Hands on security, distributed architecture, and agile focused leader with a diverse portfolio of experience including system engineering, microservices, application development, infrastructure and security intelligence. Scale and security is my thing. I am highly motivated and passionate about building teams, culture and systems that can handle massive amounts of traffic and data. I am drawn to security, self-healing infrastructure, automation, distributed and hardened architecture. By night, I enjoy learning about modern and bleeding edge technologies, rockets, space, robots, threat & counter intelligence, artificial intelligence and reverse engineering. On my weekends I also enjoy extreme outdoor activities - I like going to my edge.

Principal Security Architect, Office of the CTO @ Our mission is to connect the world's applications, data and devices. We're building an extraordinary company with a team of bright, collaborative people who want to make a big impact. $500B is spent each year connecting applications, data and devices, and the problem is growing dramatically with the explosion of SaaS applications and devices. To pursue this massive opportunity we have raised over millions in capital from top tier venture capital firms as well as strategic investments from Salesforce, SAP and Cisco. We're "productizing"​ integration -- making it as easy to connect systems and companies as it is to connect with friends on Facebook. Our growth continues to accelerate as companies move to the cloud and away from legacy technologies. Our greatest challenge is hiring superstars who can thrive in a dynamic, high growth, demanding environment. We are hiring across the company and are looking for brilliant "best athlete" candidates with proven track records of success. If you or someone you know is looking for an exciting, fast-paced company, which is transforming the industry, please contact us. From September 2015 to Present (4 months) VP, Security & Architecture @ Executive strategic ownership and internal consultant for all global architecture initiatives around systems, security and infrastructure. Part of Nitro's "Skunk Works" advance development and technology team. Key initiatives include: • Security evangelism & Compliance. • Building the next generation SDDC/SDN infrastructure. • Microservices Architecture. • Building a distributed Smart Document Platform. • Designing a Message Bus & Service Oriented Architecture. • Machine Learning & Data Mining. • Building a security counter intelligence and monitoring platform. • Pushing the limits of Continuous Integration and Delivery. From October 2014 to September 2015 (1 year) Director, Infrastructure & Security @ Strategic and operational ownership of four departments - DevOps/TechOps, Security, Infrastructure, and IT. Heavy focus on security, scaling our infrastructure and applications for growing customer and internal demand. Key initiatives include: • Architecting full stack datacenters and operational platforms for our applications. • Engineering R&D. • Security & Compliance. • Building multi-office global networks. • Architecting our self-healing infrastructure, security correlation and monitoring platforms. • Continue to hire and scale my rapid growing team. • Keeping 99.99% uptime and operational excellence. From August 2013 to October 2014 (1 year 3 months) Sr. Systems & Security Architect @ I was the 3rd engineer hired in a start-up team building a product from scratch for a document processing, collaboration, and e-signature product in the cloud. Key initiatives included: • Designed a scalable SaaS application infrastructure, primary focus was on heavy I/O, compute, memory and network utilization. • Built new colocation-based private cloud platform to house high-performance SaaS application and internal business systems. • Help design and architect the APIs for all back-end systems. • Architected and implemented self-healing and elastic infrastructure for the monitoring, production and internal environments. • Architected a correlation network for all security events. • Incorporated analytical intelligence into all infrastructure and system scaling decisions. • Designed new office inter-connectivity network. • Designed continuous integration, deployment, and release strategies. • Maintained all production systems - corporate and production. • Launched two products - Nitro Pro 9 desktop client and website (http://www.nitropdf.com) & Nitro Cloud (https://www.nitrocloud.com). • Successfully migrated and rebuilt free conversion sites to use compute in datacenter for Nitro Cloud. • Implemented "security first" platform and initiatives at Nitro. From May 2012 to August 2013 (1 year 4 months) San Francisco Bay AreaLead Systems Engineer & Architect @ • Redesigned the network and system architecture focusing on security, optimization and scalability. • Designed and implemented VMware ESXi that hosts production servers for internal IT, external systems and vendor access. • Designed and Implemented VDI that hosts internal and external workstations. • Designed the DR architecture and environment while implementing EMC RecoverPoint and VMware SRM. • Developed and led implementation of security policies, guidelines, and standards. • Implemented controls including IPS, file encryption, secure file transfer, log monitoring, web filtering and dynamic access controls. • Designed and implemented new core network architecture. • Maintain all Window, Linux and networking servers/devices. • Designed the web and DMZ architecture for in-house hosting. • Designed and performed migration of all data on CLARiiON CX3-10c to CLARiiON CX4-240 SAN while maintaining a zero downtime. • Designed and implemented storage fiber backbone for ESXi hosts. • Deployed Exchange 2010 cohabitation with Exchange 2003 and Office Communication Server 2007R2. • Automating countless tasks • Designed and developed a custom application for the businesses needs to use secure file transfer (SFTP) to over 200 external credit union clients. • Performed vulnerability assessments. • Designed and implemented OCS 2007 R2 company-wide then migrated to Lync 2010 with full Edge implementation. • Full office and datacenter move. From November 2010 to May 2012 (1 year 7 months) Sr. Operational Risk Consultant @ • Responsible for developing, implementing and monitoring risk-based programs to identify assess and mitigate any operational risk that arises from inadequate or failed internal processes. • Worked with the business units and provided operational risk expertise and consulting for projects and initiatives with high risk, generally spanning multiple business lines. • Designed and developed complex testing strategies, methodologies and analyses; evaluated the adequacy and effectiveness of policies, procedures, processes, systems and internal controls. • Reported findings and developed business cases to influence executive management and head of business on the need for controls to mitigate risk. From March 2010 to November 2010 (9 months) Sr. Security & Systems Consultant @ • Recommending preventive, mitigating, and compensating controls to ensure the appropriate level of protection and adherence to the goals of the overall information security strategy. • Developed and implemented access-controls, separation of duties, and roles. Conducted technical risk evaluation of hardware, software, installed systems and networks. • Audited architecture to ensure protection strategies are properly implemented and working as intended. • Performed forensic and packet analysis when security events are escalated. • Led risk analysis (through the identification, exploitation, and quantification of vulnerabilities and threats) by providing specific recommendations for improving security, and identifying opportunities for adopting best security practices. • Implemented countless automation tasks. • Maintaining and securing over 150 high-end servers while implementing alerting and automation of security tasks. From March 2009 to March 2010 (1 year 1 month) Sr. Security Engineer @ • Responsible for PCI and SOX compliance and remediation - performed risk assessment by providing specific recommendations for improving security. • Primary contact with PCI and SOX auditors. • Interpreted the implementation of IT controls and pragmatically produce relevant evidence of compliance. • Developed and maintained the enterprise control framework to simplify the existing control structure, leverage existing control activities across compliance efforts, and reduce compliance costs for the business. • Implemented and maintained enterprise security tools: RSA enVision, Tripwire, Sun Role Manager, enCase, RSA SecurID and NetIQ. • Performed forensic during security breaches and or malicious events for internal and external devices and systems. From September 2008 to March 2009 (7 months) Sr. Security Specialist @ • Performed network/system and data security audits (Black Hat) for over 30 high-end ecommerce customers. • Reviewed and designed customer networks for performance and security. • Responsible for PCI and SOX compliance for many ecommerce customers. • Led risk analysis through the identification and exploitation of vulnerabilities and threats. • Provided specific and complex recommendations for improving security. • Performed packet analysis and forensic review. • Performed source code audits. From April 2006 to September 2008 (2 years 6 months) Information Security Consultant @ • Audited banks and credit unions across the United States that ranged from 100 million to 3.5 billion dollars in assets. • As part of the “ethical hacker” group (Black Hat), found system vulnerabilities and made formal recommendations for improved security. • Performed internal penetration testing (policies, system services and patch management, access controls, remote access, network design and more), external penetration testing, ecommerce (loan and lending applications) and social engineering. • Perform PCI and SOX compliance to ensure NCUA regulations. • Performed high level presentations to CEO, CTO, CFO and board of directors on findings while providing a remediation plan. • Traveled 95% of the time. From September 2005 to April 2006 (8 months) Network & Systems Administrator @ • Responsible for the domain and managed over 150 Windows 2000/2003 and and 50 Linux servers. • Redesigned the Active Directory structure for automation and security with GPO’s. • Implemented a security best practice workflow for all Window servers and user desktops. • Provided custom scripts and tools to automate business workflow for daily, weekly and monthly tasks. • Implemented and maintained Akonix Secure Gateway and Enforcer to secure all Instant Messaging traffic • Implemented and maintained McAfee for a centralized antivirus solution with ePolicy Orchestrator. • Maintained, secured and expanded the core network (Cisco and Foundry) devices. • Developed and managed the company custom IT intranet. From September 2004 to September 2005 (1 year 1 month)

Master of Science (MS) @ Stanford UniversityBachelor of Science (BS) @ University of California, Berkeley Tim Piastrelli is skilled in: Virtualization, Security, System Architecture, Cloud Computing, VMware, Intrusion Detection, Information Security, Network Architecture, Enterprise Software, Data Center, SaaS, Play Framework, Leadership, Computer Forensics, Security Architecture Design