Sixto Bernal
CISM, CRISC, CISA, CISSP, CIPP/US, ITIL/v3, Net+, Sec+
650-***-**** ******@*********.*** Menlo Park, CA
CyberSecurity Leader
The Cybersecurity Program must be a market differentiator –every aspect of it must result in increased customer value and ease of acquiring new customers.
New Business Development
Skilled at building partnerships with new customers and consistently meeting the needs of existing clients.
Design and build CyberSecurity Programs that provide added value for customers and attract prospects.
Strategic Planning and Execution
An innovative and entrepreneurial executive who demonstrates vision to spearhead and create strategies that support business growth.
Conceive and implement strategic cybersecurity initiatives that enable sales.
Enterprise customers expect more than a Program that simply meets cybersecurity standards - they demand a robust, comprehensive, mature Program.
Key Accounts
Effective leader, communicator and negotiator with talent for handling problem accounts and promoting new business.
Adept at building a strong bond with each prospect and customer – from RFP to close and beyond – through consultative, solution based approach.
Customer Focused
Pioneered integrating CyberSecurity into the Sales cycle resulting in faster deal closes and lower acquisition costs.
Streamlined audit/RFP/questionnaire processes through modern systems based solutions.
Thought Leader
Great success in implementing programs that incorporate modern/progressive principles from cybersecurity, Privacy, and Compliance that have resonated with customers.
Continuous learner keeps abreast of current technologies and strategies
Thorough understanding of the current threat and attack landscape, latest security trends and principles
Industry Veteran
Since 1977, working at the top names in Silicon Valley technology firms in positions from Operations to IT, Audit & Compliance, Security, and Privacy
Diverse domain expertise such as e-commerce, financial, wireless, and healthcare, security implementations and techniques
Professional Experience
Socrates, AI - CSO & CIO July 2017 – May 2019
Implemented automation with reductions in cost from manual operations, consolidated network devices, servers, and establish consistent hardware/software to provide 99% availability and cost savings, implemented monitoring/reporting/alerting of resources, services, and uptime, implemented ISO 27001 Policy set.
Marketo - Director, InfoSec May 2016 – July 2017
Modernized SecOps and ITSec departments, Revamped cybersecurity compliance program, rebuilt HIPAA compliance, instituted ISO 27001 Policy set, instituted modern infrastructure access controls, partnered with Legal to create GDPR Program, implemented Corp SIEM, established cybersecurity awareness training, created monthly Risk Assessment, created Vendor management program, served as the focal point for cybersecurity incident response planning and execution, implemented Ombud knowledge database, created Disaster Recovery Legal playbook.
GoodData - VP- CISO & Privacy Sep 2015 – May 2016
Implemented Integrated Compliance Framework based on ISO 27001, Chaired the HIPAA Implementation team, first SOC 2/T2 report, authored Right to Audit clause playbook for Legal’ s negotiations, co-authored cybersecurity Schedule D for customer contracts.
Anaplan - Director Security & Privacy Sep 2014 – Sep 2015
Implemented ISO 27001 based policy set, built an Integrated Compliance application and SOC 2 program, first SOC 2 audit accomplished in under six months, established Privacy program, created monthly Risk Assessment reports, instituted cybersecurity Awareness and Engineer specific cybersecurity training, created cybersecurity playbook for Legal’s sales negotiations, led all large prospect cybersecurity discussions, developed cybersecurity = $ales program, implemented Ombud knowledge database.
SuccessFactors - Director Security & Privacy Nov 2009 – Sep 2014
Built the Cybersecurity, Privacy, and Compliance programs and successfully completed multiple SOX, SOC1 and SOC2 audits. Fixed a broken IT SOX process, normalized relations between CorpIT and Finance, established Continuous Audit process, designed the EU Data Protection program, developed Subcontractor Compliance Program, instituted Departmental Risk assessments, formalized IS & DP training, made Compliance part of the SFSF vocabulary. Cultivated and maintained excellent working relationships with HR, Legal, Eng, CorpIT, and Finance.
After the SAP acquisition was focused on European very large customer relations with the Office of the CEO.