Evan B.
Security Executive & Founder | Fractional CISO · vCISO | Product Security & Cloud Architecture | DevSecOps | Zero Trust | GRC Engineering | CISSP · CISM · AAISM · CCSP · CSSLP · CMMC
About
I am a seasoned senior security executive with over 15 years of experience architecting and scaling enterprise-grade security programs that drive business growth, reduce risk, and build customer trust across SaaS, cloud-native, and highly regulated industries.
I specialize in aligning security strategy with corporate objectives to enable innovation and revenue acceleration while maintaining rigorous compliance and operational resilience.
By leading cross-functional teams and partnering with C-suite executives, I have delivered rapid certification rollouts, transformed security operations, and embedded secure-by-design practices that protect critical assets and accelerate time to market.
My expertise spans building high-impact security functions from the ground up, optimizing vendor ecosystems, and driving proactive risk management in high-growth environments.
Key leadership achievements include:
➥ Spearheading ISO 27001 certification in 120 days, unlocking $30M in new enterprise revenue while sustaining continuous compliance across SOC 2, GDPR, and NIST CSF frameworks
➥ Executing a 43% reduction in operational expenses through strategic vendor consolidation and cloud optimization without compromising security posture or availability
➥ Scaling global security operations by building high-performing teams that implemented Zero Trust architecture, automated identity governance, and 24/7 threat monitoring aligned to CIS Critical Controls
➥ Designing a custom trust and third-party risk management framework that enabled $12M in professional services revenue and elevated customer confidence across the US, Europe, and India
➥ Integrating automated security validation into CI/CD pipelines, cutting audit remediation by 60% and accelerating secure product delivery cycles
I bring a strategic, business-focused mindset to security leadership, championing risk-aware innovation and fostering a culture where security drives competitive advantage. My passion lies in transforming security from a cost center into a growth catalyst that enables companies to confidently scale in complex, evolving threat landscapes.
Areas of Impact:
✔Security, Privacy Compliance
✔Cybersecurity
✔SaaS Product Security
✔Application & Cloud Security
✔Security Architecture & Operations
✔Team Leadership & Development
✔Identity and Access Management (IAM)
✔Zero Trust Architecture
✔Risk Management
✔DevSecOps
✔Governance
Experience
Board President
ISC2 Austin Chapter · Austin, Texas, United States
Feb 2026 – Present(3 mos)
In 2025, I led the relaunch of the ISC2 Austin Chapter after five years dormant — rebuilding governance, reconstituting the board, and re-establishing the chapter as an active presence in Austin’s security community. What we’ve built so far: ➥ Relaunched a dormant chapter into an active member community in under 6 months ➥ Established board governance, operating structure, and chapter bylaws to support long-term sustainability ➥ Developed community programming focused on professional development, CPE access, and security education across central Texas ➥ Built partnerships with local security leaders, organisations, and industry groups to expand the chapter’s reach and relevance
Member Board of Directors
ISC2 Austin Chapter · Austin, Texas, United States
Sep 2025 – Feb 2026(6 mos)
Fractional CISO
Greenbelt Advisors · Austin, Texas, United States
2024 – Present(2 yrs 4 mos)
Security programmes don’t fail because of technology — they fail because security isn’t built into how teams actually work. I founded Greenbelt Advisors to bring that perspective to organisations that need experienced, embedded security leadership. As a Fractional CISO and vCISO, I partner with startups and mid-market companies to build and modernise security programmes from the ground up — with a focus on Product Security, cloud-native architecture, and Secure SDLC practices that fit how modern software is made. My work spans the full security lifecycle: governance and risk management, DevSecOps, Zero Trust architecture, compliance readiness (SOC 2, ISO 27001/42001, NIST CSF, HIPAA, CMMC), AI application security, and executive advisory. I bring the same depth to a 30-person startup as I would to an enterprise — right-sized for where you are, built for where you’re going. What I bring to every engagement: ➥ Security programme design and modernisation — building the foundations that scale with the business, not against it ➥ Product Security and Secure SDLC — embedding security into engineering culture, CI/CD pipelines, and product development lifecycles ➥ Cloud and DevSecOps — Zero Trust, JIT access, CSPM, identity governance, and automated compliance validation across cloud and SaaS environments ➥ Compliance and GRC — framework implementation, audit readiness, third-party risk, and continuous compliance engineering ➥ Executive and board advisory — translating risk into business language and helping leadership make informed, confident decisions
Vice President Information Security & IT (CISO / CIO)
Validere · Toronto, Ontario, Canada
2022 – 2025(3 yrs)
Governance, Compliance & Risk ➥ Delivered ISO 27001 certification in just 120 days, then expanded the program to NIST CSF, ISO 27018, SOC 2, and GDPR—directly enabling $30M in revenue and maintaining three years of audit readiness. ➥ Launched a risk management framework, including internal audits, policy governance, and enterprise-aligned data protection standards. ➥ Established third-party risk and customer trust programs that increased supply chain transparency, reduced customer onboarding time, and built confidence with enterprise buyers. ➥ Embedded security and privacy controls into the product development lifecycle, cutting downstream audit remediation efforts by 60%. Architecture, DevSecOps & Incident Response ➥ Architected centralized CSPM, SIEM, and log aggregation systems, enabling unified visibility across 60+ cloud and SaaS platforms. ➥ Built and operationalized a 24/7 incident response capability in partnership with MDR vendors and engineering, reducing time to detect and respond to critical threats by 70%. ➥ Rolled out Zero Trust architecture with JIT access and identity governance, reducing privileged access risk while supporting engineering velocity. ➥ Integrated vulnerability management, penetration testing, and policy compliance into CI/CD pipelines, enabling automated risk mitigation across the SDLC. Culture & Cross-Functional Impact ➥ Built and scaled a Security Champions program that empowered product and engineering teams to embed secure-by-design principles, increasing early identification by 45%. ➥Cultivated a risk-aware culture by training stakeholders to report issues and own security controls, leading to 60% of security events being internally reported. ➥ Standardized secure configurations across cloud, infrastructure, and application environments based on CIS & NIST Controls. ➥ Defined requirements for SaaS, Mobile, and IoT offerings, enabling compliance with customer expectations and unlocking high-value regulated contracts.
Director Information Security
Workrise · Austin, Texas, United States
2022 – 2022(Less than a year)
➥ Built and operationalized an insider risk program that safeguarded sensitive personnel data for 15,000+ contractors and employees across energy, construction, and maritime industries. ➥Automated identity and configuration assessments to enforce baseline controls, reducing compliance drift across cloud and SaaS environments during a period of rapid growth. ➥ Integrated GitOps patterns for infrastructure change management, increasing auditability and reducing downtime across mission-critical platforms. ➥ Enhanced incident response capabilities by embedding SIEM detections and SOAR workflows into DevOps pipelines, cutting response times and increasing team collaboration. ➥ Elevated the organization’s cloud and IT security posture by aligning architecture decisions with enterprise risk priorities and regulated customer expectations.
Director of Application Security
Coda, a Presidio Cloud Company · Austin, Texas Metropolitan Area
2020 – 2021(1 yr)
➥ Created a custom Trust & Vendor Risk program that accelerated third-party reviews and unlocked $12M in professional services revenue from regulated clients. ➥ Led cross-regional delivery teams in the U.S., India, and Europe to implement and scale controls aligned with SOC 2, ISO 27001, and NIST CSF, ensuring global compliance readiness. ➥ Partnered with AWS Professional Services to refine the third-party risk framework, cutting assessment timelines and improving supplier transparency. ➥ Delivered automated assessment tools for cloud environments and development pipelines, enabling real-time compliance checks and reducing manual overhead. ➥ Guided post-acquisition integration efforts by aligning DevSecOps practices with enterprise customer expectations, streamlining audit responses and accelerating project delivery.
Director Information Security
NetSuite · Austin, Texas, United States
2017 – 2020(3 yrs)
➥ Boosted delivery efficiency by 30% by embedding standardized templates and automated verification steps into global SaaS implementation pipelines. ➥ Rolled out scalable training programs for business and technical teams, strengthening baseline security awareness and reducing policy deviations across delivery functions. ➥ Enabled enterprise-wide compliance with SOC 2, ISO 27001, PCI-DSS, and privacy mandates by embedding controls into core delivery workflows. ➥ Collaborated across global teams to align assurance practices with client expectations, improving audit performance and service delivery consistency. ➥ Earned Global Business Unit Recognition Award for successfully deploying the Security Assurance program across Oracle-NetSuite’s international professional services network.
Product Development Manager
Bridgewater Associates · Westport, Connecticut, United States
2016 – 2017(1 yr)
➥ Drove the firmwide rollout of modern workplace technologies by aligning cross-functional stakeholders and managing change across five campuses, improving productivity for 1,500 employees. ➥ Embedded NIST 800-53 security controls into cloud and mobile infrastructure to support secure remote work and regulatory compliance. ➥ Streamlined portfolio oversight by implementing Jira-based project tracking and DevOps integrations, centralizing reporting across technology initiatives. ➥ Delivered modern macOS endpoint platforms as part of a “work anywhere” initiative, enabling secure flexibility for cloud-native engineers and developers.
Software Development Manager
Amazon · Seattle, Washington, United States
2015 – 2015(Less than a year)
➥ Led delivery and operations of critical alert and emergency notification services for global corporate and AWS environments, managing an 8-person engineering team while acting as product manager. ➥ Refactored Joiner-Leaver automation processes to complete thousands of daily events within 12 hours, ensuring timely provisioning and deprovisioning of key third-party services like telecom and credit cards. ➥ Boosted team velocity by 43% and cut mean time to resolution by 70% by implementing agile Kanban methodologies and promoting cross-functional ownership across engineering, DevOps, QA, and support teams.
Director of Professional Services
Avnet Technology Solutions · Austin, Texas, United States
2004 – 2015(11 yrs)
➥ Led a 45-person team delivering software development and infrastructure solutions, driving $27 million in revenue across diverse industries. ➥ Managed North American operations and strategic partnerships with IBM and AWS to enhance customer engagement and operational efficiency. ➥ Developed SDLC standards and compliance frameworks tailored for HIPAA and PCI-DSS regulated clients, ensuring secure and consistent project delivery. ➥ Established a center of excellence program that accelerated new hire productivity, converting recruits into skilled engineers and architects within two years.
Associate Information Architect
Florida State University · Tallahassee, Florida
May 2003 – Sep 2004(1 yr 5 mos)
Specialized technical implementation and design for a user experience research lab in the university's Information School.
Contractor - Consultant
Alliance Consulting · Washington DC-Baltimore Area
May 2003 – Sep 2003(5 mos)
Short-term contract to deliver two key content managed web experiences for US State Department’s education initiative and embassy web presences.
Senior Developer
IBM · Bethesda, Maryland
2000 – 2002(2 yrs)
Start-up; programmed modules for core application platform and provided global consulting services.
Web Developer
Florida State University · Tallahassee Metropolitan Area
1998 – 1999(1 yr)
Designed and hosted websites for the college and it's departments.
Education
Florida State University
Bachelor of Science - BS, Information Science/Studies
1997 – 2004
Western Governors University
Master of Cybersecurity and Information Assurance, Computer and Information Systems Security/Information Assurance
Apr 2025
Harvard University
Master of Science - MS, Information Technology
2016 – 2023
Expertise
Specialties
