Cyber Security Leader, Advisor & Investor!
About Me
My name is Ross Hosman and I’m a Chief Information Security Officer based in Colorado, USA! Besides being a CISO I’m also an advisor to and investor in a number of unicorn cyber security startups. I’ve had the opportunity in my career to work for the largest financials to the scrappy startups that are looking to change the world.
Contact Details
Location: Colorado, US
Email: ross [at] ruselabs.com
Phone: 720 808 0222
Work
b.well
Chief Information Security Officer• March 2023 - Present
To be added
Drata
Chief Information Security Officer• July 2021 - November 2022
Drata is a startup in the security and compliance automation space started in late 2020. Drove product vision to deliver Automated Trust Center and ensuring we filed patents for it.
- Built our Security, Compliance and IT teams to support the business going from 30 employees to 300+ in a year
- Built a Zero Trust security architecture while enabling the business
- Defeated external Red Team adversary with no findings and no flags captured
- Achieved SOC1/2/3, ISO27001, HIPAA, PrivacyShield as well as met GDPR and CCPA
- Helped direct the company into a solid growth strategy
Sigma Computing
Head of Information Security• October 2019 - July 2021
Sigma Computing is a startup based in San Francisco in the Analytics and BI space. We are growing at a unicorn pace with customers in all different market segments adopting our platform. Sigma recruited me to build out the Information Security, IT and GRC (Governance, Risk and Compliance) programs in the company.
- Created an enterprise class security organization from the ground up that could support enterprise clients and their security needs. Focus areas included: Cloud Security, Container Security, Application Security, SaaS Security, Security in the CI/CD pipeline, etc.
- Built out the compliance program to ensure we met SOC 1, SOC 2, SOC 3, and HIPAA requirements.
- Built an IT organization that could support faster internet connectivity, wireless, conferencing, helpdesk and mobile device management.
Recurly
Head of Information Security• September 2018 - October 2019
Lead, expand and uplift the Information Security and Compliance teams at Recurly. Transition Recurly from a late stage startup with a traditional data center infrastructure model into a company that runs cloud native with a security/compliance program that supports the model. Ensure security/compliance in our cloud environments with cloud native tools and automated remediation.
- Build maturing into the information security and compliance programs.
- Automate security for cloud environments for rapid remediation.
- Enable new compliance initiatives such as SOC 2, GDPR, CCPA, etc.
JP Morgan Chase & Co
Head of Cloud Security• October 2016 - September 2018
As the leader for cloud security at JP Morgan Chase I was tasked with building out and leading the cloud security team for one of the largest financial institutions in the world. Our goal was to design/build/implement security solutions for a multi-cloud environment that offered rapid automatic remediation of security issues in a fast paced cloud/container environment.
- Build a team from two people to over 14 cloud professionals all who became AWS Certified Solutions Architects.
- Set and implement a security strategy around automated remediation of security issues in a multi-cloud environment.
- Own security for multiple public cloud, private cloud and container environments.
Cisco
Sr. Cloud Security Architect• August 2015 - May 2016
Cisco's Intercloud is an ambitious project to bring your clouds together. Cisco Cloud Services is a talented team of people that build these clouds and with the acquisitions of Piston Computing as well as Metacloud we are bringing managed OpenStack to the enterprise along with cutting edge features (e.g. Cisco ACI).
- Lead security Architecture around platform and services (BDaaS, LaaS, NFV, vMS) in a cloud that leverages the latest SDN solutions.
- Work on Anti-DDoS solutions to protect the cloud
- Virtualizing existing security solutions (FW, WAF, etc.)
- Security Log Analytics - SIEM
VMware
Cloud Security Architect • May 2014 - August 2015
As part of the VMware OneCloud team I handle all the security architecture design. OneCloud is an internal cloud used by all different departments. Currently it spans three continents and includes over 100,000 virtual machines. Our job is to run VMware products at scale and as part of the R&D division test new code before it is released. My job is to manage the security around the OneCloud product from design to implementation as well as operations. Working with other teams / stakeholders to make sure we are meeting their needs and coming up with new ways to improve our products from a security viewpoint.
- Deploy security stack in an all virtual environment which allows for IPS, DLP, Network Forensics, etc.
- Deploy NGFWs to give better visibility into the traffic that transits our networks
- Work with team members to implement security standards / process
- Work with internal security teams to ensure compliance with corporate standards
- Work with security partners to offer feedback on their products and deploying them at scale
For a full work history please check out my Linkedin profile here.
Investments
Affiliations
Silicon Valley CISO Investments ( SVCI ) - Investor
Information Security Leadership Foundation -Steering Committee
Bain Capital Ventures - Cyber Security Advisory Committee
Team8 - Villager