Lucas Szymanowski, Developer in San Jose, United States
Lucas is available for hire
Hire Lucas

Lucas Szymanowski

Verified Expert  in Engineering

Security and GRC Developer

Location
San Jose, United States
Toptal Member Since
March 20, 2023

Lucas is a seasoned professional with 23+ years of experience leading and scaling high-growth tech companies. He's passionate about digital transformation and cybersecurity, having implemented complex security programs, led successful acquisitions, and developed audit and compliance programs to safeguard against cyber threats while promoting business growth. Lucas brings a forward-thinking approach and a deep understanding of emerging threats to every role.

SoftwareSecuritySystem AdministrationCloud SecurityWeb SecurityInternet of Things (IoT)CloudflareAWS HADatadogGoogle Cloud Platform (GCP)JavaWindowsMacOS

Portfolio

Crowdz
AWS HA, Datadog, Cloudflare, Business Continuity, Disaster Recovery Plans (DRP)...
BoostUp
AWS HA, HubSpot, Datadog, SOC 2, ISO 27001, GDPR, Business...
Wrike
AWS HA, Cybersecurity, IT Security, Security, Cloud Security, SIEM...

Experience

IT Audits - 20 yearsBusiness Continuity & Disaster Recovery (BCDR) - 20 yearsCompliance - 20 yearsRisk Management - 20 yearsBusiness Continuity - 20 yearsISO 27001 - 20 yearsSOC 2 - 15 yearsGDPR - 3 years

Availability

Part-time

Preferred Environment

Windows, MacOS, Business Continuity, Business, AWS HA, Cloud Security, Risk Management

The most amazing...

...projects I've been involved in required me to lead four companies through acquisitions in banking, software, and startups.

Work Experience

Senior Director | Information Security

2022 - 2023
Crowdz
  • Orchestrated the conception, deployment, and stewardship of governance, risk, and compliance (GRC), as well as information security, infrastructure security, application security, and complementary methodologies.
  • Oversaw identifying and recruiting key personnel for a Series B startup recognized as a market leader by Gartner.
  • Deployed all early-stage security and compliance tools while recruiting the first team members for app security and governance.
Technologies: AWS HA, Datadog, Cloudflare, Business Continuity, Disaster Recovery Plans (DRP), Compliance, SOC 2, System-on-a-Chip (SoC), ISO 27001, Cybersecurity, IT Security, Security, Cloud Security, SIEM, Web Security, Internet of Things (IoT), Penetration Testing, OWASP, Vulnerability Identification, Information Security Management Systems (ISMS), System Administration, Vulnerability Assessment, Google Cloud Platform (GCP)

Head of Information Security

2022 - 2022
BoostUp
  • Spearheaded the conceptualization, execution, and administration of IT and compliance strategies and GRC programs with a holistic focus on technology, processes, and personnel.
  • Implemented and managed security tools, partner programs, vendor management tools, and GRC initiatives.
  • Defined and managed SOC 2 compliance from ideation to final deliverables.
Technologies: AWS HA, HubSpot, Datadog, SOC 2, ISO 27001, GDPR, Business, Business Continuity Planning (BCP), Business Continuity & Disaster Recovery (BCDR), Compliance, Cybersecurity, IT Security, Security, Cloud Security, SIEM, System-on-a-Chip (SoC), Web Security, Internet of Things (IoT), Penetration Testing, OWASP, Vulnerability Identification, Information Security Management Systems (ISMS), System Administration, Vulnerability Assessment, Google Cloud Platform (GCP)

Director | Information Security

2018 - 2022
Wrike
  • Spearheaded security and GRC efforts across the European, Asian, and American regions, resulting in scalable, mature, and robust security and compliance initiatives during rapid growth.
  • Managed security during rapid growth, ultimately leading to a successful acquisition by Citrix Systems for $2.25 billion.
  • Built and developed the in-house security onboarding and annual certification programs while expanding the scope of SOC 2, ISO, GDPR, and related audit programs.
Technologies: AWS HA, Cybersecurity, IT Security, Security, Cloud Security, SIEM, System-on-a-Chip (SoC), Web Security, Internet of Things (IoT), Penetration Testing, OWASP, Vulnerability Identification, ISO 27001, Information Security Management Systems (ISMS), System Administration, Vulnerability Assessment, Google Cloud Platform (GCP)

Security and Compliance Manager

2015 - 2018
Clarizen
  • Played a pivotal role in driving the successful implementation and annual recertification of compliance programs such as GDPR, ISO 27001, SOC 2, Cloud Security Alliance, and Google Cloud.
  • Held ownership of all internal and external audit processes. I served as the red team leader, assuming accountability for identifying and mitigating security risks throughout the organization.
  • Expanded the SOC 2 and ISO scope and built the GDPR program from the ground up.
Technologies: Salesforce Sales Cloud, AWS HA, Google Cloud Platform (GCP), Business Continuity, Business Continuity & Disaster Recovery (BCDR), Business Continuity Planning (BCP), Compliance, Contract Management, GDPR, ISO 27001, SOC 2, Cybersecurity, IT Security, Security, Cloud Security, SIEM, System-on-a-Chip (SoC), Web Security, Internet of Things (IoT), Penetration Testing, OWASP, Vulnerability Identification, Information Security Management Systems (ISMS), System Administration, Vulnerability Assessment

Risk Manager

2013 - 2015
Salesforce
  • Directed the design and deployment of the comprehensive enterprise risk management (ERM) program across multiple business units, including mergers & acquisitions (M&A), corporate, and consumer-facing divisions.
  • Worked on the FedRAMP project, collaborating with cross-functional teams to ensure compliance with the rigorous security and risk management standards required by the US government for cloud service providers.
  • Collaborated on the RSA Archer project, implementing the platform's GRC modules for SFDC to effectively manage risks, comply with regulations, and streamline business processes.
Technologies: SFDC Configuration, RSA, FedRAMP, Business, Business Continuity & Disaster Recovery (BCDR), Privacy, Compliance, IT Audits, Cybersecurity, IT Security, Security, Cloud Security, SIEM, System-on-a-Chip (SoC), Web Security, Internet of Things (IoT), Penetration Testing, OWASP, Vulnerability Identification, ISO 27001, Information Security Management Systems (ISMS), System Administration

Vendor Information Security Manager

2011 - 2013
eBay
  • Oversaw the implementation and administration of the global vendor information security program, including security assessments, contract negotiation, planning activities, and regulatory and legal reviews, in an ecosystem of 1,000 active partners.
  • Managed all security and legal reviews for all contracts.
  • Supervised and acted as the primary system administrator for RSA Archer.
Technologies: AWS HA, Google Cloud Platform (GCP), RSA, Vendor Management, Business Continuity, Business Continuity & Disaster Recovery (BCDR), IT Audits, Contract Management, Legal, Cybersecurity, IT Security, Security, Cloud Security, SIEM, System-on-a-Chip (SoC), Web Security, Internet of Things (IoT), Penetration Testing, OWASP, Vulnerability Identification, ISO 27001, Information Security Management Systems (ISMS), System Administration

Q&A: Meet the InfoSec Director Speaking Out About the Weakest Links in Business Security

https://em360tech.com/tech-articles/security-chain
"Human error is inevitable, but when mistakes are happening at an exponential rate in an organization, they have the potential to seriously damage it or, worse, bring on its demise. This is especially true of cybersecurity mishaps. According to the cybersecurity and data analytics firm Cybsafe, cybersecurity breaches are primarily caused by 'user error.' Thus, companies who are spending aimlessly on the latest security gadgets are clearly missing the mark."

I delve into this question in the latest interview I gave for EM360: https://em360tech.com/tech-articles/security-chain

Opinion Piece: Disengaged Employees Could Become Your Organization's Greatest Security Threat

https://www.infosecurity-magazine.com/opinions/disengaged-employees-org-security/
"Since the pandemic, the almost immediate need to better protect remote systems and networks has significantly increased demand on security teams. With cyber-criminals taking advantage of the mass disruption caused by a shift in working models, organizations have been left more exposed and more vulnerable to attack than ever before."

This is part of an opinion piece I wrote for Infosecurity. The complete publication can be found at https://www.infosecurity-magazine.com/opinions/disengaged-employees-org-security/

Expert Opinion: Safer Internet Day 2021 – The Experts Have Their Say

https://securityitsummit.co.uk/briefing/safer-internet-day-2021-the-experts-have-their-say/
"The ongoing pandemic has acted as a catalyst, driving an online trend that was already well underway. As the majority of our interactions now take place in a digital format, this year's Safer Internet Day serves as a stark reminder that it has never been more important to ensure that we all remain protected when online."

I've been interviewed for Safer Internet Day 2021. The full publication can be found at https://securityitsummit.co.uk/briefing/safer-internet-day-2021-the-experts-have-their-say/

Paradigms

Penetration Testing

Industry Expertise

Cybersecurity

Other

HubSpot, SOC 2, ISO 27001, Software, RSA, Vendor Management, Risk Management, Business Continuity, Vendors & Suppliers, Contract Management, Disaster Recovery Plans (DRP), Compliance, System-on-a-Chip (SoC), Business, Business Continuity Planning (BCP), Business Continuity & Disaster Recovery (BCDR), FedRAMP, Privacy, IT Audits, Legal, Enterprise Risk Management (ERM), Communication, Complex Problem Solving, Cross-functional Collaboration, IT Security, Security, Cloud Security, SIEM, Web Security, Internet of Things (IoT), OWASP, Vulnerability Identification, Information Security Management Systems (ISMS), System Administration, Vulnerability Assessment, Cloudflare, SFDC Configuration, GDPR

Frameworks

AWS HA

Tools

Salesforce Sales Cloud

Storage

Datadog

Languages

Java

Platforms

Google Cloud Platform (GCP), Windows, MacOS