Profiles search

Michael Weiss

Chief Information Security Officer at Human Interest
San Francisco, CA, United States

Details

Education: MS

Electronic Commerce

Carnegie Mellon University

2003 : 2004

BS

Aerospace Engineering

UCLA

1988 : 1993

Palm Springs High School

1984 : 1988
Experience: Built and managed Human Interest's information security program, including a fully remote team handling secure software development life cycle, incident response, privacy and risk management. Conducted multiple years of SOC audits. Hardened public facing attack surface, leading to A or A+ ratings from security scanning websites such as Mozilla Observatory, Qualys SSL Labs, and ImmuniWeb.

2020 : Present

Human Interest

Chief Information Security Officer

Developed Funding Circle's first information security program.

Responsible for establishing and maintaining Funding Circle's global information security program to protect sensitive data, IT systems, production environments, and physical offices across five offices in North America and Europe. The program identifies and prioritizes security risks and integrates mitigation strategies into the company's development and maintenance programs.

Also responsible for information security incident response and data protection compliance.

2015 : 2020

Funding Circle US

Chief Information Security Officer

As the “voice of security”, managed a team overseeing and coordinating security efforts across the company, including compliance, information technology, human resources, and communications. Identified security initiatives and standards, and managed and oversaw their implementation.

• Drove SOX compliance, including conducting a complete audit and tracking remediations to completion.

• Developed and managed standard processes for maintaining and patching operations infrastructure in Amazon Web Services.

• Consolidated account management from 12 separately-managed systems into a single signon infrastructure with multifactor authentication, simplifying password management and improving security while simultaneously improving employee satisfaction.

• Implemented pinned SSL and HMAC on GREE games, which alone eliminated losses of over $100k per year per game.

• Designed and implemented centralized personally-identifiable information (PII) store, reducing risk to the company while simplifying business teams’ processes.

• Trained employees on security technologies (e.g., cryptography, SSL, PKI, HMAC), secure coding practices, and threat avoidance (e.g., phishing, multi-factor authentication, security awareness).

• Coordinated with executives, product managers, developers, and designers to balance the competing needs of security, usability, and limited resources.

• Conducted code reviews and provided security consulting to developers.

• Initiated improved data gathering and reporting metrics to better assess risk and find latent security issues.

• Managed incident response and forensic investigation of security breaches.

2012 : 2015

GREE International, Inc

Director Of Information Security

Managed multiple releases of OnLive’s service, coordinating the activities of a highly decentralized engineering organization.

• Established realistic schedules and feature targets, which ensured a sustainable release cadence and improved morale and productivity in the engineering organization.

• Time-based releases shipped on time or early; feature-based releases shipped with all required features in place.

2011 : 2011

OnLive

Software Release Manager

Provided security expertise, incorporating security into the software development lifecycle, for both online and mobile applications, specifically adapted to a highly decentralized and distributed engineering organization, an agile development methodology, and a massively scaled online service-oriented and mobile product catalog.

• Built and deployed a security awareness and training program targeting the engineering staff, which led to lower overall security costs by reducing by 50% the number of security vulnerabilities introduced into the code.

• Applied results from penetration testing to focus secure development efforts in the web and mobile application spaces.

• Developed custom statistical analysis techniques for calculating revenue loss due to security vulnerability exploits. This led to a clear cost/benefit analysis of security vulnerabilities, demonstrating net profit improvements of over $10M per year.

2010 : 2010

Zynga

Security Consultant
Company: Human Interest
Years of Experience: 26

Skills

Amazon Web Services (AWS), Application Security, Business Continuity, CISSP, Cloud Computing, Cloud Security, Computer Forensics, Computer Security, Cryptography, Data Privacy, Data Security, Disaster Recovery, Encryption, FinTech, Firewalls, Identity Management, Incident Response, Industry standards, Information Security, Information Security Awareness, Information Security Governance, Information Security Management, Information Security Standards, Information Technology, Infrastructure as a Service (IaaS), Internet Security, ISO 27001, Leadership, Management, Network Security, NIST, OWASP, PCI DSS, Penetration Testing, PKI, Program Management, Security, Security Architecture Design, Security Audits, Security Awareness, Security Management, Security Policy, Security Training, Strategy, Threat & Vulnerability Management, Vulnerability Assessment, Vulnerability Management, Vulnerability Scanning, Web Application Security, Intrusion Detection, Host Intrusion Prevention, CEH, Malware Analysis, Security Architecture, Host Intrusion, Threat & Vulnerability

About

Experienced CISO in financial services.

Over 25 years experience in technology-focused companies, with over 15 in information security.

Consistent management of high-performing organizations.

Specific experience in incident response, risk assessment, control frameworks, and practical security strategy.