Cheston Lee


I've spent my recent history managing high performing security and engineering teams developing my management style, building teams, and refining my scope as a security leader at Cruise. My background is in Software Engineering and I carry those principals and learnings with me into the Security space. Seattle is home but in the world we're living in, as it is, we are all remote.


I am interested in continuing to evolve my leadership skills to take on greater ownership in the application security & security engineering spaces.

What / Where / When

Cruise / Security Engineering Manager, Application Security

Seattle, WA 12/2019 - Present

Responsible for managing an engineering driven Application Security team at Cruise, charged with securing all Cruise built applications utilizing solutions from code level assessments to scaling our automated security tooling.

    • Worked with Security, Engineering and Legal stakeholders to build quarterly and yearly team strategies to secure all Cruise built applications and services
    • Built out metrics driven project plans that include vulnerability discovery through pre & post deployment automation (static analysis, template based scanning & supply chain audits) as well as manual source level application assessments
    • Led the threat model of developer workflows and engineering support tooling
    • Embedded with our Platform team to develop secure by default integrations for Github Enterprise
    • Managed a broad team of Security Engineers including regular performance feedback, bi-yearly reviews and promotion planning

Cory 2020 / Software Engineering Lead

Remote 4/2019 - 10/2019

Worked with the Cory Booker 2020 Presidential Campaign to support their digital strategy and improve digital security posture.

    • Worked with campaign leadership, vendors and agencies to develop a strong campaign security posture and response guidelines
    • Key member of campaign's cybersecurity incident response team
    • Created a reusable component library based on the Cory 2020 style guide using Twig templates, SASS and ES6 Javascript bundled with Parcel.js
    • Responsible for building, allowing digital staffers to update and create new policy pages and other content to advance campaign strategy

Casper / Engineering Manager

New York, NY 1/2017 - 4/2019

Acting as the e-commerce engineering lead, managing three teams of developers building applications across e-commerce marketing, conversion & platform. Creator of the Application Security discipline within the Engineering org.

    • Owned the client technology vision, strategy and architecture to support a fast paced e-commerce organization
    • Worked with leadership to develop and adopt yearly and quarterly roadmaps to reach company goals
    • Lead efforts to introduce security tooling and process into the SDLC (ex. managing dependency vulnerabilities via Snyk)
    • Created a public bug bounty program, leading to the creation of internal application security processes, education, and hiring
    • Developed the hiring pipeline for software engineers, security engineers, and roles across the organization; creating new roles, interview processes and career ladders

Hillary for America / Engineering Manager

Brooklyn, NY 9/2015 - 11/2016

Served as both tech lead and people manager for the campaign Fundraising team. We were responsible for donations and signups, e-commerce, and internal tooling.

    • Developed hiring plans and grew the Fundraising team from two Engineers to nine in a year.
    • Led the team to take responsibility for over a dozen major project responsibilities on tight campaign driven deadlines
    • Oversaw key architectural decisions, including the adoption of server rendering and custom frameworks to improve front-end performance
    • Acted as technical leader to run key planning and prioritiziation with the Product, Finance and Digital Marketing teams
    • Worked with the team to manage the development planning process, establishment of technical guidelines and release processes to meet deadlines, maintain code quality and ensure product reliability
    • Conducted performance reviews for direct reports to give actionable feedback and title adjustments

Optimizely / Senior Software Engineer

San Francisco, CA 5/2014 - 9/2015

Worked on the Predictive Analytics and Web Platform teams to develop interactive data visualizations for Optimizely's Personalization product.

    • Developed working prototypes to visualize results from customer A/B tests and personalized experiences that cut across large data sets to help customers get actionable results
    • Wrote componentized and tested interactive dashboards using VueJS & NuclearJS, to manage experiments and personalized experiences
    • Led the effort to benchmark and track front-end performance across the product suite, which included integrating new tooling and negotiating with vendors
    • Built a Javascript (ES6) component library as part of Optimizely's living style library to provide out of the box interactive components for use across products

SmugMug / Sorcerer, Software Engineer

Mountain View, CA 8/2010 - 4/2014

I began with a front-end role and moved across the technical stack, implementing everything from infrastructure to product and API features.

    • Wrote user-facing documentation, gave bi-weekly lectures, and filled in gaps in the internal API before release
    • Developed and tested a Node.js proxy that performed server-side rendering of our rich client application using PhantomJS
    • Led a team to integrate third-party tools into the site, which required data sharing and a major front-end refactor / Software Engineer

San Mateo, CA 4/2008 - 5/2010

I developed features for the core product -- a marketing autiomation tool, as well as the architecture for our custom PHP framework.

    • Designed and developed a MVC page development framework using PHP, ExtJS, XML, and JSON
    • Played a pivotal role in designing a web security test plan and creating a set of secure programming guidelines

C-Print / Software Developer, Co-op

Rochester, NY 6/2004 - 12/2006


Hack Fortress

I have helped to organize and run HackFortress, a travelling competition that occurs at the DEFCON and Shmoocon conferences for nearly 10 years. Hackfortress combines gaming and computer security. It's a tournament style event with two teams consisting of gamers playing TeamFortress 2 and hackers solving security challenges across a variety of fields, including forensics, networking, encryption and web security.

    • Led the development of web security challenges involving combinations of client & server vulnerabilities in a variety of platfroms such as Ruby, Node.js and PHP
    • Built a reusable style & component library for use in web application challenges


Rochester Institute of Technology

Rochester, NY 2008

Graduated with a Bachelor of Science in Information Technology with concentrations in Computer Science and a minor in Political Science.