John D. Swanson

John D. Swanson

Security Leader




Experienced security and risk leader with 14 years of experience from startup to enterprise. Helped defend the world's largest software development platform and ecosystem through security team leadership, corporate crisis management, product security strategy, incident response and threat detection, risk assessment, and threat intelligence. Demonstrated success building and scaling an empathetic, human-first security program that empowered and secured a remote-first, web scale organization.

Work Experience

Work Experience

  • Director, Security Strategy

    Jul, 2021 - Present

    Serving as a strategic advisor to the CSO/SVP of Engineering and providing accountable planning and leadership for critical company-wide initiatives.

    • Led GitHub's global preparation for and response to the war in Ukraine, ensuring the safety of employees, readying the business to respond to revenue implications and trade compliance obligations, and coordinating public policy and internal/external communications.

    • Developed and initiated a multi-year plan to bring 2FA to millions of developers using GitHub.com.

    • Conceptualized and initiated a variety of strategic risk reduction programs in response to a major security incident including traditional security control improvements and product security improvements.

    • Mentored and advised senior and developing technical and people leaders across the company.

  • Director, GitHub Corporate Information Security

    Jan, 2021 - Jul, 20216 months

    Growing and maturing a compliant corporate security, incident response, threat detection, and threat intelligence team at web scale.

    • Planned and executed a significant reorganization of detection, response, intelligence, and corporate security functions including the establishment of a Product Security Incident Response Team (PSIRT).

    • Provided interim leadership support for GitHub Security and assisted GitHub's search for and onboarding of a permanent security executive.

    • Coordinated response to and communications for a security incident resulting in the termination of all active user sessions on GitHub.com.

    • Represented GitHub before US Federal Regulators.

  • Senior Manager, Security Incident Response Team (SIRT)

    Apr, 2020 - Jan, 20219 months

    Building and leading a compliant incident response, threat detection, and threat intelligence team at web scale.

    • Scaled GitHub's incident response and threat detection team by a factor of four.

    • Coordinated significant web scale incident response including cross-company events with Microsoft.

    • Planned and executed a seamless organization-wide deployment of FIDO/WebAuthn MFA.

  • Manager, Security Incident Response Team (SIRT)

    Mar, 2018 - Apr, 20202 years 1 month

    Building and leading a compliant incident response, threat detection, and threat intelligence team at web scale.

    • Developed a sustainable, SOC2 and FedRAMP-Tailored compliant detection and response program.

    • Led detection and response related functions through a significant period of company growth and acquisition.

    • Provided company-wide coordination for large scale security incidents including executive communications and risk assessment.

  • Incident Response Analyst

    Aug, 2016 - Mar, 20181 year 6 months

    Incident response, threat detection, and threat intelligence at web scale.

    • Coordinated large-scale platform abuse and security incident response activity.

    • Managed a multi-million dollar logging infrastructure overhaul to support detection and site operations.

    • Developed a sustainable incident post-mortem analysis framework.

  • Information Security Architect

    Dec, 2015 - Aug, 20168 months

    Principal information security SME and leader; responsible for the design, operation, and/or oversight of all information security systems.

    • Provided planning and guidance for all information security initiatives.

    • Researched TTPs and designed effective countermeasures in partnership with operational staff.

    • Incident response leader and advisor.

    • Risk assessment, vulnerability analysis, SIEM.

  • Network Security Engineer

    May, 2012 - Dec, 20153 years 7 months

    Served as the primary network security administrator and information security professional; responsible for the design, operation, and review of critical network and security systems.

    • Primary responsibility for most information security functions.

    • Second level incident responder and incident response leader.

    • Risk assessment, vulnerability analysis, SIEM.

    • Successfully led implementation of a complete network and security overhaul over two fiscal years.

  • Network Engineer

    Aug, 2011 - May, 20129 months

    Responsible for the design and operation of critical network and security systems.

    • Focus on enterprise firewalls, SIEM, and network monitoring.

    • Led design efforts for a complete network and security overhaul featuring NGFWs.

  • IT Support Associate

    Aug, 2008 - Aug, 20113 years

    Served as desktop security coordinator and primary incident responder.

    • Responded to and remediated 200+ security incidents.

    • Led efforts to overhaul endpoint security posture to include: anti-virus replacement, implementation of third-party patch management, and the introduction of limited privilege computing.



  • Security Leadership


    Professional Development and Mentoring

    Security-positive Culture

    Program and Process Development


  • Strategy, Planning, and Advising

    Security Strategy and Planning

    Product Security Strategy and Planning

    Senior Leader and Executive Advising

    Business Risk Assessment

  • Corporate Crisis Management

    Company-wide Crisis Coordination

    Internal and External Communications

    Executive Advising and Briefing

    Sanctions and Trade Compliance

    Global Business Risk

    Regulatory Experience

    Physical Safety

  • Incident Response

    Incident Coordination

    External Communications

    Coordinated Vulnerability and Incident Disclosure

    Terms of Service and Privacy Policy

    Experience with Law Enforcement and Litigation

    Executive Briefings

  • Threat Detection

    Sustainable Alerting

    Detection Enrichment


    Distributed Alerting


  • Threat Intelligence

    Actor Tracking and Profiling

    Intelligence Sharing

    External Collaboration



  • Information Assurance, MSIT, University of Maryland University College

    Jan, 2010 - Jan, 2011

    NSA/DHS National Center for Academic Excellence in Information Assurance and Cyber Defense Education

  • Political Science, BA, Salisbury University

    Jan, 2004 - Jan, 2009