Page * S h a y H a s s i d i m

Shay Hassidim

Personal Information - Phone: 917-***-**** (cell), Email: adtota@r.postjobfree.com. US Citizen. Professional Summary

I have over 25 years of experience in Thought Leadership, Software Development, Enterprise IT and Information Security, currently acting as a CTO & CISO for Sema4, a high-profile healthcare intelligence public company. With Sema4 that was initially a Mount Sinai Genomics department with $100M annual revenue (in 2017), I have built hybrid, on-prem and multi-cloud infrastructure, centered around AWS with a security architecture serving an advanced health-intelligence personalized patient-centric platform with complex clinical and research lab operation serving the largest healthcare systems and biopharmaceutical organizations in the world. The company became public for $2.5B valuation in mid-2021. Prior Sema4 I’ve been with GigaSpaces where I have created one of the first cloud data management and cloud automation products taking the company from a small startup to $100M valuation with hundreds of customers, millions of deployments world-wide in almost every vertical. Prior Sema4 there I been leading multiple Big data, Data Mining, HPC, Grid Computing, DevOps, NetOps, Cloud Computing, Automation, Machine Learning, Data Analytics for On-Prem, Cloud and SasS projects and products from the Formation, Design, Development, Sales, Consulting & Implementation across FiS, Telco, E-commerce, Gaming, Media, Homeland Security & Defense, Logistics & Healthcare verticals. This activity was mostly around creation, digital transformation, modernization, or cloud migration of highly-regulated, mission-critical environments with all cloud vendors. I’m very familiar with all cloud vendors pros & cons, especially when managing large amount of PHI/PII/PCI content and workloads across On-prem & Cloud storage and compute services.

My recent experience in the last 5 years been around healthcare/machine learning/lab informatics/bio-informatics/genomics/pharma/clinical related, brown/green field systems workloads. To support company complex operation and the PCI/SOX/HIPAA/HITRUST compliance requirements - I’ve constructed a unique automated surveillance system that enforce and auto-remediate any high-risk vulnerabilities identified on the cloud. These may be a result of mis-configuration, cloud vendor default changes, internal / external resources activities, 3rd party systems updates etc. Proper Cloud architecture with hyper-segmentation, isolation and dedicated Cloud environment per system / project / team is a key ingredient for a secured and scalable Cloud IT operation. I have designed and implemented an Enterprise Cloud architecture blueprint addressing challenges large healthcare organization with pharma collaboration, patient and provider healthcare intelligence platform development, personalized medicine, data-science, clinical & research Lab, finance, revenue cycle departments are facing.

I’m seeking a leadership engineering / executive role that that can utilize my background and experience. Qualifications

• Ability to effectively manage large scale IT and Security organizations in a highly regulated environment considering buy vs. build constructing business aware, future looking IT.

• Ability to effectively present ideas and solutions from both a technical and a business-value perspective depending on the situation and communicating these to senior company leadership and also to the investors, different line of business department leaders and the engineering resources.

• Ability to negotiate contracts, execute license optimization, establish SLA for external 3rd party systems

• Product management skills and experience leading a team of related co-workers and partners to develop complex solutions rapidly

• M&A and due diligence experience – been scouting for technologies and companies to acquire and partner

• Demonstrated ability to deliver results under time pressure

• Strong understanding of enterprise software solutions implementation and integration - including: needs and gap analysis, positioning, business justification, custom demonstrations and pilots

• Strong analytical skills and creative problem-solving skills with business improvement and efficiencies mindset

• I’m holding HITRUST certified CSP Practitioner Certification (2021). Professional Experience

June 2017- September 2022 – Sema4 - USA

CTO & CISO

In the last 5 years with Sema4 I have been focusing on healthcare, clinical & research systems - I have designed the infrastructure and provided security architecture for the following:

- Multiscale biotechnology - Building dynamic models of disease through multiscale biotechnology

- Patient engagement - supporting mobile health research, clinical trials, medical record integration, having patient input into the research process

- Disease mechanism and biomarker discovery - Transforming our understanding of disease processes and identifying key biomarkers through advanced network analysis

- Data science and engineering - Structuring data into smarter insights through cutting-edge data science and engineering utilizing big-data, insights, data catalog and discovery tools. I’ve implemented research collaboration platform that delivers usability, reproducibility and scalability to the data science teams. This system delivers a secured access to vast amount of data with minimal overhead while enforcing strict compliance policies. Data Stewardship and IT Policies

Been involved with establishing the Data Stewardship and Information Security Management programs together with the Compliance team. I've been involved with establishing a Comprehensive Policies and Procedures, work instructions ITSM workflows and security controls for the following:

• Administrative Safeguards Policies - Hiring Practices, Limits on Collection, Access and Retention of Protected Data, Notice and Permission Regarding Data Practices, Acceptable Use of Information Systems, Social Media Policy, Termination of Employment

• Physical Safeguards Policies - Limits on Access to Physical Premises, Limits on Access to Physical Records with Protected Data, Transfer, Transport, and Transmission of Protected Data, Disposal of Equipment and Protected Data

• Protected Health Information (Including Genetic Information) Policies - Use and Disclosure of Protected Health Information Generally, Contracting Page 2 S h a y H a s s i d i m

with Business Associates, Contracting with Covered Entities and Other Parties in Research Context

• Technical Safeguards Policies - Secure User Authentication Protocols, Control over User IDs and Other Identifiers and Access Control, Passwords management, Unsuccessful Login Attempts, Restricting Access to Protected Data, Integrity Controls, Data Encryption, Monitoring and Audit Controls, Firewalling and Patching Systems, Endpoint Malware and Virus Protection, User Education, Protected Data Destruction, Repurposing of Electronic Media and Hardware, Contingency Plan, Business continuity, Incident Response and SLA Cloud Migration and Digital Transformation

With Sema4 I have migrated more than 20 petabyte, 3 Billions objects, ~100 lab, clinical and research workloads (backend / frontend, HPC, web, rich apps) from the Mount Sinai Data center to the Cloud. The process has been completed within 24 months with a team of 10 DevOps resources - All using latest DevOps/SecOps/DataOps/GovOps tools that follow/enforce HIPAA/ISO 27K/PCI/NIST/HITRUST/CSA frameworks/standards/certifications. It is important to construct an agile, future proof, Zero-Trust oriented architecture that can innovate and cope with industry rapid changes but also face the increased cyber security threats attacking the IT – These may penetrate the organization from user endpoints and quickly via mobile code malware access backend systems storing PHI/PII/Sensitive data. An aggressive, relentless, fully automated approach required to secure the org from these remote access malicious attempts – without this it’s a slippery slope to data breach, data leakage & reputational damage. This architecture must deliver the business ability to scale & create new revenue streams. The recent pandemic illustrated how the market can change quickly demanding organizations, especially the pharma sector (GSK, Sanofi, merck, Pfizer, Novartis, etc) and healthcare organization (Mount Sinai,AdventHealth,Avera,Northshore) to respond quickly and deliver solutions / products in record-time.

I’ve constructed and executed a migration roadmap to the cloud that involves clinical and research data workloads, lab-automation, IT workflows, self- service portal driven, with security & compliance controls, non-stop education & awareness program that span 20 different departments with software developers around the world. Systems been developed in various programming languages (Java, Python, Ruby on Rails, FoxPro, R, PHP, Go, Rust,

.Net, C …), different deployment and packaging strategies (Docker, Kubernetes, AMI), with different SLA and target audience in the healthcare and pharma eco-system – These includes intensive lab operation, Covid-19 / Oncology / Woman repro testing, Sample tracking and processing, Batch oriented Bio-informatics, Covid-19 symptom tracking and test results delivery mobile app, Genomic tests Patient & Provider portal, research and data science collaboration platforms, Big data, ML, NLP, Data warehouse, Data discovery, Data mining systems and more. GRC and VRM

Implemented a methodology for 3rd party vendor evaluation utilizing GRC and VRM concepts forming a balance between build vs. buy, selecting industry leaders with few cutting-edge specialized vendors. This allows the business to be cost-effective focused on having in-house developed products/systems that bring unique value that cannot be delivered via a 3rd party. Training and Awareness

I’ve constructed Continuous phishing training simulation system program, monthly cloud developers and tech managers guidelines and education program, educating developers on all company best practices - This created center of excellence and knowhow serving all projects deployed on the cloud, Quarterly technical managers education program, Annual cybersecurity awareness program, Weekly DevOps, DataOps and SecOps training and education sessions. Main Guidelines and concepts I’ve introduced to the organization during: Platform of algorithms delivering Machine Learning as a service, Cloud first approach, Multi-Cloud native service-based Elastic workflows, Serverless and Edge computing, Multi-region deployment, Continuous compliance, Visibility and Assessment, Accountability & responsibility, Well Organized resources - Segmentation and isolation, Continuous sample, detect and respond cycle, Policy enforcement - Proactive, Reactive, Education - awareness and culture building, Prepare a crises response plan and test it frequently. Decentralized Data Governance

To improve data governance process I’ve designed a Decentralized Data Governance utilizing blockchain technology to manage data access permissions and privileges targeting collaborators from different organizations (healthcare systems, pharma, etc) that are looking to share and exchange sensitive data as part of their research operation.

Endpoint Security

Endpoint security and compliance is critical for correct office/365 deployment addressing phishing, spear phishing, vishing, whaling and other social engineering threats. These should be addressed via aggressive endpoint management (patching, upgrading), simulated phishing, remote desktop utilization

, scalable idM, VPN & MFA infra, Mobile Device Management (MDM) and Mobile Application Management (MAM). Password management tools should be widely utilized, EDR/MDR/XDR/SIEM/CASB/DLP should be deployed with proper MSSP to address Detection & Response, security incident forensic collection - Proactive, Actionable Intelligence about organization endpoints and cloud apps vulnerabilities is essential. Risk assessments, Proper education and training, Table Top, Business continuity planning, Incident Response Plan, SOPs, Work Instructions are core foundation for cost-effective cyber security program.

Enterprise Systems

I have implemented Data Analytics, ERP, HR, CRM, ITSM, BI, Billing, IVR, RCM, Legal, Marketing, Collaboration SaaS systems across the entire org. This includes complex integration, connectivity, data normalization, data aggregation, consolidation, managing workflows across vendors, customers, providers, collaborators and large pharma and health org world-wide. Corp 365 and Collaboration Tools

I have deployed 365 and collaboration tools (Zoom, BlueJeans, Teams) serving different type of users and workflows: HR, Sales, Marketing, Customer success, Revenue cycle, Pharma collaboration, Woman-health, Oncology, Production genomics, Finance, Research, clinicians, Lab operation - handling sensitive and PHI content. I’m familiar also with G. Suite. Agile Cost-effective Software Development and Deployment I’ve been involved with hundreds of applications development and deployment in the last 25 years. I’ve been running the design, CICD, SDLC phases including secured code design & automated-deployment – many of these been serverless, microservices oriented. This delivers cost-effective, agile and flexible architecture that can scale, be elastic and easy to support and maintain – This is critical today with the high employee turnover rate observed during the pandemic era.

Page 3 S h a y H a s s i d i m

Responsibilities

Infrastructure Technology:

• Define technology strategies – Establish a technology roadmap and vision to address company existing and future challenges to address market and security requirements.

• Lead partnerships – Establish relationships with major technology partners and vendors. Represent the technological agenda in staff meetings and when making hiring decisions.

• Lead technology teams in day-to-day operations - Provide key expertise, supervise the heads of departments utilizing cloud, SaaS, OSS and commercial software and hardware products, and set performance goals.

• Thought leadership - Keep abreast of new trends and best practices in the technology landscape. Take the initiative educating, socializing new technologies, build center of excellence to deliver innovation and creativity. Escort and sponsor technology implementation across the entire company software development teams.

• Conduct technical reviews – For internal in-house developed products or solutions to compare and evaluate their design, applicability, scalability, robustness, security and compliance posture.

• Budget and Spend control – Collaborate with the Finance team to develop, track and control the development of annual operating and capital budgets for purchasing, staffing and operations of systems that involves software and hardware.

• Develop and implement a consistent software and hardware architecture - Across all systems, clinical and research systems serving both internal and external users. Create overall technology standards and practices and ensure adherence. Track, analyze and monitor technology performance metrics.

• Contribute to senior management team, guiding strategic decisions and resource allocation.

• Monitor management of all cloud and SaaS vendors, hardware, software, databases and licenses, maintenance, and projections of future needs.

• Keep all systems interoperable with one another - Employ middleware solutions to bridge the gap between old and new.

• Work closely with Marketing, Customers, Business Development and Operations to define and deliver new products and enhancements. Infrastructure Security:

• Establish enterprise-wide security policies, developing data breach resiliency plans, overseeing system update communications, and managing the information security financials.

• Security operations - Evaluate the IT threat landscape, devising cyber security policy and controls to reduce risk, leading and collaborate with compliance team addressing auditing and compliance initiatives such as HIPAA, HITRUST, SOC, SOX.

• Disaster recovery - Develop cyber resiliency allowing the organization to rapidly recover from hacking, security incidents, or infringements.

• Security finance management— Determine if the data security initiatives are worth the financial investments.

• Documentation, training and awareness - Contribute to a variety of security policy domains associated with compliance, governance, risk management, incident management, HR management, and additional domains. Conduct frequent cybersecurity training and secured software development & deployment, promoting CICD and SDLC.

• Compliance - Ensure the organization is adaptable to evolving compliance regulations.

• Program onboarding - weighing business opportunities against security risks that can potentially compromise the organization’s long-term financial and business targets.

• HR management - Establish a system that reduces human error and its impact on the organization’s security posture. Main Deliverables:

• Automation & Cloud Resources lifecycle management – Establishing company-wide Infrastructure as Code CloudFormation templates library, used as part of ITSM and AWS service catalog delivering consistent configuration for all cloud-based systems and Cloud Resources lifecycle management system

- On/Off Boarding Cloud accounts, Networks, Users and Resource process – This involves constructing user portal (ServiceNow) requesting such cloud resources provisioning, with relevant approvers list, preparing cloud config to support IdM, security and compliance control, adjusting limits, disable relevant cloud regions / services, blocking bucket public access, creating relevant IAM user groups / roles / policies, enforcing MFA for any user access and more.

• Security operation - Deliver Sema4 Eye in the Sky – In-House developed Cloud based operating system, managing all core cloud user identity lifecycle workflows, monitoring and reporting endpoint vulnerabilities and compliance, policy enforcement system managing user Privileges recertification, data and network security and governance posture for all AWS cloud-based resources. continuously scanning entire cloud environment and its provisioned resources, locating mis-config, vulnerabilities, reporting and auto-remediating these. This system support hundreds of KPIs, vulnerabilities and workflows. This system includes also commands utilized by the Service Desk team to manage core cloud resources such as user identities, keys, cloud buckets, networks and compute endpoints. This delivers an abstraction, gating and isolation granting IT control and visibility into core Cloud resources. This system serving SysOps, DevOps, DataOps and Sema4 ITSM systems delivering consistent user on/off-boarding, access management and resource provisioning.

• Research infra - Deliver a secured & scalable cloud-based infrastructure for Sema4 Platform of Algorithms – A catalog of interactive analytics dashboards and Machine Learning based algorithms that provide internal and external researchers & data scientists from premier biopharmaceutical companies and healthcare-systems the ability to collaborate, share data, code and execute these within a reproducible, complaint, secured and integrated environment. This infrastructure consuming data from multiple big-data and data-warehouse systems. Among others it delivers a platform for Clinical Research Study with Sanofi, Eli Lilly and others via advanced sequencing services to assist with drug development and establishing new treatments & therapeutics for rare and neglected diseases.

• Lab-operation infra - Deliver a secured & scalable cloud-based infrastructure for Sema4 LIS and LIMS systems with advanced Data Integration (HL7 / FHIR based) connecting company LIS to hundreds of providers and tens of Illumina and Thermo-Fisher Next-Generation sequencing instruments to their bioinformatics workflows running on the Cloud. This lab operation serving advanced precision oncology care clinical products:

• Detection of hereditary cancer variants (Germline), delivered via genomic platform to inform better care decisions for individuals with and without cancer.

• Comprehensive molecular profiling (Somatic) insights to help providers identify therapies and clinical trials for their patients today and take advantage of the therapies and trials of tomorrow.

• Woman health – Expanded Carrier Screening with Personalized Residual Risk, noninvasive prenatal testing, and newborn screening supporting both providers and patients

Page 4 S h a y H a s s i d i m

• Covid-19 testing – Designed for governmental organizations, K-12 schools, higher education institutions, large businesses, and healthcare providers. The entire operation been created in few weeks utilizing cloud env running all sample tracking and test workflow management.

• RND infra - Deliver a secured & scalable cloud-based infrastructure running data curation, de-identification, analytics, NLP, machine leaning and other advanced HPC workloads.

• Bioinformatics infra - Deliver a secured & scalable infrastructure running advanced Genomics Bioinformatics workflows serving thousands of samples on weekly bases utilizing tens of thousands of cores running on the cloud.

• Digital Products infra – Deliver a secured & scalable cloud-based infrastructure for Patient / Provider Portal in-house developed systems serving thousands of users weekly.

• Finance and Revenue cycle – Deliver a secured & scalable ERP SaaS-based infrastructure for our procurement & account payable vs sourcing team, financial analytics infrastructure delivering company financial reports.

• Marketing infra – Delivering a secured & scalable SaaS-based infrastructure for Company website, Marketing, Social-Media and publishing systems

• Customer success infra - Deliver a secured & scalable SaaS-based CRM system managing our patients and internal teams.

• Compliance infra - Deliver Cloud-based infrastructure serving company continuous compliance system, collecting artifacts required for HIPAA, HITRUST, SOC2 and SOX audits and assessments.

Teams/Groups/Resources I’ve been managing / supervising / mentoring

• Digital Transformation - Responsible for creation of consumer mobile/ Web, Clinical / Research, Patient / Provider, precision medicine, personalized medicine and therapies centered apps focused on generating intelligence and insight from clinical and research data. These support multi-tenant architecture or a single tenant architecture for maximum segmentation, isolation & customization. Personalized medicine focusing on Genomics, prevention, diagnosis, treatment & drug therapy apps around woman-health, population health for Oncology, Neurology etc conditions & disorders.

• Research and Data-Science Products - Responsible for creation of a Cloud based Research Collaboration platform allowing researches to have a reusable, reproducible, sharable pipelines that encapsulate data, code and runtime execution environment. This reduce vulnerabilities, accelerate research and lower research overall cost.

• Enterprise Cloud Architecture - Responsible for consistent enterprise architecture addressing scalability, integration, elasticity, serverless, native cloud components, microservices concepts adoption.

• Cloud DevOps – Responsible for CICD, SDLC, Cloud blueprints creation, maintenance, integration, and deployment.

• Cloud SecOps – Responsible for addressing threats and vulnerabilities, monitoring and remediations procedures, primarily via automation

• Cloud NetOps – Responsible for a healthy and secured hybrid network between user endpoints, home network, on-prem network, cloud endpoints, VPCs, 3rd party cloud account vendors utilizing SD-WAN, secured connectivity technologies.

• Cloud GovOps and Assurance - Responsible for resource Stewardship, controlling & auditing data & resource access ownership and access permissions, reviewing company policies & procedures implementation and quality

• Cloud ITSM - Responsible for the creation of relevant ITSM service catalog, CMDB, ITAM related workflows.

• Cloud idM – Responsible for a unified Identity Management system implementation, ensuring SSO / MFA is fused to any system

• Cloud Storage Operations - Responsible for utilizing correct data storage tiers, data archiving, data tagging, data security, data structure, data cataloging and indexing

• Cloud data integration - Responsible for utilizing integration engines and collaboration tools to consolidate and aggregate data from multiple sources into a unified model

• Cloud Data Lake and Analytics - Responsible for building a unified data ocean system that will allow users to discover data quickly, organizing data and its meta data.

• PMO - Responsible for orchestrating, coordinating resources, budgeted, timelines, priorities across the different workstreams across all internal teams

/ groups / departments / divisions/3rd party/collaborators/partners

• Cloud Risk & Compliance - Responsible for establishing relevant policies and SOPs addressing cloud resources usage. These should focus on DevOps, SecOps and every endpoint / app that may access or utilize cloud resources internally or part of a 3rd party vendor system

• Cloud Service Desk - Responsible for providing 1st and 2nd line support for DevOps, SecOps resources provisioning, designing and deploying cloud apps. These will be interfacing with Cloud vendor support team.

• Core IT – Responsible for running and securing all company IT operation. Investors Collaboration

I’ve been in close relationship with Sema4 investors (Mount Sinai, Blackstone) providing progress on company security and technology roadmap, active and planned projects and existing challenges. I have constructed relationship with Blackstone portfolio companies partnering on specific solutions and products implemented.

Jan 2007-May 2017 – GigaSpaces Technologies Inc. USA Deputy CTO Distinguished Engineer

Been involved with the formation & creation of the GigaSpaces and Cloudify open-source products: 1. GigaSpaces delivers a transactional fast-data Platform with In-Memory Data Grid, Data Integration, Data Operations & Unified Data Model services targeting Financial Services, Insurance, Retail and eCommerce, Telecommunications & Transportation verticals addressing digital transformation, modernization, enabling cloud migration and innovation. 2. Cloudify delivers Environment As A Service (EaaS) platform acting as a cloud orchestration technology enabling applications to efficiently run across multiple cloud or data center platforms. Cloudify main function is to automate entire lifecycle of the infrastructure and application resources across multi- cloud and on-prem environments via Infrastructure as Code. As part of my role as Deputy CTO I had direct responsibility of all internal GigaSpaces technical certification and training as well as providing front-line technical know-how and support to GigaSpaces US sales and professional services organization. The role involved also interacting with top large-scale companies CTOs and Engineering Managers, escorting their project design, development and deployment phases leveraging GigaSpaces products across FiS, Healthcare, Defense, Homeland Security, AirTravel, Logistics, Energy, Telco orgs. Page 5 S h a y H a s s i d i m

My main responsibilities as a Deputy CTO:

• Collect feedback from the field (sales, sales engineers, prospects, customers, partners, support) and establish requirement documents to the product management team.

• Establish internal training workshops for the different technical teams at the company around the world. This includes sales engineers, support and R&D.

• Escort large customer's implementations over-sighting the architecture and development progress.

• Act as technology partnership verifier and validate technology partners before starting business negotiations.

• Evolve the product vision together with the CTO and diffuse it to the market, prospects, customers, partners and media.

• Oversight and follow-up proof-of-concepts executed by the professional services teams around the world with a focus on US customers.

• Oversight business development technical team activities and act as technical mentor for the partnerships constructed with Technology partners, ISV partners and channels partners.

Feb 2003-Jan 2007 – GigaSpaces Technologies Ltd. Israel VP Product Management

I have joined GigaSpaces when it was in incubation phase, 5 engineers company and fulfilled multiple roles and functions throughout the years. Within few years GigaSpaces has grown to more than 100 employees, with large scale partners and customers around the globe. The GigaSpaces XAP product been installed and used with the most mission critical, high-throughput, highly transactional, real-time applications almost in every vertical. As VP Product Management, I was responsible for the architecture, creation and support of GigaSpaces XAP Enterprise, Caching and Community Editions. working closely with GigaSpaces' prospects and customers to diffuse the field's feedback into the product. I have gained market familiarity and product intimate in-depth knowledge. I had also vast amount of interaction with US based customers and prospects. During this time the company had fast growth of the technical, marketing, business development and sales teams in the east hemisphere and US particularly. This triggered my relocation to NYC Jan 2007 and a promotion to a Deputy CTO role.

The GigaSpaces XAP I have been part of its design, creation and evolvement, was awarded in 1995 the prestigious Sun Microsystems Duke's Choice Award. The award was presented by Sun chairman and chief executive officer, Scott McNealy following his keynote

Contact this candidate