The Context

Splunk is a leading data platform that powers critical security, observability, and IT operations for global enterprises. As the product portfolio expanded and customer security expectations increased, Splunk needed a strong, measurable, and scalable product security function to reduce risk and accelerate secure innovation.

The Challenge

Product security efforts were distributed, inconsistent, and reactive. The organization needed stronger program foundations, clearer risk visibility, better engineering adoption, and enterprise-grade evidence to meet customer and regulatory expectations.

What I Did

Built the product security function from the ground up and established the operating model, processes, tooling, and culture required to scale securely.

• •Defined product security strategy and multi-year roadmap
• •Established secure SDLC, threat modeling, and risk management practices
• •Built vulnerability management and PSIRT-aligned processes
• •Implemented security testing and automation at scale
• •Established security metrics, KPIs, dashboards, and executive reporting
• •Drove security enablement for engineering teams
• •Partnered across GRC, IT, Product, Engineering, Legal, and Executive Leadership
• •Strengthened customer-facing security evidence and security answer capabilities
• •Created security architecture review and design standards
• •Built and scaled a high-performing product security team
• •Translated product-security program goals into secure SDLC practices that could be applied across Splunk-built products and Splunkbase applications
• •Used BSIMM and OWASP SAMM-style maturity thinking to frame product-security activities, gaps, and progress
• •Integrated SAST, DAST, manual review, pattern hunting, linting, and targeted verification into repeatable security workflows
• •Created or supported risk-based triage models separating hard blockers, high-priority remediation items, warnings, and follow-up findings
• •Connected vulnerability management to release decision-making, engineering ownership, and customer-trust expectations
• •Developed security scorecard patterns and reporting cadences for weekly, monthly, and quarterly stakeholders
• •Supported certification criteria and review standards for Splunkbase and Splunk Certified app workflows
• •Helped convert repeated security issues into standards, guidance, checks, and remediation patterns
• •Balanced tool-driven findings with manual exploitability review to reduce false positives and focus engineering effort
• •Connected secure SDLC evidence to enterprise deal support, customer security reviews, and product-security credibility
• •Helped make product security operational: define the bar, measure the posture, route the work, verify fixes, and report progress
• •Supported Splunk product-security remediation and evidence work tied to enterprise customer assurance
• •Used Veracode results as one measurable signal within a broader AppSec and secure SDLC maturity story
• •Helped identify, prioritize, and drive remediation of application-security issues that affected customer confidence
• •Connected SAST findings, vulnerability triage, engineering remediation, and risk decision-making into customer-ready evidence
• •Framed Veracode posture improvement as part of a broader security maturity program rather than a one-off scanner score
• •Created or supported security scorecards, remediation summaries, and customer-facing assurance narratives
• •Helped translate internal security work into defensible language for sales engineering, customer security teams, procurement, and leadership
• •Balanced transparency with confidentiality by sharing useful evidence without exposing proprietary implementation or sensitive findings
• •Aligned the work with secure SDLC, BSIMM, SAMM-style maturity expectations, and practical product-security program operations
• •Connected the deal-unblocking effort back into lasting product-security process improvements rather than treating it as a one-time escalation

The Outcome

Transformed product security into a strategic, measurable, and trusted function that improved the security posture of Splunk's platform and enabled faster, safer delivery.

Key Deliverables

• •Product security strategy and roadmap
• •Secure SDLC and threat modeling program
• •Vulnerability management and PSIRT process
• •Security testing program and automation
• •Security architecture review board
• •Security metrics, executive reporting, and KPI dashboards
• •Security enablement and engineering training
• •Risk management and exception process
• •Customer security evidence artifacts
• •High-performing product security team
• •Secure SDLC maturity model support
• •Product-security standards and review criteria
• •SAST and DAST workflow support
• •Manual review and exploitability triage patterns
• •Splunkbase App Certification security criteria support
• •Risk-based vulnerability triage model
• •Security scorecards and progress reporting
• •Remediation-routing and ownership workflow
• •Release-risk and hard-blocking threshold guidance
• •BSIMM and OWASP SAMM-style maturity framing
• •Customer-trust and enterprise security evidence support
• •Public-safe portfolio case-study JSON
• •Veracode posture improvement support
• •Application-security remediation support
• •SAST finding triage and prioritization
• •Product-security evidence narrative
• •Customer security review support
• •Enterprise deal-readiness security evidence
• •Secure SDLC maturity framing
• •Security scorecard and progress reporting support
• •Sales engineering security enablement support
• •Customer-facing assurance language
• •Public-safe portfolio case-study narrative