Ivan Piskunov
Product Security leader for modern engineering organizations
I help product and engineering teams build practical security programs across application security, DevSecOps, cloud, and platform environments — with the goal of reducing risk while keeping delivery fast, usable, and credible.
15+ years in cybersecurity
Product Security, AppSec, DevSecOps, Cloud Security
Hands-on practitioner and security leader
Public writing, open-source work, and speaking
Focus
Product Security, AppSec, DevSecOps
Style
Strategic, hands-on, engineering-friendly
Executive profile
A pragmatic security leader with product and delivery context
Built for hiring managers, founders, and security leaders looking for someone who can move between technical depth, program design, and executive communication.
My background spans Product Security, Application Security, DevSecOps, cloud, and platform security across regulated and fast-moving environments, including healthcare, retail, banking, fintech, and digital asset ecosystems.
I am strongest where security has to become operational: creating structure, improving engineering adoption, raising the signal-to-noise ratio of tooling, and helping leadership understand where investment actually changes risk.
I bring a blend of hands-on credibility and leadership maturity. That means being comfortable in architecture reviews, roadmap discussions, security program design, stakeholder alignment, and the practical details of how teams ship software.
Publicly, I invest in writing, open-source work, and knowledge-building around Product Security, AppSec, and DevSecOps. That body of work helps show how I think, not just what I have done.
How I add value
Build product security programs that engineering teams can actually use
Translate security concerns into delivery priorities and leadership language
Improve AppSec and DevSecOps workflows without turning them into compliance theater
Raise credibility with both technical teams and executive stakeholders
Education and credentials
STEM degree in information security
Specialist-level technical education in information security, supported by strong academic performance and built before moving into senior engineering, architecture, and leadership roles.
Graduate background in economics and finance
Additional graduate education in economics and financial accounting that helps strengthen the way I think about risk, controls, tradeoffs, and business context.
HBS Online coursework
Online business coursework and executive education completed through HBS Online.
Selected certifications
AWS Security Specialty, Google Cloud Professional Cloud Security Engineer, CEH, CCNA, MCSA, and LPIC-1.
Where I am strongest
Core focus areas
The strongest personal brand pages are clear about the value proposition. This section keeps the signal high and shows the kinds of problems I am best suited to solve.
Product Security programs
Create or mature product security functions with clear ownership, practical operating rhythms, and leadership-ready reporting.
Application Security enablement
Bring threat modeling, secure SDLC, code review practices, and developer-facing security guidance into everyday engineering work.
DevSecOps integration
Embed SAST, DAST, SCA, secrets scanning, container scanning, and IaC checks into delivery workflows with better signal and adoption.
Cloud and platform security
Strengthen AWS, GCP, Kubernetes, IAM, secrets, and platform controls with a focus on real operating environments rather than theory.
Risk translation and prioritization
Convert security findings and technical concerns into language that leaders, product teams, and engineers can act on.
Security culture and leadership
Build trust, reduce friction, and move security from reactive gatekeeping toward a more credible partnership model.
Selected examples
Representative case studies
These are intentionally written in a concise, employer-friendly format: context, contribution, and outcome.
Helped shape a more structured product security function in a large retail environment with multiple delivery streams and real business pressure around speed.
Introduced a clearer operating model for AppSec and Product Security work
Supported tooling integration and more repeatable workflows
Improved the way leadership and delivery teams could see progress and risk
The result was a more usable security model — closer to how engineering teams actually work and easier for leadership to support.
Proof in public
Selected public work
This section is designed to show public proof of work: technical depth, program thinking, writing range, and original perspective.
Speaking and public presence
A public speaker, lecturer, and security educator
I am strongest in formats where technical depth, practical examples, and credible communication all matter at the same time.
Available for conference talks, webinars, podcasts, panel discussions, workshops, and advisory conversations related to Product Security, AppSec, DevSecOps, cloud security, and security leadership.
My speaking background includes university teaching, public education, technical writing, and presentations for Russian-speaking technical audiences. Today, I am building more deliberately toward broader international, U.S., and European communities, including global conference-style formats and security leadership conversations.
Product Security strategy and operating models
AppSec leadership that engineering teams trust
DevSecOps adoption with better signal and less friction
Cloud, platform, and Kubernetes security in delivery environments
Get in touch
Let's talk
Whether the conversation is about a leadership role, consulting, speaking, or a strong offer, I'm open to thoughtful outreach.