Paolo is available for hire
Hire PaoloPaolo del Mundo
Verified Expert in Engineering
Cybersecurity Developer
Falls Church, VA, United States
Toptal member since August 6, 2024
Bio
Paolo has been a security expert specializing in cloud and application security for over six years. With 15 years as a software developer, he works with technologies like Wiz, Snyk, SentinelOne, and BigID. Paolo enhanced The Motley Fool's security posture by establishing the AppSec and CloudSec programs. He led the Discover team at Tanium, a product that garnered $12 million in annual sales. He and his team won an Edison Award for Excellence in Energy and Sustainability for his work at Opower.
Portfolio
The Motley Fool
Kubernetes, Application Security, Static Application Security Testing (SAST)...
Tanium
Node.js, JavaScript, Python 3, C++, Bash
Opower
JavaScript, Node.js, Ruby, Python, Java
Experience
- Application Security - 20 years
- Python 3 - 20 years
- Node.js - 11 years
- Static Application Security Testing (SAST) - 10 years
- Cloud Security - 5 years
- Amazon Web Services (AWS) - 4 years
- Snyk - 4 years
- Wiz Cloud Security Platform - 2 years
Availability
Part-time
Preferred Environment
Kubernetes, Python 3, Node.js, Linux, Windows
The most amazing...
...initiative I've led is creating the security team at The Motley Fool. I was the first FTE security hire and have been instrumental in scaling it to five FTEs.
Work Experience
Director of Application Security
2020 - PRESENT
The Motley Fool
- Achieved a 90-day mean time to remediation by building application security, cloud security, vulnerability management, and incident response engagements for 500+ global employees in the US, Japan, the UK, Australia, and Germany.
- Advised senior executives and the board of directors quarterly on the health of the information security program and the industry threat landscape, growing the security program budget from $0.3 million to $2 million within 3.5 years.
- Developed and implemented the first AppSec program to manage vendor, application, cloud, customer, and infrastructure risk and led teams in operationalizing security initiatives, minimizing the risk of data breaches and reputational damage.
- Decreased remediation times by 50-70% by establishing KPIs to monitor organizational security health, eliminating vulnerabilities and improving the overall cybersecurity posture across the organization.
- Conducted security audits and security architecture reviews of current enterprise applications and potential vendors, reducing the impact and severity of security incidents and ensuring the support of 20+ million website visitors monthly.
- Managed Snyk and Wiz deployments to enhance vulnerability detection and cloud security posture management, streamlining security processes and improving threat visibility.
Technologies: Kubernetes, Application Security, Static Application Security Testing (SAST), OWASP, Cloud Security, Wiz Cloud Security Platform, Snyk
Team Lead | Senior Software Engineer
2016 - 2020
Tanium
- Enabled product scalability of $10 million per year by supporting the Tanium Discover asset management tool, including overseeing the Discover team and processes, improving software quality, and eliminating all customer software crashes.
- Reported and fixed high-severity vulnerabilities, securing features on the Tanium security bulletin.
- Increased product adoption and secured more enterprise customers by delivering core features for Discover, such as host identification, network scanning, and asset inventory.
Technologies: Node.js, JavaScript, Python 3, C++, Bash
Engineering Manager | Senior Software Engineer
2013 - 2016
Opower
- Secured an Edison Award for Excellence in Energy and Sustainability after building the bill analysis, energy use, and home audit tools and deploying them to the largest utility websites, including PG&E and National Grid. See bit.ly/opower-edison.
- Achieved 100% employee retention, managing a web products team of five developers, two QA engineers, a UX expert, and a product manager. Supported energy management tools that enabled households to manage their energy consumption.
- Implemented a collaborative planning process involving my team and multiple cross-functional teams, contributing to product development discussions and driving intra-team improvements.
Technologies: JavaScript, Node.js, Ruby, Python, Java
Consultant | Software Developer
2004 - 2013
Independent
- Started my own consulting firm, providing expert technology consulting services to high-profile clients such as In-Q-Tel and The Federal Reserve Board of Governors.
- Provided clients with expert guidance on implementing front-end frameworks, such as Angular and Knockout.js, helping modernize their applications and enhance interactivity.
- Delivered projects across a variety of industries, including financial, government, and technology.
Technologies: JavaScript, C#, .NET, Java
Experience
The Motley Fool AppSec Program
http://fool.com/A comprehensive initiative designed to safeguard our digital assets and protect sensitive data across application and cloud environments.
As the lead of this program, I ensured that 15+ Motley Fool software development teams were consistently shipping secure software in the cloud. The program implements a robust security framework encompassing vulnerability management, secure code practices, and continuous monitoring.
Leveraging advanced security tools such as Wiz and Snyk, we focused on proactive threat detection and risk mitigation in real time. Through close collaboration with development teams, we embedded security throughout the software development lifecycle, fostering a culture of security awareness and resilience.
This initiative enhanced our security posture and aligned with industry standards and regulatory requirements, ensuring our users' and stakeholders' trust and confidence.
As the lead of this program, I ensured that 15+ Motley Fool software development teams were consistently shipping secure software in the cloud. The program implements a robust security framework encompassing vulnerability management, secure code practices, and continuous monitoring.
Leveraging advanced security tools such as Wiz and Snyk, we focused on proactive threat detection and risk mitigation in real time. Through close collaboration with development teams, we embedded security throughout the software development lifecycle, fostering a culture of security awareness and resilience.
This initiative enhanced our security posture and aligned with industry standards and regulatory requirements, ensuring our users' and stakeholders' trust and confidence.
Tanium Discover
http://tanium.comAt Tanium, I was deeply involved in the development and implementation of Tanium Discover, an advanced IT asset discovery solution.
I contributed to designing and optimizing its architecture to ensure rapid and accurate network scans, allowing organizations to identify and manage all connected devices efficiently. By providing real-time visibility and control over unmanaged and rogue devices, I helped enhance security policies and mitigate potential vulnerabilities. My efforts supported Tanium Discover in becoming a trusted tool for numerous enterprises, including several Fortune 100 companies, helping them maintain robust IT security and compliance.
I contributed to designing and optimizing its architecture to ensure rapid and accurate network scans, allowing organizations to identify and manage all connected devices efficiently. By providing real-time visibility and control over unmanaged and rogue devices, I helped enhance security policies and mitigate potential vulnerabilities. My efforts supported Tanium Discover in becoming a trusted tool for numerous enterprises, including several Fortune 100 companies, helping them maintain robust IT security and compliance.
Home Energy Applications
http://opower.comAt Opower, I played a pivotal role in developing innovative home energy applications designed to promote energy efficiency and sustainability.
By leveraging advanced data analytics and user-friendly interfaces, I helped create apps that empower homeowners to monitor and reduce their energy consumption. These applications provided personalized insights, energy-saving tips, and real-time usage data, making it easier for users to adopt energy-efficient behaviors. My work contributed significantly to Opower’s mission of driving energy efficiency, which has led to substantial reductions in energy usage and costs for millions of households.
By leveraging advanced data analytics and user-friendly interfaces, I helped create apps that empower homeowners to monitor and reduce their energy consumption. These applications provided personalized insights, energy-saving tips, and real-time usage data, making it easier for users to adopt energy-efficient behaviors. My work contributed significantly to Opower’s mission of driving energy efficiency, which has led to substantial reductions in energy usage and costs for millions of households.
Education
1999 - 2003
Bachelor's Degree in Computer Science
University of Maryland - College Park, MD, USA
Certifications
FEBRUARY 2023 - FEBRUARY 2026
AWS Certified Cloud Practitioner
Amazon Web Services
Skills
Libraries/APIs
Node.js
Tools
BigID
Languages
Python 3, Python, JavaScript, C#, Ruby, C++, C, Bash, Java
Frameworks
.NET, Angular
Platforms
Linux, Windows, SentinelOne, Amazon Web Services (AWS), Kubernetes
Paradigms
Microservices
Other
Application Security, Static Application Security Testing (SAST), OWASP, Cloud Security, Wiz Cloud Security Platform, Snyk, AWS Certified Cloud Practitioner, Algorithms, Cryptography, Data Structures, Palo Alto Networks
Collaboration That Works
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
1
Share your needs
Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2
Choose your talent
Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3
Start your risk-free talent trial
Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.
Top talent is in high demand.
Start hiring