Profiles search
Ryan Herrmann
Cybersecurity Leader | Information Security Diligence and M&A Integration
Denver, CO, United States
Details
Education:
Bachelor of Science (B.S.)
Business Administration and Management, General
Lee University
2001 : 2006
Ridgeville Christian
1998 : 2001
Business Administration and Management, General
Lee University
2001 : 2006
Ridgeville Christian
1998 : 2001
Experience:
Lead the development of Ventures and M&A cybersecurity security strategic plans and roadmaps that
are aligned to business strategies and requirements.
Lead the maturity/development of Ventures and M&A cybersecurity playbooks based on security
standards, procedures, and best-practices including identity and access management, tenant
management, network security practices, domain trusts posture, SSL/IPsec, security logging,
security incident and event management (SIEM), data protection (DLP, encryption), secrets
management, and vulnerability/threat assessment.
Communicate with leadership to align on business process changes and drive prioritization
of resources.
Coordinate with leaders, management, teams, and technical personnel on a continuous
basis.
Collaborate with security team members to develop all Ventures risk assessment and M&A
security requirements for all hardware and software computing platforms, environments, and
solutions including modifying, where required, existing policies, procedures, and best
practices to address M&A business strategies and requirements.
Document detailed milestone-based and objective focused Ventures and M&A integration
roadmaps.
Partner with cross-functional teams to ensure architectural solutions effectively fulfill
Ventures and M&A business needs.
Collaborate with the security team, business units, and corporate Ventures and M&A teams
on tailoring security requirements to align to individual Ventures and M&A transaction-
specific requirements.
Provide guidance and hands-on experience to Ventures and M&A project teams in the
design, development, and maintenance of solutions and processes that are both risk-
appropriate and risk prioritized.
2023 : Present
PayPal
Manager, Information Security Diligence and M&A Integration
2021 : 2023
PayPal
Senior Information Security Engineer
Cybersecurity engineer and technical integration lead for PayPal’s Mergers and Acquisitions program.
Cybersecurity lead for integration planning, identification of gaps in security control coverage, building mitigation plans and integration roadmaps, and executing technical implementations of PayPal’s complete security control stack (ranging from Logging, Monitoring, Alerting, Encryption Mgmt, Application Security, Container Security, and WAF/DDOS controls) for newly acquired companies.
Technical understanding of microservices architectures and concepts within cloud native environments such as EKS, GKE, ECS, Sidecars, Daemonsets, etc. and experience with deployments in such environments.
Led project to architect AWS pattern and build a solution for cross-region VPC peering (AWS network, network security controls, VPC endpoints) as well as deploy and configure Splunk heavy forwarders to aggregate application, network, and other required logs for proactive alerting and post-incident forensics.
Managed integration budgets for security tooling OPEX spend.
Reported on integration status to C-level executives, VP’s, and cross-functional integration organizations and workstreams.
2019 : 2021
PayPal
Information Security Engineer
Responsible for consulting with all levels of the business on issues related to Cybersecurity where it was required to communicate complex technical controls to non-technical individuals in different company verticals.
Conducted security reviews of COTS/SaaS applications, network firewall requests, and data movement reviews for internal and external data flows.
Collaborated and advised external PayPal business units (Venmo, Braintree, Xoom, etc) on technical evaluations for data security and proper information handling based upon data classification.
Performed technical reviews to ensure authentication, authorization, and role based access controls for databases and applications.
Responsible for knowing and applying PayPal Information Security policies to ensure confidentiality, integrity, and availability of PayPal data and services.
Documented procedures and trained new hires on PayPal’s security review process
2018 : 2019
PayPal
Information Security Consultant
Managed and led team that executed all phases of new software implementations, installations, upgrades, migration projects, and follow up support.
Collaborated with non-technical clients (attorneys) and technical partners (MSSP’s) through concept, design, UAT, final delivery, and training phases of software implementations.
Commended for ability to articulate complicated technology and business processes simply if needed
2013 : 2018
Inertia Legal
Managing Consultant
are aligned to business strategies and requirements.
Lead the maturity/development of Ventures and M&A cybersecurity playbooks based on security
standards, procedures, and best-practices including identity and access management, tenant
management, network security practices, domain trusts posture, SSL/IPsec, security logging,
security incident and event management (SIEM), data protection (DLP, encryption), secrets
management, and vulnerability/threat assessment.
Communicate with leadership to align on business process changes and drive prioritization
of resources.
Coordinate with leaders, management, teams, and technical personnel on a continuous
basis.
Collaborate with security team members to develop all Ventures risk assessment and M&A
security requirements for all hardware and software computing platforms, environments, and
solutions including modifying, where required, existing policies, procedures, and best
practices to address M&A business strategies and requirements.
Document detailed milestone-based and objective focused Ventures and M&A integration
roadmaps.
Partner with cross-functional teams to ensure architectural solutions effectively fulfill
Ventures and M&A business needs.
Collaborate with the security team, business units, and corporate Ventures and M&A teams
on tailoring security requirements to align to individual Ventures and M&A transaction-
specific requirements.
Provide guidance and hands-on experience to Ventures and M&A project teams in the
design, development, and maintenance of solutions and processes that are both risk-
appropriate and risk prioritized.
2023 : Present
PayPal
Manager, Information Security Diligence and M&A Integration
2021 : 2023
PayPal
Senior Information Security Engineer
Cybersecurity engineer and technical integration lead for PayPal’s Mergers and Acquisitions program.
Cybersecurity lead for integration planning, identification of gaps in security control coverage, building mitigation plans and integration roadmaps, and executing technical implementations of PayPal’s complete security control stack (ranging from Logging, Monitoring, Alerting, Encryption Mgmt, Application Security, Container Security, and WAF/DDOS controls) for newly acquired companies.
Technical understanding of microservices architectures and concepts within cloud native environments such as EKS, GKE, ECS, Sidecars, Daemonsets, etc. and experience with deployments in such environments.
Led project to architect AWS pattern and build a solution for cross-region VPC peering (AWS network, network security controls, VPC endpoints) as well as deploy and configure Splunk heavy forwarders to aggregate application, network, and other required logs for proactive alerting and post-incident forensics.
Managed integration budgets for security tooling OPEX spend.
Reported on integration status to C-level executives, VP’s, and cross-functional integration organizations and workstreams.
2019 : 2021
PayPal
Information Security Engineer
Responsible for consulting with all levels of the business on issues related to Cybersecurity where it was required to communicate complex technical controls to non-technical individuals in different company verticals.
Conducted security reviews of COTS/SaaS applications, network firewall requests, and data movement reviews for internal and external data flows.
Collaborated and advised external PayPal business units (Venmo, Braintree, Xoom, etc) on technical evaluations for data security and proper information handling based upon data classification.
Performed technical reviews to ensure authentication, authorization, and role based access controls for databases and applications.
Responsible for knowing and applying PayPal Information Security policies to ensure confidentiality, integrity, and availability of PayPal data and services.
Documented procedures and trained new hires on PayPal’s security review process
2018 : 2019
PayPal
Information Security Consultant
Managed and led team that executed all phases of new software implementations, installations, upgrades, migration projects, and follow up support.
Collaborated with non-technical clients (attorneys) and technical partners (MSSP’s) through concept, design, UAT, final delivery, and training phases of software implementations.
Commended for ability to articulate complicated technology and business processes simply if needed
2013 : 2018
Inertia Legal
Managing Consultant
Company:
PayPal
Years of Experience:
16
Skills
Amazon Web Services (AWS), Application Security, Bash, Budget Management, Client Relations Skills, Communication Skills, Continuous Integration and Continuous Delivery (CI/CD), Cross-functional Team Leadership, Customer Service, Cybersecurity, Employee Training, Google Cloud Platform (GCP), Information Security, Infrastructure Hardening, Kubernetes, Logging, Mergers & Acquisitions (M&A), microsoft office, Multi Tasking, Networking, Network Security, Powershell, Project Management, public speaking, SIEM, Strategy, Training, Web Application Firewall, Manage Client Relationships, Corporate Communications, Business Analytics, Legal Technology, Business Development, Sales, Solution Selling, Technical Recruiting, Customer Retention, Business Intelligence, Manage Client, CRM, social media, customer relationship management (crm)
Profile Photo
