Ugo Enyioha

Vice President Security at Salesforce

How does this work?
About

Dedicated, results-driven leader with entrepreneurial, management and technical expertise in computer and network systems security, systems analysis, software development and cloud security. Selected competencies include: Software Development, Architecture and Systems Design, Application Security Program Design, Incident Response and building modern, high-performing security assurance programs. Resume : https://docs.google.com/document/d/1V-36FXrItFkXy43gGsWnVQKFX9wiBW7aC-2BGgjGj7w

Ask me about
Snyk
Work experience
logo

Feb 2021 - Present

Salesforce

Vice President Security

Oct 2013 - Present

Principal Software Architect (Scala)

- Software Architect with multi-year experience designing and implementing application back-ends for reactive data collection / telemetry platforms and machine learning systems using Scala, Apache Spark, Akka and other products from the Lightbend stack - Very comfortable with advanced functional programming concepts including correct and effective of use Scalaz, Shapeless, Cats functional programming libraries. With extensive experience in the following domains: - Fast Data Analytics and Stream processing with Spark and Kafka - Batch Processing of Data with Spark, Scalding - ETL job design for telemetry systems. - Setting up Scalable Deployments with Kubernetes - Containerized Akka Microservices Cluster Deployments with Docker - Continuous Integration, Deployment and Delivery Systems for AWS, Azure and Google Cloud platforms - Re-designing and implementing monolithic applications as micro-service level architectures using domain driven design techniques. Selected project list: - Led the design and implementation of a python based custom continuous integration and deployment pipeline for data-science teams. The solution was implemented on Python and used Pyspark with MLLib for machine learning + Boto3 for AWS integration. - Led the design and re-implementation of a C# mobile application backend, converting from a monolithic design to, reactive platform built around Lightbends’s products including Playframework, Spray, Slick and Akka. - Implemented an ETL backend for a machine learning data warehouse. The backend collected data from multiple IOT home devices and performed additional processing to reduce data size. - Rescued a failing project with with poor Apache Spark performance by optimizing its behavior in a memory constrained Apache Mesos environment. - Container scanning pipeline for Kubernetes deployments using hadolint, lineage, clair and sysdig falco.

logo

Aug 2018 - Feb 2021

Salesforce

Senior Director - Infrastructure Security

Very focused on the design and implementation of modern security infrastructure and security assurance processes utilizing policy-as-code strategies. - Expanded team from 5 to 26 security engineers who perform threat modeling and security architecture reviews. The team also delivered security reference architecture for AWS, GCP, Azure and Alibaba Cloud. - Developed KPIs for measuring the design review pipeline. Leveraging my software development background, I personally developed the first version of our metric tracking solutions on Apache Spark and Zeppelin for data analysis and reporting. - Highly effective change agent. Guided team during a period of rapid growth. Uplifted process maturity from an ad-hoc threat modeling process to a data-driven business. The instrumentation we developed feeds our capacity models, and allows us to respond quickly to changing pressures on the team's resources. - Developed security control requirements for Salesforce Public Cloud Environments. Critical topics like Network Segmentation, Identity and Access Management, Container Security, Build Infrastructure Security, Vulnerability and Secrets Management were covered. - Incubated a new team within my organization of highly experienced staff with mixed security and software development skills. They are very capable and have designed solutions to support modern security assurance processes using CNCF's Open Policy Agent (OPA) as automated security guard rails. Team also developed highly regarded Policy Sentry IAM Least Privilege Tool. - Utilized previous experience in managing security consulting teams to structure security RFPs. Was directly involved in commissioning projects for internal, vendor driven architecture reviews and security testing of Salesforce environments. Defined criteria for vendor selection and selected successful bidders. - Personally developed reference architectures for securing kubernetes (EKS) on Amazon Web Services and Google Cloud Platform.

logo

Feb 2018 - Aug 2018

Synopsys Inc

Senior Principal Consultant - Synopsys's Cloud Security Consulting

Performed a comparative analysis of security controls and features present in Amazon Web Services, Microsoft Azure and Alibaba Cloud. Subjects covered included Identity and Access Management, Compute Security, Network and Storage Security and provided solution blueprints in the following areas: - Managing Multiple Accounts and Subscriptions - Centralized Logging and Monitoring in Cloud Environments - Secrets Management - Serverless Workload Security - Container Security - Incident Response and Forensic Procedures - Supporting Continuous Integration and Delivery to cloud environments with automation. - Cloud Provider Compliance for each cloud provider while addressing capability nuances with implementation workarounds where necessary.

logo

Jan 2017 - Feb 2018

Synopsys Inc

Managing Consultant - Synopsys's Cloud Security Consulting

- In charge of P & L, growth strategy and consulting capabilities of Synopsys's Cloud Security Consulting Organization. - Significant expertise assessing security of or designing software architectures on AWS, Azure and Google Clouds. - Introduced the Synopsys "Cloud Security Bootcamp" to increase the number of Synopsys consultants able to execute Synopsys cloud consulting engagements. - The bootcamp is a 16-week program that simulates scenarios companies face when migrating their LoB application portfolio or redesigning applications for cloud environments. - All aspects concerning cloud application security are considered. Consultants are tasked with building secure reference architectures for AWS, Azure, Google and Open Stack cloud for following scenarios: . a lift-and-shift of a LoB application as an IaaS deployment . implementing a PaaS application leveraging cloud provider APIs . automation of cloud native application deployments via CI/CD using Hashicorp's tools, Ansible, Chef and Puppet. . perform policy assessments of cloud architectures using the Cloud Security Alliance Controls Matrix as a guiding framework. - All consultants who graduated from the Synopsys Cloud Security bootcamp have successfully secured professional certifications on AWS and Azure platforms. - Successfully upgraded Synopsys's AWS Consulting Partnership Level from Registered to Standard Partner as a result of Cloud Security Bootcamp training. - Successfully placed several consultants on long term staff augmentation jobs with high profile companies as a result of Cloud Security Bootcamp training. - Efforts have resulted in a notable increase in Cloud Security Consulting revenue.

logo

Dec 2013 - Dec 2016

Cigital, Inc

Managing Consultant - Synopsys Pacific Northwest Region

- In charge of P & L, business development, client management, and technical oversight / security testing for large high-tech clients across Pacific Northwest. • Acted as a trusted, external advisor for multiple (>$1B revenue companies) across supply chain, retail, financial, aviation and ISV verticals on specifics of their application security program. • Directed multiple security teams, providing policy policy and strategic guidance as they built out their application security programs. • Oversaw improvements to organizational security policies, risk ranking methodologies, secure coding standards and project management approaches for identifying, triaging and remediating security vulnerabilities discovered through security assessments. • Mentored junior consultants who conducted security reviews resulting in improved report quality and increased client satisfaction. • Significantly grew PNW revenue to a multi-million dollar run rate as a result of efforts.

logo

Feb 2012 - Dec 2013

Microsoft

Senior Software Security Engineer - Microsoft Information Security Risk Management

- Trusted Security Advisor and Application Security Consultant to Microsoft Premier Clients in America, Europe and Asia on behalf of Microsoft Assessment, Consulting and Engineering (ACE) and Microsoft Consulting Services (MCS) teams. - Managed the ACE, Application Security Training Program. Training programs advised developers on secure programming practices using Microsoft technologies and software development processes. - Successful in identifying opportunities for additional work and upselling services to each organization leading to repeat business for Microsoft ACE ISRM. - Trained customers on application security concerns, performed security architecture assessments, code reviews and penetration tests of client applications. Provided feedback to teams and management on effective methods to mitigate identified security concerns. - Created training modules detailing secure programming practices using ASP.NET, ASP.NET MVC, Windows Communication Foundation (WCF), Windows Identity Foundation (WIF), Windows 8, Windows 8 Mobile, HTML5, C/C++ and Windows API - Created training modules advising developers and project managers on effective strategies to augment development processes with security focused practices including threat modelling, fuzzing, the use of static analysis tools, secure testing practices and the Microsoft Secure Development Lifecycle (SDL). - Performed security architecture assessments, penetration tests, and security advisory for many application teams at Microsoft as part of Microsoft IT's Risk Management Program. Used knowledge of security vulnerabilities affecting web, mobile and desktop applications to highlight security concerns with most applications. Trained engineering teams on effective methods to mitigate these security concerns.

logo

Feb 2011 - Feb 2012

Microsoft

Program Manager - DevDiv Servicing Tools Team

- Oversaw patch readiness development and testing for the .NET 4.5 framework, ultimately ensuring that.NET 4.5 was capable of being updated without errors on release. Worked closely with Windows, DevDiv and Visual Studio groups to ensure that all project activities were completed according to plan. - Program manager for a team of 2 developers and 2 testers. Defined requirements, specifications, project schedule and ultimately released APT – the automated patching tool. APT improves the .NET framework team’s agility and speed in building, developing and testing security updates for the .NET 4.5 framework by automating several previously manually driven tasks.

logo

Feb 2010 - Feb 2011

Microsoft

Program Manager - Bing Platform Infrastructure Team

- Program manager for a team team of 5 developers and 3 testers. Defined requirements, specifications, project schedule and ultimately shipped XAP.NET – a next generation managed workflow programming framework and API used for rapid transformation and presentation of structured data in Bing Answers. XAP.NET is regarded as the most productive framework for building Bing Answers with a >4x development efficiency improvement over the existing XAP.Native C++ based framework. Aligned schedules with teams using beta and final releases XAP.NET to deliver several answers on the Bing Search Engine as showcases. Awarded Microsoft Gold Star for successful execution, on time delivery and recognized impact of XAP.NET to Bing Product Strategy. - Program Manager for team working on KIF Interchange Protocol (KIF), a wire protocol supporting data marshaling and high-speed server-to-server communication (very similar to Facebook’s Thrift and Google’s Protocol Buffers). Wrote specifications for measuring KIF performance and drove performance improvements leading to a 50% reduction in packet size and 10% improvement in protocol read/write performance.

logo

May 2007 - Jan 2010

Microsoft

Program Manager - Windows Sustaining Engineering GDR Team

- Program Manager for several development and test virtual teams focused on the reproduction, triage, planning and release of security updates to the Windows Operating System. Managed multiple concurrent releases throughout tenure. - Released several high profile security updates via Windows Update for Windows OSes (Windows NT through Windows 7) securing ~4billion+ Windows computers in homes and enterprises from internet attacks with 0 incidents/post-release issues after updates were shipped. Small sample of notable releases: • DNS Devolution (WPAD) 2009 http://www.microsoft.com/technet/security/advisory/971888.mspx • Moxie Marlinspike and Kaminsky's ASN1 Cryptovuln 2009 http://www.microsoft.com/technet/security/Bulletin/MS09-056.mspx • Update to Autorun 2009 http://support.microsoft.com/kb/971029 • Dan Kaminsky's DNS 2008 http://www.microsoft.com/technet/security/Bulletin/MS08-020.mspx • Update to Windows Sidebar 2007 http://www.microsoft.com/technet/security/advisory/943411.mspx And many many more releases addressing vulnerabilities in Win32k.sys, Windows Bluetooth Stack, Windows File sharing, Windows Kernel, Microsoft Message Queueing etc. - Program Manager for Microsoft virtual team that investigated the release of 3rd party ISV updates via Windows Update. Team defined vision, business plan, and ISV process and success metrics. Presented and pitched business plans and process concept to Windows GMs in Windows Update, Windows Fundamentals, Windows Sustaining Engineering and SVP Jon DeVaan. Project was accepted as a Win8 area of investigation and ultimately influenced design decisions in the introduction of Windows 8 App Store.

2002 - 2004

Socketworks Ltd

System Administrator / Software Development Engineer

- Founding employee that worked on SocketWorks cPortal – a Java J2EE portal software development kit with a team of ten developers/analysts. - Cross functioned as system integrator for SocketWorks’s clients, designing network architectures, strategies and procedures for integrating cPortal into their networks. Established initial standards and processes for planning and introducing cPortal into Socketwork’s client’s networks. - Network and systems administrator managing 100 client machines in a heterogeneous, Linux, Windows and MacOS based network. - Managed technology budget for organization (approx $1,000/month) for purchase and maintenance of SocketWorks hardware.

Education

2004 - 2006

Carnegie Mellon University

Master's Degree, Computer and Information Systems Security/Information Assurance

1995 - 1999

University of Nigeria

Bachelor of Science (BS), Electrical and Electronics Engineering

Federal Government College Lagos, Nigeria

Talk to Ugo

@ Copyright 2020 OfficeHours Technologies Co.