I got my first computer when I was 8, growing up in Florida in the early '90s. A couple of years later, I found my way into hacker chat rooms on IRC, and that community basically raised me as an engineer. We shared tools, wrote programs, broke things, and learned by doing. Some of my friends ended up getting in trouble, which turned out to be a pretty effective wake-up call. It redirected my curiosity toward the defensive side, and I have never looked back.
I have been a GitLab customer for over eight years. I came to the platform when I was in the middle of a DevOps transformation, obsessed with building a best-in-breed, innovative secure software development lifecycle. GitLab had a disruptive energy and a pace of innovation that helped me and my teams succeed. I wanted to influence where the product was going, so I joined the advisory board. Becoming GitLab's CISO felt like the natural next step of that journey. It is a dream role, and I am genuinely all in.
## About Me
Security is my craft, and I came up in it the way I believe it should be done: with people taking a chance on me and sharing what they knew. That experience shaped how I lead. The best security leaders are not the ones hoarding knowledge or opportunities. They are the ones making everyone around them better.
I build teams where learning is built into how we work, not something bolted on after the fact. Give people real problems, remove the obstacles in their way, give them room to figure it out, and be there when they need a nudge in the right direction. That is how you build a team of leaders who go on to do incredible things in their careers.
Right now, my biggest focus is on what is possible at the intersection of AI and security. The pace of change is exponential. It is the Wild West all over again, and that kind of moment genuinely energizes me. I want GitLab to be at the forefront of rethinking what a cutting-edge security program can look like when you embrace AI fully.
## My Values
**Learning**
The way I entered this field was through people who invested in me and shared what they knew. I take that seriously and try to pay it forward in how I develop the people around me.
**Curiosity**
It started in IRC chat rooms and has never left. I am always drawn to how things work, how they break, and how to make them better. I expect the same from the people I work with.
**Craft**
Security is a discipline. Doing it well requires rigor, depth, and continuous learning. I care about doing the work with excellence, not just checking boxes.
**Partnership**
Security succeeds when it is deeply embedded in the business. I believe in building bridges, not barriers, and in working alongside engineering, product, and the broader organization.
## My Superpowers
**Developing Leaders**
I have spent my career building teams that produce leaders. I invest in people's growth as a core part of how I operate, not a side project.
**Adversarial Thinking**
My background gives me a genuine, practitioner-level understanding of how attackers think. That perspective shapes how I build, where I focus, and what I prioritize.
**Vision for AI-Driven Security**
I am deeply focused on what is possible at the intersection of AI and security programs. Not theoretically. I am actively working to push the boundaries of how security can operate at the speed and sophistication that the current threat landscape demands.
**Platform Perspective**
As a long-tenured GitLab customer and advisory board member, I bring a practitioner's view of the platform that is unusual in a CISO seat. I know what it feels like to rely on GitLab to get security right, and that context matters.
## Where I'm Still Growing
**Patience with Scale**
I move fast and like to move fast. At GitLab's scale, I am focused on pairing that bias for speed with the collaboration and process that a global organization requires.
**Delegating Earlier**
I care deeply about outcomes and can sometimes stay too close to the work. I am intentional about empowering people and trusting teams to own their domains.
## Communication Style
**Direct and substantive**
I value clear, substantive communication. Say what you mean, lead with the point, and follow with the context. I am not interested in positioning. I am interested in solving problems.
**Written async preferred, with room for live conversation**
For most topics, Slack or email works well. When something is complex, nuanced, or time-sensitive, let's get on a call. Please include context, what is happening and why it matters, and a clear ask when you reach out.
**Challenge welcomed**
I expect people to push back when they disagree. That is how good ideas get stronger. I will tell you when I have made up my mind, and I welcome debate before that point.
**Bias toward action**
I would rather move, learn, and adjust than wait for perfect information. I expect the same orientation from my team.
## My Expectations of the Team
**Ownership**
Own your outcomes, not just your tasks. Follow through on commitments, close loops, and surface risks early. When priorities change, communicate proactively and come with solutions.
**Learning as a practice**
Stay curious. Ask questions, challenge assumptions, and be open to being wrong. The security landscape moves fast enough that learning has to be a continuous practice, not an occasional event.
**Partnership**
Security wins when it is trusted and integrated across the business. Show up as a collaborator, not a gatekeeper. Build relationships, share context, and work toward shared goals.
**Develop each other**
The way I learned this craft was through people investing in me. I want this team to carry that forward. Share what you know. Lift others up. Build the kind of team that people are proud to have come from.
## My Role
I serve as GitLab's Chief Information Security Officer.
I am responsible for the security of GitLab as a company and as a platform, leading the global security organization, and ensuring our security program operates with the rigor, innovation, and speed that a leading DevSecOps platform demands.
## *Final Note*
*The way I think about security has always been shaped by people who bet on me before I had anything to show for it. I am here to build a team that does the same: takes chances on people, invests in their growth, and leaves this field better than we found it. Let's get to work.*
GitLab builds a platform with the potential to improve security assurance at internet scale. Having spent a decade leading teams that engineered security solutions into homegrown CI/CD systems, I saw an opportunity to move beyond single-company solutions that served thousands of developers to work on a platform that could secure millions. At GitLab, we have the opportunity to improve software security globally. What keeps me at GitLab is the wealth of smart, dedicated team members committed to the same mission.
Throughout my life and career I have sought out difficult challenges. Leading a security division at the most public public-company is one of the most challenging CISO roles in the world. It is a great privilege to help lead this company on our security journey as a DevSecOps company.
## Leadership Philosophy
People are the foundation of organizational success and the most fascinating aspect of any enterprise. This is particularly true in information security, where securing human behavior has been an ongoing challenge for decades. My mission is to create environments where exceptional individuals can thrive and drive remarkable outcomes while fostering a culture of meaningful contribution.
### Personal Values
-**Candor**: High-fidelity information drives decision-making. I encourage open dialogue and positive intent, believing that even difficult issues become solvable when discussed openly.
-**Integrity**: Maintain rigorous accountability standards and act in good faith, regardless of circumstances or audience. Reputation and trust is currency in the security community.
-**Ownership**: Success multiplies when people feel true ownership of objectives. I believe in pushing decisions to those closest to the problems.
-**Mission Matters**: A mission-driven person, staying focused on what matters to the outcomes helps drive clarity and focus.
### My Super Powers
-**Accountability**: I deliver on commitments and maintain high performance standards, communicating proactively when plans need adjustment.
-**Building High-Performing Teams**: Complex systems require collaborative effort. I value acknowledging both strengths and growth areas in building high-performing teams. I create environments where team members can do their best work, a place where they make their career highlight reel.
-**Persistence & Grit**: My achievements come through determination and resilience rather than natural talent. I'm willing to fail and learn repeatedly on the path to success.
-**Humor**: While I take our security mission seriously, I believe in maintaining perspective through appropriate levity, especially following high-pressure situations once threats are mitigated.
-**Hiring Well**: The greatest determinant of long-term outcomes. Companies are dynamic ecosystems, and effective hiring requires a strong alignment with the mission, shared organizational values, and a systems-thinking approach.
### My Weaknesses
-**Malcontent**: My drive for improvement can sometimes overshadow celebrating progress. Please remind me to acknowledge wins.
-**Impatience**: When biasing for action I may at times move too quickly to solutions in areas of expertise. Feel free to encourage more discussion time. I have limited patience for learned helplessness, I expect others to share my drive for seeking better solutions. Don't stay blocked
-**Focus**: My brain has the ability to focus intesnely on issues that I find interesting or matter deeply to the
## Working Together
### Expectations
-**Problem Solving**: Expect first-principles thinking and data-driven approaches <br/>
-**Ownership**: Clear DRIs (Directly Responsible Individuals) for all initiatives <br/>
-**Growth Mindset**: Continuous learning through active coaching and feedback <br/>
-**Customer Focus**: Alignment between business objectives, OKRs, and security strategy <br/>
-**Healthy Conflict**: Embracing diverse perspectives and data-grounded discussions <br/>
### Communication Preferences
-**Primary**: Slack is my default communication channel <br/>
-**Documentation**: Comments in shared documents (tag me directly). I prefer to write and communicate in long-form content rich documents <br/>
-**Meetings**: Reserved for discussions that can't be resolved asynchronously <br/>
