My name is Ross Hosman and I'm a Cloud Hosting fanatic as well as security geek! I love the idea of Cloud and being able to build massive infrastructures at the click of a button, so much that I have tried nearly every cloud out there. I'm also a security geek so I love looking at new technology to see how it works and how it can possible be compromised or more secure with other technologies. These days I spend a lot of time tinkering with technologies like DNSSEC, RASP, Container Security and Automated Security Remediation technologies. I'm currently employed as the Head of Information Security at Recurly in Boulder, Colorado.
In my spare time I really enjoy hiking the beautiful mountains of Colorado and travelling to new places for new adventures!
Head of Information Security• September 2019 - Present
Lead, expand and upli the Information Security and Compliance teams at Recurly. Transition Recurly from a late stage startup with a traditional data center infrastructure model into a company that runs cloud native with a security/compliance program that supports the model. Ensure security/compliance in our cloud environments with cloud native tools and automated remediation.
- Build maturing into the information security and compliance programs.
- Automate security for cloud environments for rapid remediation.
- Enable new compliance initiatives such as SOC 2, GDPR, CCPA, etc.
Head of Cloud Security• October 2016 - September 2018
As the leader for cloud security at JP Morgan Chase I was tasked with building out and leading the cloud security team for one of the largest financial institutions in the world. Our goal was to design/build/implement security solutions for a multi-cloud environment that offered rapid automatic remediation of security issues in a fast paced cloud/container environment.
- Build a team from two people to over 14 cloud professionals all who became AWS Certified Solutions Architects.
- Set and implement a security strategy around automated remediation of security issues in a multi-cloud environment.
- Own security for multiple public cloud, private cloud and container environments.
Sr. Cloud Security Architect• August 2015 - May 2016
Cisco's Intercloud is an ambitious project to bring your clouds together. Cisco Cloud Services is a talented team of people that build these clouds and with the acquisitions of Piston Computing as well as Metacloud we are bringing managed OpenStack to the enterprise along with cutting edge features (e.g. Cisco ACI).
- Lead security Architecture around platform and services (BDaaS, LaaS, NFV, vMS) in a cloud that leverages the latest SDN solutions.
- Work on Anti-DDoS solutions to protect the cloud
- Virtualizing existing security solutions (FW, WAF, etc.)
- Security Log Analytics - SIEM
Cloud Security Architect • May 2014 - August 2015
As part of the VMware OneCloud team I handle all the security architecture design. OneCloud is an internal cloud used by all different departments. Currently it spans three continents and includes over 100,000 virtual machines. Our job is to run VMware products at scale and as part of the R&D division test new code before it is released. My job is to manage the security around the OneCloud product from design to implementation as well as operations. Working with other teams / stakeholders to make sure we are meeting their needs and coming up with new ways to improve our products from a security viewpoint.
- Deploy security stack in an all virtual environment which allows for IPS, DLP, Network Forensics, etc.
- Deploy NGFWs to give better visibility into the traffic that transits our networks
- Work with team members to implement security standards / process
- Work with internal security teams to ensure compliance with corporate standards
- Work with security partners to offer feedback on their products and deploying them at scale
For a full work history please check out my Linkedin profile here.
Over the years I have had the opportunity to work at many different types of organizations including Government, Telcos and High Tech. This has provided me the ability to learn many different areas in the Information Security field.
Ross is a wonderfully skilled and highly motivated individual who provided significant contributions to our organizations.Don Bertier - CIO - MOHELA
In addition to his technical depth/aptitude, Ross has a deep seeded passion for technology and hosting areas. His knowledge of internet, cloud and hosting industries is quite amazing, along with his list of external contacts. Long after Ross left my organization, I continued to consult with him on evolving business/technical items.
His willingness/ability to learn, coupled with his openly honest dialog are great attributes. It's uncommon to have such a bright technical mind who is equally "dialed-in" to business issues, competitive landscape considerations and evolving technology trends.
Ross is an exceptional employee, with professional interest that extends far beyond what is required for him to perform in an exceptional manner. Ross has high ethical standards, with a strong commitment to not only personal performance, but group and company performance. A highly recommended individual!Kirk Thomas - CIO - Savvis
Ross is one of the best security leader I have ever worked with. Not only does he know how to run successful security & compliance programs, he also possesses deep technical knowledge of various cloud technologies offered by AWS and Google. This unique combination of skills instilled confidence in the public cloud infrastructure that was deployed and also ensured the company have sustained security culture and compliance program. I would strongly recommend Ross to anyone looking for a solid Security & Compliance leader.Stephanus Setiawan - VP Techops & Security - Recurly
Ross has an incredible knack for cultivating cloud security professionals; his ability to find, recruit, and lead talent is truly awe-inspiring. His passion for cloud security is abundant, and he manages to instill this sentiment in his entire team. I've never seen such commitment to a team nor experienced such camaraderie as I did when working with Ross and the cloud security team at JPMC.Ryan Weigand - VP Cloud Security - JP Morgan Chase & Co
I got to know Ross first time when we worked together but in different teams on security for Cisco's Intercloud Services, and later when he persuaded me to come over and work for him in his team at JP Morgan Chase, on their public cloud program.Ove Hansen - VP Cloud Security - JP Morgan Chase & Co
For Cisco's Intercloud we worked on the architecture for an Openstack-based cloud platform with Cisco ACI and SDN at the core, as well as a wide variety of the security services for the platform (DDOS, WAF, authentication services etc.). When Cisco decided to shut down their Intercloud I had no hesitation to come over and join him at JPMC.
As a security professional I think he is brilliant, with a lot of common sense, loads of technical skills, and solid industry knowledge. As a manager he's well liked and respected by his peers and reports, and he has been able to build a world-class security team around him.
I would be very happy to work with him a third time, if the opportunity should come up again, and would be very happy to recommend him to anyone who's looking for a solid security professional.