Currently, Andrew Leeth works at Salesforce. His responsibilities include application security, penetration testing, threat modeling, remediation, defense protections, and security guidance to development teams throughout the Software Development Lifecycle (SDLC). Andrew works closely with developers to ensure that customers’ assets are secure in the company’s products. Before that, Andrew was a consultant that provided security services to a variety of businesses both large and small, and across many industry verticals. He helped many of these companies assess and manage the security risks involved with cloud vendors. While consulting, he reviewed the security of hundreds of cloud providers, from larger providers, like Amazon and Microsoft, to small start-up companies. Andrew attended Indiana University where he received his degree in Security Informatics. Andrew also holds various certifications including the CSSLP, GWAPT, CEH, CCSK, GMOB, CISSP, and many others.

Product Security Engineer @ • Identify and understand the development practices, networks and infrastructure that make Salesforce Marketing Cloud successful • Recommend and build solutions/mitigation plans to help resolve risks. • Guide the technology organization's security by participating in design reviews, Threat Modeling, and in depth security penetration testing of our code and systems. • Provide input on application design, secure coding practices, log forensics, log design and vulnerability remediation. • Perform cutting edge research on new attacks, write white papers and present on those findings to internal audiences. • Evaluate and build application security tools for internal consumption and drive usage of these tools. From May 2014 to Present (1 year 8 months) Indianapolis, Indiana AreaSenior Security and Privacy Consultant @ Consulting banks, financial institutions, health care providers, and other clients navigate the labyrinth of information security. Providing a wide variety of assessments but primarily focus on application security, 3rd party vendor risk, secure software development life cycle (SSDLC), regulatory gap analysis, penetration assessment (from both an intranet and internet perspective), risk management programs, and information security policy drafting and analysis. Experience working with HIPAA/HITECH, SSAE16 (formally SAS70), NIST, ISO, SOX, GLBA, PCI:DSS, Massachusetts State Law 201 CMR 17.00, among others. From August 2013 to April 2014 (9 months) Security and Privacy Consultant @ Consulting banks, financial institutions, health care providers, and other clients navigate the labyrinth of information security. Providing a wide variety of assessments but primarily focus on application security, 3rd party vendor risk, secure software development life cycle (SSDLC), regulatory gap analysis, penetration assessment (from both an intranet and internet perspective), risk management programs, and information security policy drafting and analysis. Experience working with HIPAA/HITECH, SSAE16 (formally SAS70), NIST, ISO, SOX, GLBA, PCI:DSS, Massachusetts State Law 201 CMR 17.00, among others. From June 2011 to August 2013 (2 years 3 months) PC Computer Consultant @ Troubleshot various problems with users connecting to the campus network, software installation, and general computing issues. From October 2009 to February 2010 (5 months) Computer Consultant @ • Acquired technical knowledge by solving complications on various operating systems, different software issues, and hardware problems • Improved communication skills by providing assistance by e-mail, phone, and in person • Provided network wiring to previously unwired rooms From May 2007 to September 2008 (1 year 5 months)

B.S., Security Informatics @ Indiana University Bloomington From 2007 to 2011 Valparaiso High School From 2003 to 2007 Andrew Leeth is skilled in: Information Security, Application Security, Penetration Testing, Threat & Vulnerability Management, Secure Software Development Life Cycle (SSDLC), Network Security, Security, Cloud Computing, Mobile Security, Computer Security, Cloud Security, Web Application Security, Risk Management, Third Party Vendor Management, Amazon Web Services (AWS)