Cheston Lee

Responsible for managing an engineering driven Application Security team at Cruise, charged with securing all Cruise built applications utilizing solutions from code level assessments to scaling our automated security tooling.

• Worked with Security, Engineering and Legal stakeholders to build quarterly and yearly team strategies to secure all Cruise built applications and services
• Built out metrics driven project plans that include vulnerability discovery through pre & post deployment automation (static analysis, template based scanning & supply chain audits) as well as manual source level application assessments
• Led the threat model of developer workflows and engineering support tooling
• Embedded with our Platform team to develop secure by default integrations for Github Enterprise
• Managed a broad team of Security Engineers including regular performance feedback, bi-yearly reviews and promotion planning

Worked with the Cory Booker 2020 Presidential Campaign to support their digital strategy and improve digital security posture.

• Worked with campaign leadership, vendors and agencies to develop a strong campaign security posture and response guidelines
• Key member of campaign's cybersecurity incident response team
• Created a reusable component library based on the Cory 2020 style guide using Twig templates, SASS and ES6 Javascript bundled with Parcel.js
• Responsible for building corybooker.com, allowing digital staffers to update and create new policy pages and other content to advance campaign strategy

Acting as the e-commerce engineering lead, managing three teams of developers building applications across e-commerce marketing, conversion & platform. Creator of the Application Security discipline within the Engineering org.

• Owned the client technology vision, strategy and architecture to support a fast paced e-commerce organization
• Worked with leadership to develop and adopt yearly and quarterly roadmaps to reach company goals
• Lead efforts to introduce security tooling and process into the SDLC (ex. managing dependency vulnerabilities via Snyk)
• Created a public bug bounty program, leading to the creation of internal application security processes, education, and hiring
• Developed the hiring pipeline for software engineers, security engineers, and roles across the organization; creating new roles, interview processes and career ladders

Served as both tech lead and people manager for the campaign Fundraising team. We were responsible for donations and signups, e-commerce, and internal tooling.

• Developed hiring plans and grew the Fundraising team from two Engineers to nine in a year.
• Led the team to take responsibility for over a dozen major project responsibilities on tight campaign driven deadlines
• Oversaw key architectural decisions, including the adoption of server rendering and custom frameworks to improve front-end performance
• Acted as technical leader to run key planning and prioritiziation with the Product, Finance and Digital Marketing teams
• Worked with the team to manage the development planning process, establishment of technical guidelines and release processes to meet deadlines, maintain code quality and ensure product reliability
• Conducted performance reviews for direct reports to give actionable feedback and title adjustments

Worked on the Predictive Analytics and Web Platform teams to develop interactive data visualizations for Optimizely's Personalization product.

• Developed working prototypes to visualize results from customer A/B tests and personalized experiences that cut across large data sets to help customers get actionable results
• Wrote componentized and tested interactive dashboards using VueJS & NuclearJS, to manage experiments and personalized experiences
• Led the effort to benchmark and track front-end performance across the product suite, which included integrating new tooling and negotiating with vendors
• Built a Javascript (ES6) component library as part of Optimizely's living style library to provide out of the box interactive components for use across products

I began with a front-end role and moved across the technical stack, implementing everything from infrastructure to product and API features.

• Wrote user-facing documentation, gave bi-weekly lectures, and filled in gaps in the internal API before release
• Developed and tested a Node.js proxy that performed server-side rendering of our rich client application using PhantomJS
• Led a team to integrate third-party tools into the site, which required data sharing and a major front-end refactor

I developed features for the core product -- a marketing autiomation tool, as well as the architecture for our custom PHP framework.

• Designed and developed a MVC page development framework using PHP, ExtJS, XML, and JSON
• Played a pivotal role in designing a web security test plan and creating a set of secure programming guidelines