Kapil Assudani

Education: Green Fields School



MS

Computer Networking

University of Missouri-Kansas City

Experience: 2017 : Present

Edwards Lifesciences

SVP and Chief Information Security Officer

At Kaiser Permanente, our mission is to protect privacy and security of our 12 million plus members while ensuring patient safety by protecting and enabling availability and integrity of our 600 plus hospitals and thousands of connected iot/medical devices while creating opportunities for the company to innovate. Inspired with this mission, Kapil Assudani reporting to the CISO, leads multiple security organizations inspiring and mentoring 35 rockstar security professionals, who work smart and hard everyday to tie into and enable Kaiser Permanente's noble mission.

In his current role, Kapil is the national head for multiple cyber security functions at Kaiser Permanente that include :

Cyber Architecture & Solutions

Cyber Penetration Testing & Red Team

Enterprise Patch & Vulnerability Management

Cyber Security Planning & Execution

Cyber Security Lifecycle Management

Kapil is responsible for the secure design of key high-risk IT initiatives from ideation to implementation, and the plan and build functions to improve existing and establish new enterprise security capabilities to support Kaiser Permanente’s overall Privacy & Security program. In addition, he is responsible for managing enterprise governance functions and leads the development of security architecture standards.

2015 : 2017

Kaiser Permanente

Director - Cyber Security Strategy and Advisory

Kapil Assudani joined Kaiser Permanente to set up and head the Cyber Security Architecture practice. In less than a year, Kapil designed and established a fully operational program that includes a business aligned vision, processes, methodologies and tools. Kapil’s current responsibilities include secure design of key high risk IT initiatives from ideation to inception. Directs plan and build functions to improve existing or establish new enterprise security capabilities to support overall Privacy & Security program. Manages enterprise governance functions and leads development of security architecture standards.

Kapil leads three key functional services at KP that help securely enable the business :

Service Security Architecture : Develop and design enterprise class cyber security capabilities

Program Security Architecture : Help IT projects design securely from ideation to implementation

Enterprise Security Architecture : Build & operationalize enterprise security architecture standards

Some recent initiatives involve design of sec-dev-ops program, IaaS and PaaS security for private cloud, strategy & architecture of securing million+ medical devices, Datacenter Segmentation etc

2014 : 2015

Kaiser Permanente

Senior Manager - Cyber Security Architecture

• Responsible for selling and expanding the Technical Security Services program ($30 Million Portfolio) at HCSC, to build and execute business aligned enterprise class security capabilities that are offered as services.

• Formulate business development methodologies that creatively identify opportunities for security investments that directly alleviate business process pain points by improving compliance, increasing operational efficiency, and realizing cost savings & enabling business both for its current and emerging business use cases.

• Mentor a team of security architects and engineers in development, build and implementation phases of product security architectures for enterprise class technical security services.

• Responsible for continuous end-to-end process improvement activities associated with technical security service lifecycles.

• Design custom and business focused, technology and business security threat modeling methodologies that help build secure technical security solutions

• Lead development of security service strategies based on emerging business, technical & security landscape.

• Currently leading and responsible for execution of an active $13 Million enterprise technical security services portfolio for following security services :

1. Enterprise Encryption Service ( PKI, PSD Encryption, Data-at-Rest Encryption )

2. Enterprise Authentication Service (Web/Web Services/Federation Auth & Az )

3. Enterprise Security Event Management Service

4. Enterprise Technology Hardening Service

2012 : 2014

HCSC

Senior Manager - Enterprise Technical Security Service Strategy & Architecture Program

Application Security Architecture : Building technical security requirements, evaluating and designing Web Security Architectures comprehensively across tiers and layers including application code security, application environment layer security, operating system layer security and network layer security, expert knowledge in Secure software and system development life cycle.

Infrastructure and Network Security Architecture : Expertise in consulting for Enterprise Infrastructure Security delivering evaluation, design and secure deployment services based on current information security standards and frameworks.

Consulting : Manage,lead and independently execute multiple web application/network penetration testing engagements, perform threat modeling, web security architecture reviews for Fortune 500 Clients.

Security Risk Management : Information Security Risk Management strategist involved in building and continuously updating Enterprise Security Strategy, writing technical position statements for C-level executives to assist them in making informed business decisions for enterprise level technical security products.

Business Skills : Experience scoping, budgeting, engagement close-outs for network/web application penetration testing engagements, security architecture reviews, threat modeling etc. Communicating and presenting technical findings to Business and C-Level Executives

2007 : 2011

HCSC

Master Security Risk Management Consulting

Company: Edwards Lifesciences

Years of Experience: 21