Ken Armstrong

Led team securing and stabilizing controls and cloud infrastructure for Series B healthtech startup across AWS environments, AI/analytics platforms, and client installations. Owned SOC 2, PCI, TX-RAMP, and HIPAA compliance.

• Developed initial security framework, strategy, budget, and control stack – bringing Tendo into compliance in first 30 days.
• Saved >$250K/year in recurring spend by consolidating endpoint and cloud security controls post MDsave acquisition.
• Led security due diligence and handover for a multimillion-dollar divestiture, delivering a secure and seamless transaction.
• Drove >$10M in revenue by leading security pre-sales engineering, including assessments, panel reviews, and risk mitigations.
• Onboarded Okta for all key business applications and desktops, bringing consistent and compliant access across Tendo.
• Decreased untreated SAST, DAST, and SCA production vulnerabilities >95% through deployment of Tenable and Aikido.
• Reduced endpoint vulnerability MTTR >90% by automating triage and remediation processes with Kandji and Action1.
• Integrated Tendo and MDsave SOC 2 Type 2 and HIPAA audits into joint compliance framework, resulting in clean opinion.
• Obtained PCI 4.0 QSA AOC & ROC in 35 days, meeting a customer deadline and securing a >$1M engagement.

Led GRC projects providing oversight over technical and administrative controls across SoFi's multiple entities, including Galileo, Technisys, and Golden Pacific Bank. Developed compliance automation program, configuration management, and vulnerability management.

• Automated SOC 2, ITGC/SOX, GLBA, PCI, OCC CWS, CRI Profile, FFIEC CAT, and NIST CSF evidence collection.
• Led PCI 4.0 assessment: onboarded new QSA, evidence collection, remediation, and successful completion of clean report.
• Developed new vulnerability management processes, dashboards, escalations, and reporting structure to address IA findings.
• Accomplished 100% of assigned Q4 2022 – Q4 2023 key results within budget, schedule, scope, and established pass criteria.

Led second line initiatives providing oversight, strategy, compliance, and governance over IAM, TPRM, DLP, physical security, and vulnerability management. Responsible for FFIEC CAT, PCI-DSS, and NIST CSF assessments for first chartered fintech bank (>$2.5B valuation, >1K staff, ~5M active accounts).

• Led Information Security Program (team of 3) as Interim Chief Information Security Officer (CISO) Aug 2021 – Feb 2022.
• Successfully represented Varo Bank as Security Officer for OCC and FDIC examinations, resulting in zero findings.
• Developed, managed, and led initial assessments and documentation for OCC supporting successful bank open in Sep 2020.
• Created advanced vendor security assessment, leveraging NIST CSF, GLBA, & FFIEC CAT to resolve TPRM deficiencies.
• Eliminated 100% of IAM SLA violations by creating new automations, dashboards, alert mechanisms, and audit processes.
• Improved endpoint vulnerability management SLA compliance >80% by developing new standard and remediation workflow.
• Decreased MTTR >50% for dependency vulnerabilities by automating analysis, notification, and reporting processes.
• Discovered critical vulnerability in production user-facing system, leading to >25% reduction in fraudulent transactions.

Led security engagements and HIPAA security assessments for clients across >30 states supporting HIPAA One SaaS applications, including security risk assessments, vulnerability scanning, and penetration testing.

• Completed 100% of assigned engagements within scope, schedule, and budget with 100% internal review pass rate.
• Generated >$100K in additional revenue in Q2 2020 by developing Advanced Technical Baseline and NIST CSF products.
• Clients included Centene, UnitedHealth, Global Payments, Domo, The Ohio State University, and the City of Santa Monica.
• Implemented automation to eliminate redundant assessment processes, saving up to several days per engagement.

Led security and cloud operations (team of 4) for largest behavioral health organization in Utah with >20K patients, >70 units, and >30 locations. Managed >$100K budget and held Security Officer role for GRC compliance.

• Improved performance of EMR >50% by leading migration to AWS to resolve systemic performance and DR/BCP issues.
• Reduced password ticket volume >40% by rolling out SSO and aligning authentication standard with NIST SP 800-63B.
• Deployed multi-factor authentication to >1K accounts for all remote access and business applications on-time and budget.
• Decreased BYOD support ticket volume >40% by designing and implementing new standard, policy, and procedure.
• Cut phishing rates >80% by implementing KnowBe4 security awareness training and testing across organization.
• Pushed Jamf remote management to >200 iOS devices, decreasing unscheduled downtime and support volume by >50%.
• Procured and deployed SentinelOne EDR across all organization assets (>900 endpoints) on-time and under budget.

Advanced security, development, and operations of EMR deployment (>$60M/year, >3K services/daily, >1K users). Led administration of application servers, databases, and load balancers. Designated interim Security Officer and created security team.

• Reduced unplanned EMR outages >90% by overhauling infrastructure, administration practices, and development practices.
• Generated >$700K additional annual revenue by designing and leading implementation of internal laboratory billing system.
• Improved EMR performance >40% by deploying APM tools, identifying constraints, and optimizing backend processes.
• Cut labor costs >40% while improving throughput >50% by designing new secure document processing workflow.
• Designed transition from failing Parallels 2x VDI implementation, resulting in >50% decrease in EMR support requests.
• Created HIPAA, HITECH, Meaningful Use, and State audit programs, satisfying requirements on-time and under budget.