From Vision to Victory: My Cyber Security Evolution

Check Out My LinkedIn Profile
Jeremy Smillie - DevSecOps
Securing the Future: My Impactful Career in Cyber Security

With over two decades of experience in the IT industry, specializing in cyber security, I have consistently driven transformative initiatives that have elevated the security posture of every organization I’ve worked with. My career journey is marked by leadership roles such as VP of DevSecOps and Sr. Director of Security at Exact Payments OpCo LLC, where I played a pivotal role in integrating security practices, building robust security teams, and implementing advanced threat detection systems.

I am passionate about creating and fostering a security-first culture, emphasizing proactive risk management and continuous improvement. My approach combines strategic vision with hands-on expertise, ensuring that security is not an afterthought but a fundamental component of every project from inception to deployment.

Throughout my career, I have built comprehensive security awareness training programs, established shift-left security practices, and managed compliance with stringent industry standards. My leadership style focuses on collaboration and empowerment, guiding cross-functional teams to achieve shared security objectives.

Beyond my professional achievements, I am an avid traveler, gourmet enthusiast, and dedicated cyclist, which fuels my curiosity and drive for continuous learning and personal growth. I believe that a balanced life, filled with diverse experiences, contributes to my innovative and forward-thinking approach to cyber security.

I am excited about the opportunity to bring my expertise, passion, and vision to new challenges and help organizations achieve unparalleled security excellence.

Compliance Expert

As a compliance expert, I bring extensive knowledge and expertise in ensuring organizations adhere to relevant laws, regulations, and industry standards. I excel in identifying and mitigating compliance risks through comprehensive audits, assessments, and continuous monitoring. My strengths lie in developing and implementing robust policies and procedures that align with regulatory requirements and promoting a culture of integrity and ethical behavior within the organization.

I work collaboratively across various departments, providing guidance and support to ensure cohesive and effective compliance strategies. My approach includes detailed documentation, incident response planning, and continuous improvement to adapt to evolving regulations and emerging risks. With a focus on safeguarding organizations from legal and regulatory challenges, I strive to maintain their positive reputation and foster a strong compliance and ethical conduct culture.

PCI-DSS

With extensive experience in PCI-DSS audits dating back to the first version of the standard, I have established myself as a leading expert in this critical area of compliance. My deep understanding of PCI-DSS requirements has been honed through years of hands-on audits and successful implementations, culminating in completing the latest version 4.0 of the standard.

I have guided numerous organizations in achieving and maintaining PCI-DSS compliance, ensuring the highest levels of security for their payment processing environments. My expertise encompasses all aspects of PCI-DSS, from initial assessments and gap analyses to remediation planning and validation. By staying current with evolving standards and best practices, I help organizations navigate the complexities of PCI-DSS, safeguarding sensitive cardholder data and fostering trust with their customers.

SOC 2

As a seasoned expert in SOC 2 audits, I have extensive experience guiding organizations through the rigorous process of achieving and maintaining SOC 2 compliance. My role involves creating comprehensive policies and procedures tailored to the company’s specific needs and ensuring they meet the stringent criteria required for SOC 2 certification.

I have successfully enforced these policies across organizations, fostering a culture of compliance and security. My expertise includes conducting thorough risk assessments, implementing robust internal controls, and overseeing continuous monitoring to ensure adherence to SOC 2 standards. By meticulously managing every SOC 2 audit process aspect, I help organizations build and maintain a secure and compliant environment, enhancing their credibility and trust with clients and stakeholders.

VP of DevSecOps – Exact Payments OpCo LLC.

About Exact Payments OpCo LLC.

Exact Payments OpCo LLC emerged in 2020 following the acquisition of Exact Transactions (Canada) Ltd. by Platform Partners. The company aimed to generate significant revenue growth with a vision to transform a world-class payment gateway into a groundbreaking Payment Facilitator platform. Handling over $150 billion in Gross Processing Volume and facilitating 1.2 billion transactions annually, Exact Payments is a powerhouse in the fintech industry. During my tenure at Exact Payments, we achieved a remarkable milestone by processing 4% of all credit card transactions in North America, solidifying our position as a leader in the market.

ExactPay.com

About My Position At Exact Payments OpCo LLC.: 2024 – Present

As the VP of DevSecOps at Exact Payments OpCo LLC, I am pivotal in driving the company’s security and operational excellence. My tenure was marked by significant achievements and strategic initiatives that bolstered the company’s security posture and operational efficiency.

Key Responsibilities and Achievements:

  1. Integration of Security Practices into the DevOps Pipeline:
    • Oversaw the seamless integration of security protocols into the DevOps pipeline, ensuring that security was embedded from the earliest stages of development through to deployment.
    • Implemented automated security checks and continuous monitoring to identify and mitigate vulnerabilities in real-time, enhancing the overall security of the development lifecycle.
  2. Establishment of Robust Security Training Programs:
    • Developed comprehensive security training programs to empower developers with the knowledge and skills to incorporate security best practices into their daily workflows.
    • Fostered a shift-left security culture, where security considerations were prioritized at the outset of development projects, significantly reducing the risk of security breaches.
  3. Team Leadership and Development:
    • Successfully combined the DevOps and SecOps teams into a unified, cohesive unit, promoting collaboration and shared responsibility for security.
    • Managed the recruitment, onboarding, and professional development of team members, ensuring a high level of expertise and commitment within the team.
  4. Budgeting and Resource Management:
    • Handled budgeting and resource allocation for the DevSecOps department, ensuring optimal use of resources to achieve strategic objectives.
    • Implemented cost-effective security measures that prevented potential security breaches, resulting in substantial cost savings for the company.
  5. Focus on Security Pipelines:
    • Designed and implemented robust security pipelines that provided continuous integration and continuous delivery (CI/CD) with built-in security checks.
    • Developed measures to prevent vulnerabilities from entering the environment, including automated scanning tools and rigorous code review processes.
  6. Advanced Monitoring and Threat Detection:
    • Leveraged advanced monitoring and threat detection systems to proactively identify and respond to security threats.
    • Implemented real-time alerting and incident response protocols, ensuring swift action to mitigate any potential security incidents.
  7. Strategic Vision and Execution:
    • Provided strategic direction for the company’s security initiatives, aligning security goals with business objectives to support overall growth and success.
    • Championed a culture of continuous improvement, encouraging innovation and the adoption of cutting-edge security technologies and practices.

Impact on Exact Payments OpCo LLC:

During my tenure as VP of DevSecOps, I played a crucial role in enhancing the security and operational efficiency of Exact Payments. My efforts not only strengthened the company’s defenses against cyber threats but also fostered a culture of security awareness and proactive risk management. By integrating security into every aspect of the development process, I ensured that Exact Payments could confidently handle its vast transaction volume and maintain its position as a leader in the fintech industry.

Sr. Director Of Security – Exact Payments OpCo LLC.

About My Position At Exact Payments OpCo LLC.: 2023 – 2024

As the Sr. Director of Security at Exact Payments OpCo LLC, I was responsible for steering the organization’s security strategy, ensuring the protection of sensitive data, and maintaining compliance with industry standards. My role was integral in fortifying the company’s security posture and establishing a robust framework for risk management and threat detection.

Key Responsibilities and Achievements:

  1. Comprehensive Security Initiatives:
    • Led the design and implementation of comprehensive security initiatives across the organization, focusing on protecting sensitive data and critical infrastructure.
    • Developed and executed strategic security policies and procedures to safeguard against emerging threats and vulnerabilities.
  2. Risk Assessment and Management:
    • Conducted thorough risk assessments to identify potential security risks and implemented effective mitigation strategies.
    • Established a risk management framework that ensured continuous monitoring and assessment of security risks, enhancing the organization’s ability to respond proactively.
  3. Incident Response and Threat Detection:
    • Developed and managed an incident response plan to ensure swift and effective handling of security breaches and incidents.
    • Implemented advanced threat detection systems that enabled real-time monitoring and rapid identification of potential security threats.
  4. Compliance and Regulatory Adherence:
    • Ensured compliance with industry standards and regulations, including PCI-DSS, SOC, and HIPAA, maintaining the highest security and data protection levels.
    • Conducted regular audits and assessments to verify compliance and address any gaps in security controls.
  5. Team Leadership and Development:
    • Built and led a highly skilled security team, fostering a culture of collaboration, continuous improvement, and professional development.
    • Provided training and mentorship to team members, ensuring they were equipped with the latest knowledge and skills in cyber security.
  6. Advanced Security Technologies:
    • Spearheaded adopting and implementing advanced security technologies to enhance the organization’s defense mechanisms.
    • Leveraged cutting-edge tools and solutions for encryption, intrusion detection, and access control to ensure robust data and system protection.
  7. Cross-Functional Collaboration:
    • Worked closely with other departments, including IT, DevOps, and compliance, to ensure a cohesive and integrated approach to security.
    • Facilitated cross-functional collaboration to align security measures with business objectives and operational needs.
  8. Continuous Improvement and Innovation:
    • Championed a culture of continuous improvement, encouraging the adoption of innovative security practices and technologies.
    • Stayed abreast of industry trends and emerging threats, ensuring the organization remained ahead of potential security challenges.

Impact on Exact Payments OpCo LLC:

As the Sr. Director of Security, I played a pivotal role in fortifying Exact Payments’ security infrastructure and ensuring the protection of its vast transaction volume. My leadership and strategic direction significantly enhanced the company’s ability to detect and respond to threats, maintain compliance, and protect sensitive data. By fostering a culture of security awareness and leveraging advanced technologies, I ensured Exact Payments could operate securely and confidently in the competitive fintech landscape.

Director Of Security – Exact Payments OpCo LLC.

About My Position At Exact Payments OpCo LLC.: 2022 – 2023

As the Director of Security from 2022 to 2023, I played a pivotal role in aligning our security initiatives with the adoption of AWS and the rise of DevOps within the company. This position required me to lead and oversee the implementation of comprehensive security measures, ensuring that our cloud infrastructure and DevOps practices were robust and resilient against emerging threats.

2022 was also the year we pushed hard to launch our new platform, PayFac. Numerous security gaps need to be addressed, designed, and deployed. Despite the challenges, we successfully launched PayFac on time with all necessary security protections and passed the first PCI-DSS audit in the platform’s history.

Key Responsibilities and Achievements:

AWS Security Hardening:

  • Implemented stringent security protocols and best practices for AWS environments, including identity and access management (IAM), encryption, and network security.
  • Conducted regular security audits and vulnerability assessments to identify and mitigate potential risks within our AWS infrastructure.
  • Leveraged AWS security services such as AWS GuardDuty, AWS Macie, and AWS Security Hub to enhance the protection of our cloud assets.

DevOps Integration:

  • Integrated security into the DevOps pipeline, fostering a culture of “DevSecOps” where security is a shared responsibility from development through deployment.
  • Developed and enforced security policies and procedures for continuous integration and continuous deployment (CI/CD) processes.
  • Utilized infrastructure as code (IaC) tools like Terraform and wrappers like Terragrunt to ensure secure and consistent deployments.

PayFac Platform Security:

  • Identified and addressed numerous security gaps in the new PayFac platform.
  • Designed and deployed comprehensive security measures to protect the platform.
  • Successfully launched PayFac on schedule, meeting all security requirements and achieving the platform’s first PCI-DSS audit certification.

Security Monitoring and Incident Response:

  • Established real-time security monitoring and alerting systems using AWS CloudWatch, AWS CloudTrail, and other logging services.
  • Designed and implemented incident response plans to address and remediate security incidents quickly, minimizing potential impacts.

Data Protection and Compliance:

  • Ensured compliance with industry standards and regulations such as PCI-DSS, SOC 2
  • Implemented robust data encryption and key management practices to protect sensitive information at rest and in transit.

Team Leadership and Development:

  • Led a team of security professionals, providing mentorship, training, and guidance to foster a high-performance security culture.
  • Collaborated with cross-functional teams, including DevOps, IT, and engineering, to ensure seamless integration of security practices across the organization.

Security Officer – Exact Payments OpCo LLC.

About My Position At Exact Payments OpCo LLC.: 2020 – 2022

From 2020 to 2022, I served as the Security Officer at Exact Payments OpCo LLC during a pivotal time in the company’s history. Our company was acquired by Platform Partners, an investment firm with the vision of building a new platform based on microservice architecture. This period involved significant transformation and innovation in our security practices.

Key Responsibilities and Achievements:

Microservices and Cloud Adoption:

  • Led the security efforts as we transitioned to a new platform based on microservices architecture.
  • We chose AWS as our cloud provider and implemented Terragrunt as our Infrastructure as Code (IaC) tool, ensuring a robust and scalable foundation.

Legacy Datacenter Management:

  • Continued to oversee our legacy datacenters in Canada and the US, ensuring they remained PCI compliant.
  • Conducted regular security audits and vulnerability scans and maintained compliance with PCI-DSS standards.

Shift-Left Security Implementation:

  • Designed and implemented a shift-left security strategy, starting with developer education and integrating security tools into the development lifecycle.
  • Deployed Veracode for static application security testing (SAST), building pipelines that triggered security scans upon code commits.
  • Collaborated closely with Veracode to enhance their product, aligning it better with our workflows and requirements.

Automated DAST for APIs:

  • Developed and implemented automated Dynamic Application Security Testing (DAST) for our APIs, overcoming significant challenges.
  • We designed a process to pre-populate valid data in our database before running DAST scans, addressing the issue of the scans destroying data.
  • Ensured continuous and effective DAST scans, improving our overall security posture despite the inherent complexities.

Ongoing Security Operations:

  • Maintained routine security operations, including vulnerability scans, external ASV scans, and analysis of penetration test results.
  • Acted on findings from these assessments to remediate vulnerabilities and strengthen our defenses.

Security Culture and Education:

  • Fostered a culture of security awareness across the organization, ensuring all employees understood the importance of security in their daily roles.
  • Provided training and resources to developers and other staff to integrate security best practices into their workflows.

Stay In Touch

Ready to connect? Whether you have a question, need advice, or are interested in collaborating, I’m here to help. Reach out to me, and let’s start a conversation. Your inquiries are always welcome, and I look forward to discussing how we can work together to achieve your goals.

Email
The form has been submitted successfully!
There has been some error while submitting the form. Please verify all form fields again.
Scroll to Top