John D. Swanson

Background

About

Experienced security and risk leader with 14 years of experience from startup to enterprise. Helped defend the world's largest software development platform and ecosystem through security team leadership, corporate crisis management, product security strategy, incident response and threat detection, risk assessment, and threat intelligence. Demonstrated success building and scaling an empathetic, human-first security program that empowered and secured a remote-first, web scale organization.

Work Experience

Director, Security Strategy,
Jul, 2021 - Present
Serving as a strategic advisor to the CSO/SVP of Engineering and providing accountable planning and leadership for critical company-wide initiatives.
- Led GitHub's global preparation for and response to the war in Ukraine, ensuring the safety of employees, readying the business to respond to revenue implications and trade compliance obligations, and coordinating public policy and internal/external communications.
- Developed and initiated a multi-year plan to bring 2FA to millions of developers using GitHub.com.
- Conceptualized and initiated a variety of strategic risk reduction programs in response to a major security incident including traditional security control improvements and product security improvements.
- Mentored and advised senior and developing technical and people leaders across the company.
Director, GitHub Corporate Information Security,
Jan, 2021 - Jul, 20216 months
Growing and maturing a compliant corporate security, incident response, threat detection, and threat intelligence team at web scale.
- Planned and executed a significant reorganization of detection, response, intelligence, and corporate security functions including the establishment of a Product Security Incident Response Team (PSIRT).
- Provided interim leadership support for GitHub Security and assisted GitHub's search for and onboarding of a permanent security executive.
- Coordinated response to and communications for a security incident resulting in the termination of all active user sessions on GitHub.com.
- Represented GitHub before US Federal Regulators.
Senior Manager, Security Incident Response Team (SIRT),
Apr, 2020 - Jan, 20219 months
Building and leading a compliant incident response, threat detection, and threat intelligence team at web scale.
- Scaled GitHub's incident response and threat detection team by a factor of four.
- Coordinated significant web scale incident response including cross-company events with Microsoft.
- Planned and executed a seamless organization-wide deployment of FIDO/WebAuthn MFA.
Manager, Security Incident Response Team (SIRT),
Mar, 2018 - Apr, 20202 years 1 month
Building and leading a compliant incident response, threat detection, and threat intelligence team at web scale.
- Developed a sustainable, SOC2 and FedRAMP-Tailored compliant detection and response program.
- Led detection and response related functions through a significant period of company growth and acquisition.
- Provided company-wide coordination for large scale security incidents including executive communications and risk assessment.
Incident Response Analyst,
Aug, 2016 - Mar, 20181 year 6 months
Incident response, threat detection, and threat intelligence at web scale.
- Coordinated large-scale platform abuse and security incident response activity.
- Managed a multi-million dollar logging infrastructure overhaul to support detection and site operations.
- Developed a sustainable incident post-mortem analysis framework.
Information Security Architect,
Dec, 2015 - Aug, 20168 months
Principal information security SME and leader; responsible for the design, operation, and/or oversight of all information security systems.
- Provided planning and guidance for all information security initiatives.
- Researched TTPs and designed effective countermeasures in partnership with operational staff.
- Incident response leader and advisor.
- Risk assessment, vulnerability analysis, SIEM.
Network Security Engineer,
May, 2012 - Dec, 20153 years 7 months
Served as the primary network security administrator and information security professional; responsible for the design, operation, and review of critical network and security systems.
- Primary responsibility for most information security functions.
- Second level incident responder and incident response leader.
- Risk assessment, vulnerability analysis, SIEM.
- Successfully led implementation of a complete network and security overhaul over two fiscal years.
Network Engineer,
Aug, 2011 - May, 20129 months
Responsible for the design and operation of critical network and security systems.
- Focus on enterprise firewalls, SIEM, and network monitoring.
- Led design efforts for a complete network and security overhaul featuring NGFWs.
IT Support Associate,
Aug, 2008 - Aug, 20113 years
Served as desktop security coordinator and primary incident responder.
- Responded to and remediated 200+ security incidents.
- Led efforts to overhaul endpoint security posture to include: anti-virus replacement, implementation of third-party patch management, and the introduction of limited privilege computing.

Skills

Security Leadership
Hiring

Professional Development and Mentoring

Security-positive Culture

Program and Process Development

Compliance
Strategy, Planning, and Advising
Security Strategy and Planning

Product Security Strategy and Planning

Senior Leader and Executive Advising

Business Risk Assessment
Corporate Crisis Management
Company-wide Crisis Coordination

Internal and External Communications

Executive Advising and Briefing

Sanctions and Trade Compliance

Global Business Risk

Regulatory Experience

Physical Safety
Incident Response
Incident Coordination

External Communications

Coordinated Vulnerability and Incident Disclosure

Terms of Service and Privacy Policy

Experience with Law Enforcement and Litigation

Executive Briefings
Threat Detection
Sustainable Alerting

Detection Enrichment

MITRE ATT&CK

Distributed Alerting

Metrics
Threat Intelligence
Actor Tracking and Profiling

Intelligence Sharing

External Collaboration

Education

Information Assurance, MSIT, University of Maryland University College
Jan, 2010 - Jan, 2011
NSA/DHS National Center for Academic Excellence in Information Assurance and Cyber Defense Education
Political Science, BA, Salisbury University
Jan, 2004 - Jan, 2009

Publications

On Risk, Incident Response, and Coronavirus , Self-Published
Published on: Mar 08, 2020
Thoughts on risk management and incident response through the lens of preparing for COVID-19.
Git ransom campaign incident report—Atlassian Bitbucket, GitHub, GitLab , Co-authored - GitHub Blog
Published on: May 14, 2019
Coordinated public incident report regarding git ecosystem abuse.
"Data centers don’t need backdoors, at least not the digital kind" , Michael Kassner - DatacenterDynamics
Published on: Mar 02, 2016
Provided quotes for an article on Fall 2015 Juniper backdoor incident.
"Why SMBs should build a threat intelligence program -- no tech investment required" , Michael Kassner - TechRepublic
Published on: Feb 10, 2016
Provided quotes and context based on a previous blog post.