Nils Puhlmann

fractional CISO & Startup Advisor

self

Jan 2026 – Present(4 mos)

Founder & CEO

Endari · Palo Alto, California, United States

May 2022 – Dec 2025(3 yrs 8 mos)

- Raised $4M seed round, securing five customers in the first year and $1.5M in revenue following a successful launch out of stealth mode - Built a proprietary cybersecurity capability maturity model for SMBs with live customer validation and testimonials - Created a unique, scalable product that enables SMBs to measure their security maturity and manage their environment across security capabilities (patent pending)

Cloud Advisory Board

Coalfire

May 2019 – Jun 2024(5 yrs 2 mos)

Chief Risk & Security Officer

MoonPay

Feb 2020 – Apr 2022(2 yrs 3 mos)

- Joined the company with 8 employees and built out the Security, Privacy, and IT program to be enterprise-ready within 2 years following NIST CSF assessment - Hired and trained a team of over 15 Security and IT operators within 2 years to support a company with over 100 employees, $2 billion in processed transaction volume, and 7 million customers - Passed security due diligence during historic $555 million A round - Prepared compliance programs to successfully pass UK FCA, NYDFS BitLicense, and US Money Transmitter Licenses in all US states

Chief Trust & Security Officer

TripActions (now Navan) · Palo Alto, California, United States

Jun 2020 – Jul 2021(1 yr 2 mos)

- Joined Tripactions as its first CISO with a team of 3 Security practitioners and expanded within a year to a team of over 12 seasoned Security operators spanning Security Incident Response, Application Security, Security Architecture, Cloud & IT Security, and GRC. - Ensured Security expectations of F500 customers were met, and GDPR requirements with a data center expansion into Europe were fulfilled - Participated in M&A activities across several continents and embedded acquired operations into Tripactions’ Enterprise Security framework and program

Director, Board Of Directors

DarkLight

Dec 2018 – Feb 2021(2 yrs 3 mos)

Chief Trust and Security Officer

Twilio Inc. · San Francisco

Nov 2017 – Dec 2019(2 yrs 2 mos)

- Joined Twilio with around 250 employees, with the task to help the existing 4-person Security team build a multi-year strategic plan. - Added 21 additional roles to support the company going through hypergrowth towards IPO readiness - Following the departure of the newly hired CISO, joined on an interim basis to stabilize the Security team and program and ensure continuity. Twilio had about 25,000 customers at the time. - As Twilio’s first Chief Trust and Security Officer led the team of about 70 people in maturing the Security program to become enterprise-ready. Added capabilities like Physical Security & Safety and Executive Protection, with the outcome of a fully converged incident response capability. - The company grew to over 150,000 customer accounts, processed about 2 billion emails per day, 127 million text messages per day, and 43 million calls per day, and handled 800 billion total human interactions per year. - Conducted the company’s first NIST CSF-based maturity assessment to align cybersecurity spending with industry metrics - Established ongoing relationships with US federal and international agencies to combat global cybercrime commensurate with Twilio’s significance in the global communications ecosystem - Participated in the acquisition due diligence and integration team when Twilio acquired the public company SendGrid. Within just 3 months of acquisition, we combined the Security program and operations.

Advisor

Twilio Inc. · San Francisco

Nov 2014 – Oct 2017(3 yrs)

Advisor

Dark Cubed

Jan 2017 – Dec 2018(2 yrs)

CTO

Endgame

2013 – 2014(1 yr)

- Joined as CTO with the task of launching Endgame’s commercial Security line of business, where historically Endgame built capabilities for the US intelligence community - Created a prototype for measuring and analyzing large cloud infrastructure assets and their security exposure with a small team of developers. - Rolled out the first commercial product, still in prototype, into production at one of the large cloud-based social media companies. - Filed for a patent for using sensors to remotely monitor security events in large infrastructures

CSO

Zynga · San Francisco

2009 – 2012(3 yrs)

- Joined Zynga as its first Chief Security Officer with the company at about 200 employees and 3 Security practitioners. - Scaled and broadened the Security program over 3 years to about 50 people, with the company scaling to about 3,500 employees. - The program included Incident Response, GRC, Product Security, Security Engineering, Security Architecture, electronic crimes, physical security, customer safety, and executive protection. - Zynga, during this time, was the fastest-growing company in history and AWS’s largest customer. The company had about 200 million monthly active users, about 40 million daily active users, and about 10% of the world’s population played a Zynga game every month. - Worked closely with domestic and international law enforcement to combat cybercrime and helped pursue cybercriminals who were eventually convicted and jailed - Prepared the Security program for IPO readiness and worked closely with Security teams at Facebook, Google & Yahoo

CSO & VP of Risk Management

Qualys

2008 – 2009(1 yr)

CISO

Electronic Arts

2007 – 2008(1 yr)

CISO

Robert Half International

2006 – 2007(1 yr)

• Created Global Security Organization consisting of separate teams covering Business Continuity Management, Security Architecture, Policy & Procedure, Investigations & Forensics, Security Engineering, Privacy, Security Infrastructure, Awareness & Training. • Implemented company’s first global IDS & Vulnerability Scanning Infrastructure. • Started new global initiatives: new security policy framework, first Security Incident Response Program, Web Application Vulnerability Assessments, laptop full disk encryption, global privacy program, ISO 27001 audit • Expanded approved headcount by 70%; hired 6 new FTEs within 6 months • Established first 24/7 security infrastructure and events monitoring & response model through MSSP. • Established regular executive interfaces with HR, Legal, Public Relations, Marketing and E-Discovery (Protiviti) • Completed first ISO 27001 security assessment (information, physical & personal security) for offshore outsourcing vendor

Director, IT & Security, CSO / CPO

Mindjet

2005 – 2006(1 yr)

• Responsible for Global IT & Security at Mindjet, managing an organization of originally 6 people and expanded this to 15 people in 4 global teams. • Managed the design of a complete new security architecture that included offices in 6 countries and implemented disaster recovery hot sites to allow for faster business continuity. • Aligned IT & Security with corporate objectives and transformed it into a true service organization. • Created first ever security policy and risk management framework for Mindjet • Managed the move of the company to a new headquarters including new converged physical and logical security systems. • Provide an interface between the company executive team and customers on privacy issues as the Chief Privacy Officer. • Advisor for the executive team on application security matters and strategy

Sr. Manager, Product Security and Certifications, Manager Adobe Security Task Force

Adobe Systems, Inc.

2004 – 2005(1 yr)

• Created, implemented and managed Adobe’s first ever product security program, security within the SDLC, responsible for product vulnerability testing and initiated and managed Adobe’s first product security incident response team. Created communication channel to other large vendor’s PSIRTs, security research teams and international government organizations (e.g. DHS). • Managed cross functional Adobe security task force (IT security, product security, physical security) and reported frequently to Engineering Council and COO about the current state of security within the company. • Responsible for product certification (NIST, DoD) and initiated and managed Adobe’s first Common Criteria certification in coordination with NSA and BSI.

Director, Technology Strategy

Nortel Networks

2000 – 2001(1 yr)

• Conducted strategic research and analysis and provided recommendations in areas of products, technologies, services and market channels. Identified potential growth areas and their potential long-term impact on Nortel products and services. Reported to Chief Strategy Officer. Directed 8 senior analysts and consultants; responsible for $1 million HR budget. • Member of Due Diligence and M&A Team. Analyzed and recommended $7.8 billion acquisition of Alteon, Internet security provider. Led consulting projects up to $248 million. • Recognized for developing team member who was selected to join elite “Leadership Edge” program.

VP, Technology Strategy & Security

Amadeus (START)

1995 – 2000(5 yrs)

• Served as technology advisor to CEO of leading European developer of reservation, booking and other travel-related systems. Provided companywide consulting in areas of technology including security, connectivity, communication, database access and emerging technologies. Increased security awareness with employees and management through projects, classes and presentations • Led transformations of company’s image from industry "dinosaur" to technology innovator: Reorganized corporate emphasis from single service monopoly and encouraged expansion into new markets. Integrated employee participation in developing the company's future and strategy through "Future Teams." Architected global routing system for Internet resources that improved access and response times, redundancy & security. Shaped and contributed to strategic vision and led implementation of Internet security infrastructure.