HK Parekh

CISO, Five9

About HK Parekh

Forward thinking, results-driven, security/privacy engineering, security operations and compliance leader with strong business acumen, technical background and “Builder” mindset. Track record of building world-class security teams while driving security and technology transformations at scale. Recognized thought leader in Cloud, Product security/IT security, Security Operation Center(SOC) and privacy domains with expertise working in “post-breach” environments. Demonstrated experience reporting company wide security status to senior leadership teams and board.

Significant contribution to Security maturity models used by CISO’s – OWASP Software Assurance Maturity Model (SAMM), Building Security In Maturity Model (BSIMM), NIST SSDF, and SAFECode SecureSDL. Contributed to SANS CWE Top 25 Programming errors and CVSS v3.

Presented at several security conferences (OWASP Global AppSec, BSides Tampa Bay, BSides Knoxville, BSides Portugal, 8dot8 Chile, BSides Toronto, DevSecCon, HoneyCon, BSides Philli).

Led post-breach containment and recovery strategy for 2017 Amazon Whole Foods data breach and transformed security at Splunk after publicly announced security incident.

Strategic and execution focused Cloud/IT/Infrastructure/mobile security, privacy, compliance and operations leader with track record of developing strategy, roadmap and delivering results while building strong technical teams focused on – application/product/enterprise security, compliance, security operations, incident response, software engineering, physical security, threat and vulnerability management, security architecture, governance, risk management and compliance. Led various compliance initiatives-FedRAMP, ISO27001, SOC2, HIPAA, HITRUST, PCI, NIST 800-53, GDPR, CCPA, Privacy-Shield.

Strong track record of building/transforming teams, grooming leadership skills in geographically dispersed teams. Built collaborative partnership across company to advance security strategy. Transformed DevOps organization to DevSecOps by integrating security and infrastructure engineering tools in CICD pipeline and delivered security at scale and speed. Built Security Operations function focused on identify and access management, data protection, data loss prevention, SIEM, SOAR, vulnerability scanning, threat hunting, phishing campaigns, security chaos engineering/red teaming and vulnerability response.

Reported quarterly state of security, privacy, security operations and compliance to company’s top leadership team, executives and board.

Increased Diversity of the teams I built.