Leo advises organizations to achieve their strategic objectives by developing solutions that optimize cybersecurity and IT performance. He specializes in solving complex challenges in dynamic environments and has expertise in cybersecurity strategy, M&A advisory, and product security.
With over ten years of experience, Leo has served enterprises across multiple sectors including financial services and life sciences. He partners with senior executives to design, build, and transform their security programs into world-class organizations based on leading cyber practices. His experience leading high-performing teams has produced innovative, value-driven solutions that reduce enterprise cyber risk exposure.
Key Engagements:
- Transformed a $7B insurance brokerage’s M&A cyber program by designing an assessment framework that measured the critical security and IT risks affecting a target’s valuation. Led security due diligence reviews focused on identifying pre-close cyber risk mitigation activities, IT cost optimization opportunities, and key IT integration considerations.
- For a $2.4B manufacturing organization, developed a five-year security program roadmap that demonstrated a unified approach to address risks in identity management, incident response, and vulnerability management based on a global security assessment across ten business units.
- Modernized a $13B consumer finance company’s software supply chain program by defining a cross-functional governance team that managed the legal and operational risks, architecting scalable software security testing solutions adopted by 500 developers, and evangelizing the new program capabilities through targeted stakeholder training.
- Implemented a NIST‒aligned security assessment process across a portfolio of 600 applications that optimized program investments by 50% and achieved regulatory reporting standards at a $34B financial services institution.
- Served as an advisor to Fortune 100 medical device manufacturers on leading product security practices by delivering secure architecture reviews and cloud security assessments that identified opportunities to evolve their capabilities in alignment with regulatory standards.