My name is Ross Hosman and I'm a Cloud Hosting fanatic as well as security geek! I love the idea of Cloud and being able to build massive infrastructures at the click of a button, so much that I have tried nearly every cloud out there. I'm also a security geek so I love looking at new technology to see how it works and how it can possible be compromised or more secure with other technologies. These days I spend a lot of time tinkering with technologies like DNSSEC, RASP, Container Security and Automated Security Remediation technologies. I'm currently employed as the Head of Information Security at Recurly in Boulder, Colorado.
In my spare time I really enjoy hiking the beautiful mountains of Colorado and travelling to new places for new adventures!
Ross Hosman
Boulder, CO US
(720) 808-0202
[email protected]
site: www.ruselabs.com
site: www.ross.is
Head of Information Security• October 2019 - Present
Present
Head of Information Security• September 2018 - October 2019
Lead, expand and upli the Information Security and Compliance teams at Recurly. Transition Recurly from a late stage startup with a traditional data center infrastructure model into a company that runs cloud native with a security/compliance program that supports the model. Ensure security/compliance in our cloud environments with cloud native tools and automated remediation.
- Build maturing into the information security and compliance programs.
- Automate security for cloud environments for rapid remediation.
- Enable new compliance initiatives such as SOC 2, GDPR, CCPA, etc.
Head of Cloud Security• October 2016 - September 2018
As the leader for cloud security at JP Morgan Chase I was tasked with building out and leading the cloud security team for one of the largest financial institutions in the world. Our goal was to design/build/implement security solutions for a multi-cloud environment that offered rapid automatic remediation of security issues in a fast paced cloud/container environment.
- Build a team from two people to over 14 cloud professionals all who became AWS Certified Solutions Architects.
- Set and implement a security strategy around automated remediation of security issues in a multi-cloud environment.
- Own security for multiple public cloud, private cloud and container environments.
Sr. Cloud Security Architect• August 2015 - May 2016
Cisco's Intercloud is an ambitious project to bring your clouds together. Cisco Cloud Services is a talented team of people that build these clouds and with the acquisitions of Piston Computing as well as Metacloud we are bringing managed OpenStack to the enterprise along with cutting edge features (e.g. Cisco ACI).
- Lead security Architecture around platform and services (BDaaS, LaaS, NFV, vMS) in a cloud that leverages the latest SDN solutions.
- Work on Anti-DDoS solutions to protect the cloud
- Virtualizing existing security solutions (FW, WAF, etc.)
- Security Log Analytics - SIEM
Cloud Security Architect • May 2014 - August 2015
As part of the VMware OneCloud team I handle all the security architecture design. OneCloud is an internal cloud used by all different departments. Currently it spans three continents and includes over 100,000 virtual machines. Our job is to run VMware products at scale and as part of the R&D division test new code before it is released. My job is to manage the security around the OneCloud product from design to implementation as well as operations. Working with other teams / stakeholders to make sure we are meeting their needs and coming up with new ways to improve our products from a security viewpoint.
- Deploy security stack in an all virtual environment which allows for IPS, DLP, Network Forensics, etc.
- Deploy NGFWs to give better visibility into the traffic that transits our networks
- Work with team members to implement security standards / process
- Work with internal security teams to ensure compliance with corporate standards
- Work with security partners to offer feedback on their products and deploying them at scale
For a full work history please check out my Linkedin profile here.
Over the years I have had the opportunity to work at many different types of organizations including Government, Telcos and High Tech. This has provided me the ability to learn many different areas in the Information Security field.