Kapil Assudani
Education:
Green Fields School
MS
Computer Networking
University of Missouri-Kansas City
Experience:
2017 : Present
Edwards Lifesciences
SVP and Chief Information Security Officer
At Kaiser Permanente, our mission is to protect privacy and security of our 12 million plus members while ensuring patient safety by protecting and enabling availability and integrity of our 600 plus hospitals and thousands of connected iot/medical devices while creating opportunities for the company to innovate. Inspired with this mission, Kapil Assudani reporting to the CISO, leads multiple security organizations inspiring and mentoring 35 rockstar security professionals, who work smart and hard everyday to tie into and enable Kaiser Permanente's noble mission.
In his current role, Kapil is the national head for multiple cyber security functions at Kaiser Permanente that include :
Cyber Architecture & Solutions
Cyber Penetration Testing & Red Team
Enterprise Patch & Vulnerability Management
Cyber Security Planning & Execution
Cyber Security Lifecycle Management
Kapil is responsible for the secure design of key high-risk IT initiatives from ideation to implementation, and the plan and build functions to improve existing and establish new enterprise security capabilities to support Kaiser Permanente’s overall Privacy & Security program. In addition, he is responsible for managing enterprise governance functions and leads the development of security architecture standards.
2015 : 2017
Kaiser Permanente
Director - Cyber Security Strategy and Advisory
Kapil Assudani joined Kaiser Permanente to set up and head the Cyber Security Architecture practice. In less than a year, Kapil designed and established a fully operational program that includes a business aligned vision, processes, methodologies and tools. Kapil’s current responsibilities include secure design of key high risk IT initiatives from ideation to inception. Directs plan and build functions to improve existing or establish new enterprise security capabilities to support overall Privacy & Security program. Manages enterprise governance functions and leads development of security architecture standards.
Kapil leads three key functional services at KP that help securely enable the business :
Service Security Architecture : Develop and design enterprise class cyber security capabilities
Program Security Architecture : Help IT projects design securely from ideation to implementation
Enterprise Security Architecture : Build & operationalize enterprise security architecture standards
Some recent initiatives involve design of sec-dev-ops program, IaaS and PaaS security for private cloud, strategy & architecture of securing million+ medical devices, Datacenter Segmentation etc
2014 : 2015
Kaiser Permanente
Senior Manager - Cyber Security Architecture
• Responsible for selling and expanding the Technical Security Services program ($30 Million Portfolio) at HCSC, to build and execute business aligned enterprise class security capabilities that are offered as services.
• Formulate business development methodologies that creatively identify opportunities for security investments that directly alleviate business process pain points by improving compliance, increasing operational efficiency, and realizing cost savings & enabling business both for its current and emerging business use cases.
• Mentor a team of security architects and engineers in development, build and implementation phases of product security architectures for enterprise class technical security services.
• Responsible for continuous end-to-end process improvement activities associated with technical security service lifecycles.
• Design custom and business focused, technology and business security threat modeling methodologies that help build secure technical security solutions
• Lead development of security service strategies based on emerging business, technical & security landscape.
• Currently leading and responsible for execution of an active $13 Million enterprise technical security services portfolio for following security services :
1. Enterprise Encryption Service ( PKI, PSD Encryption, Data-at-Rest Encryption )
2. Enterprise Authentication Service (Web/Web Services/Federation Auth & Az )
3. Enterprise Security Event Management Service
4. Enterprise Technology Hardening Service
2012 : 2014
HCSC
Senior Manager - Enterprise Technical Security Service Strategy & Architecture Program
Application Security Architecture : Building technical security requirements, evaluating and designing Web Security Architectures comprehensively across tiers and layers including application code security, application environment layer security, operating system layer security and network layer security, expert knowledge in Secure software and system development life cycle.
Infrastructure and Network Security Architecture : Expertise in consulting for Enterprise Infrastructure Security delivering evaluation, design and secure deployment services based on current information security standards and frameworks.
Consulting : Manage,lead and independently execute multiple web application/network penetration testing engagements, perform threat modeling, web security architecture reviews for Fortune 500 Clients.
Security Risk Management : Information Security Risk Management strategist involved in building and continuously updating Enterprise Security Strategy, writing technical position statements for C-level executives to assist them in making informed business decisions for enterprise level technical security products.
Business Skills : Experience scoping, budgeting, engagement close-outs for network/web application penetration testing engagements, security architecture reviews, threat modeling etc. Communicating and presenting technical findings to Business and C-Level Executives
2007 : 2011
HCSC
Master Security Risk Management Consulting
Company: Edwards Lifesciences
Years of Experience: 21
Based on the diverse experience, Kapil believes like any organization in an enterprise, a security organization needs to be thought of and run like business that thrives on collaboration and consensus driven approach. The quest is always to be able to describe the value proposition of a successful cyber security organization in following ways :
• Drives operational efficiency in business & IT operations.
• Innovates in security to create new lines of business for the enterprise
• Ensures compliance & reduces cost of compliance
• Increases the security posture while enabling business
• Ensures enhanced customer experience
• Drives cost savings or contribute directly to profit margins of business
• Articulates demand management for security organization in the enterprise
• Creates opportunities to do business in ways that establish market differentiation
Specialties:
Security Strategy & Architecture, Security Risk Management & Governance,Presenting to Board of Directors,Application & Infrastructure Security Architecture and Threat Modeling
Penetration Testing,Incidence Response, System/Software Security Development Lifecycle, Security Program Development/Management,