From Innovation to Measurable Results: Krishna Chirumamilla’s Leadership in Building Secure and Compliant Systems

Additional Info

Job title of nominated professional (or team name)Security Engineering Manager
Company (where nominated professional or team is working)Amazon
Websitehttps://medium.com/@krishnachirumamilla
Company size (employees)10,000 or more
CountryUnited States
Headquarters RegionNorth America

Overview

Krishna is a seasoned cybersecurity leader with over a decade of experience driving the development and implementation of comprehensive security programs that effectively balance business imperatives with robust protection. At Amazon, Krishna leads a team of 9 Security Engineers within the Vulnerability Management and Application Security team, bringing a deep understanding of the entire application security lifecycle (SDLC) to bear on building secure and resilient systems. Krishna’s experience spans across various domains like application security, threat modeling, vulnerability management, secure coding practices, and Privacy Engineering. This holistic understanding empowers Krishna to not only identify and remediate vulnerabilities but also to proactively engineer security into the development process, fostering a culture of security from the very beginning of the SDLC.

Krishna’s passion for cybersecurity extends beyond his leadership role. He is a frequent speaker at industry conferences, sharing his expertise and insights with the broader security community. Additionally, Krishna is a dedicated mentor, guiding junior security engineers and helping them develop the skills and knowledge necessary to excel in the field.

Krishna’s background also includes experience in application security program development and management. At Adobe, Krishna played a key role in establishing a mature application security program, encompassing secure coding practices and threat modeling. This program provided a strong foundation for securing Adobe’s products and services.

Accomplishments

Krishna's leadership and innovation have demonstrably strengthened cybersecurity and privacy management practices. Here are the key highlights:


* Streamlined Vulnerability Management & Risk Reduction: Architected and implemented a comprehensive vulnerability management system that integrates with tools like Qualys. This innovative system enriches vulnerability data, automates prioritization, and streamlines remediation workflows at scale. The result? A significant 80% reduction in security risk and a noticeable decrease in builder churn, demonstrating the positive impact of efficient vulnerability management.


* Business-Driven Security: Developed and implemented a contextual severity rating system, prioritizing vulnerabilities based on impact. This resulted in a 40% faster resolution of critical issues and a significant reduction of security debt.


*Transparency and Innovation: Spearheaded the implementation of open threat modeling, standardized the approach which improved collaboration and identified security gaps. This led to a reduction of 2,000 vulnerabilities found in bug bounty programs and penetration testing year-over-year. Assuming an average of $500 bounty per vulnerability, Krishna helped save more than a million dollars.


* Privacy Expertise: Played a key role in implementing GDPR and CCPA compliance measures. Krishna developed and documented internal policies and procedures that aligned with GDPR and CCPA requirements. These policies have addressed data subject rights (e.g., access requests, rectification requests, erasure requests), data breach notification procedures (e.g., timelines for notification, information to be included in notifications), and data minimization practices (e.g., collecting only the data necessary for the stated purpose, implementing data retention schedules). These clear and concise policies are estimated to have reduced the number of data subject rights violations by 20% and ensured timely notification in 95% of data breach incidents.


* Leadership and Team Culture: Fosters a strong team environment focused on continuous learning and knowledge sharing.


* Demonstrating a Passion for Lifelong Learning and Industry Leadership:
** Aced the National Cyber Analyst Challenge, showcasing exceptional technical skills.
** Actively shares expertise through widely read blog posts (top article reaching over 20,000 cybersecurity professionals).
** Empowers the community with insightful presentations – Krishna's talk on third-party JavaScript security at BSides Las Vegas captivated an audience of 2,000 attendees.
** Recognized as a cybersecurity authority – Krishna frequently serves as a judge for prestigious awards like the Globee Cybersecurity Awards and Bintelligence Awards.


References:
* https://www.heinz.cmu.edu/media/2017/january/national-cyber-analyst-challenge
* https://www.cmu.edu/ini/news/2016/ncac2016.html
* https://medium.com/p/cd06ecfa2fe8
* https://medium.com/p/b556d552230d
* https://www.youtube.com/watch?v=ALa-T-CXyzQ
* https://blog.developer.adobe.com/improving-third-party-javascript-security-b1745b29f75d
* https://globeeawards.com/cybersecurity/judges/
* https://bintelligence.us/2024/ai-judge/certificate/Slide145.PNG