats RestaurantRunner at Coastal Flats Restaurant