Profiles search

Sean Malone

CISO @ Demandbase
Seattle, WA, United States

Details

Education: MS

Information Security & Assurance

Western Governors University

2011 : 2013

BS

Mathematics with Computer Science concentration

University of Dallas

2006 : 2010
Experience: 2022 : Present

Demandbase

Chief Information Security Officer

Following acquisition of VisibleRisk by BitSight, I led integration of the VisibleRisk platform, product, and services into BitSight.

2021 : 2022

BitSight

VP Risk Products

• Security Program Formation

Built a best-in-class startup security team and program from the ground up. Designed streamlined & cost-effective policies, procedures, architectures, technical controls, and third-party solutions.

• Customer Trust

Represented the company’s security and privacy posture to potential & current clients. Enabled sales by supporting customer third-party risk management processes. Passed inspection by multiple Fortune-500 financial firms.

2021 : 2021

VisibleRisk

Chief Information Security Officer

• Cyber Risk Quantification

Designed quantitative approaches to measure entities’ security governance, fortitude, and overall ability to prevent, detect, and respond to cyber attacks. Core contributor to the VisibleRisk assessment and risk quantification methodology.

• Product Strategy

Led a successful pivot from a services company to a SaaS product company, defining the product & technology vision and execution strategy, resulting in successful acquisition by BitSight. Managed a global team of 30+ members across Product, R&D, Engineering, and Delivery.

2020 : 2021

VisibleRisk

VP Product & Service Delivery

• Security Strategy

Matured the organization’s approach to cyber defense by driving programmatic prioritization. Leveraged the NIST Cybersecurity Framework, formal risk assessment with NIST SP 800-30, and red team engagements to identify and mitigate unmanaged risk.

• Executive Leadership

Led a cross-functional team including security engineering, security tooling, and incident management. Drove alignment with business stakeholders and engineering teams.

• Media Distribution Platform Security

Leveraged deep technical expertise to secure the platform, from content ingestion through cataloging, encoding, distribution, and playback. Managed security at scale for hundreds of services, thousands of AWS accounts, and legacy infrastructure.

• Cloud-Native DevSecOps

Drove automated and orchestrated security through a streamlined SDLC with security integrated into the CI/CD pipeline. Provided enablement tools and guardrails to make it simple to develop secure software. Used big data analytics and machine learning with auto-remediation to rapidly mitigate identified risks.

2019 : 2020

Amazon

Head of Cyber Defense, Amazon Prime Video
Company: Demandbase
Years of Experience: 15

Skills

Application Security, Computer Security, Enterprise Software, Information Security, Information Security Management, Networking, network security, Penetration Testing, risk assessment, secure coding, Security, security architecture design, security audits, security awareness, security vision & leadership, social engineering, vulnerability assessment, vulnerability management, web application security, Security Architecture, Security Vision

About

Technical CISO who assists organizations in achieving real risk reduction by ensuring that they have the people, technologies, and processes in place to enable business operations while managing risks effectively. Skilled in Security Vision & Leadership, Governance, Cloud Security, Product Security, Information Risk Management, and Team Building. Open to challenging leadership opportunities that consist of moving quickly to create a direct, positive impact.



Sean Malone has conducted full real-world red team attacks against dozens of different organizations. He knows how the adversary thinks and operates, because he has been that adversary countless times in his work as a consultant. Sean works with these organizations to improve their security far beyond check-box requirements and compliance minimums. His reshaping of enterprise security architecture consistently results in significantly decreased attacker success rates. This comprehensive knowledge of an attacker’s mindset, combined with his in-depth understanding of the landscape of a corporate security environment, leaves him uniquely suited to design and implement effective security programs for any corporation.



=========================



KEY CERTIFICATIONS

• Certified Chief Information Security Officer (C|CISO)

• Certified Information Systems Security Professional (CISSP)

• Certified Information Systems Security Manager (CISM)

• Certified Information Systems Auditor (CISA)

• AWS Certified Solutions Architect