Raymond A. Pompon

CISSP · AI Governance Professional
Cyber Security Program Director, Convera

A security leader with over three decades in internet security, compliance, and threat research — spanning hands-on network architecture, building security programs from the ground up, leading teams, and working alongside federal law enforcement on cybercrime investigations.

At a Glance

Built a security program that passed nine consecutive annual SAS-70 / SSAE-16 SOC-1 Type II audits.
25+ years in infosec and compliance (GLBA, ISO 27000, Sarbanes-Oxley, PCI, FFIEC, PIPEDA).
35+ years designing and implementing complex, high-availability network security.
19+ years in leadership — including owning a network integration firm, leading a threat research team, and running IT operations.
22+ years in web application security against OWASP and WASC requirements.
Author of a published book, 150+ security articles, and 200+ public talks.

Experience

Cyber Security Program Director, Convera

2022 – Present

Cybersecurity governance and compliance for a B2B fintech processing $110B in transactions across 40+ countries and 140+ currencies.
Lead a 7-person global team covering customer assurance, cybersecurity, and third-party risk, alongside technical and business-process redesign to meet compliance and risk objectives.
Ensure compliance with global cybersecurity financial regulations: PCI DSS, GDPR, PSD2-SCA, NYDFS, FFIEC, DORA, MAS, and SOC 1 & 2 audits.
Manage cyber-risk, business continuity, vendor risk, customer assurance, and security awareness for 2,500 employees and contractors.
AI/ML risk and policy, including the AI Governance Framework, risk assessment, and security training.

Director, F5 Labs — Threat Intelligence, F5 Networks

2016 – 2022

One of the founders and team lead for F5 Labs, a 5-person team of threat researchers.
Created the first annual Application Protection Report from multiple data sources and built the process to hand it off as an ongoing series.
Interviewed CISOs, CTOs, and tech leaders to produce case studies, tutorials, and best practices.
Wrote data-analysis code and built the process for large-scale honeypot data feeding sales and ongoing threat reports.
Mentored and ran the F5 Labs internship, resulting in published research and new open-source security tools.
Created, expanded, and curated CISO-to-CISO, an F5 Labs information source for security leaders.
Speaking, writing, podcasting, and support of strategic sales efforts. Principal Threat Researcher Evangelist 2016–2020; Director 2020+.

Head of Information Security, North America & Asia, Linedata

Sep – Dec 2016

Responsible for security and compliance across 4 Linedata offices and 4 ASP hosting data centers for financial-services companies.
Designed and executed three SSAE 16 SOC 1 and SOC 2 audits for two data centers.
Hired and managed security staff overseeing corporate and hosted security and compliance projects.
Primary lead for customer security inquiries and all external audits.

Director of Security, Linedata Lending & Leasing (formerly CapitalStream)

2013 – 2016

Responsible for security and compliance at the Lending & Leasing division — continued passing annual SSAE-16 SOC-1 Type II audits with zero breaches.
Headed security and compliance for a new mobile financial-services product.
Developed an internal security tool later packaged and sold as a product add-in for customers.
Promoted security offerings through magazine articles, press interviews, and financial-industry conference talks.
Enhanced sales by briefing customers on security, privacy, and compliance assurance programs.

Director of Security & Infrastructure, HCL CapitalStream

2008 – 2013

Managed the infrastructure team for a highly available, highly secure financial-services hosting environment.
Led a multi-year web application security project to 100% OWASP compliance with zero security flaws; cut vulnerability fix time by 400%, faster than industry average.
Guided IT operations through Verizon Cybertrust / ISO 27001 certification three years running.
Managed special security projects for customer and international compliance, including database encryption, PCI compliance, and privacy audits.

Security Officer, CapitalStream

2007 – 2008

In charge of security and compliance for a financial-services ASP hosting several top-50 global banks.
Change leader for a ground-up security program that eliminated customer audit deficiencies and passed SAS-70 Type 2.
Reduced operational expenses by 20%+ through new change-control processes, reduced vendor expenses, and cross-platform change-monitoring software.
Worked directly with IT operations to resolve security incidents, interfacing with law enforcement, customers, and auditors.

ISMS Manager, Network Computing Architects

2006 – 2007

Led the information security management systems practice within NCA Professional Services.
Performed pre-sales consulting and fulfillment for ISO 27001 certification projects.
Designed methodologies for policy development and service fulfillment for consulting engagement teams.
Developed a new risk-assessment offering based on Failure Mode Effects Analysis; headed a long-term PCI remediation project for a large e-commerce firm.

Internet Security Consultant, Creation Logic

2005 – 2006

Engineered and implemented large-scale satellite-based VPN and firewall infrastructure.
Performed on-site security inspections and redesigns for financial-service firms.

Senior Security Architect, Conjungi Networks

2000 – 2005

Civilian undercover operative in FBI Operation Flyhook, which led to the conviction of two Russian hackers.
Created and expanded vulnerability-assessment and penetration-testing services — assessments for national retailers, banks, financial-services firms, energy utilities, and e-tailers.
Contributed to new consulting services, security products, and customer offerings.
Performed security analysis and due-diligence review for third-party providers, outsourcers, and financial-services firms.
Designed and implemented a nationwide secure, highly available POS system with 300 remotely managed firewalls and VPNs.
Primary responder for incidents including a rogue sysadmin, large-scale malware outbreaks, and an e-banking breach.
Many engagements in risk analysis, architecture, installation, integration, and support for HIPAA, SOX, PCI, GLBA, and NERC-regulated organizations.

Network & Data Security Analyst, Boeing Employees Credit Union

1997 – 2000

Maintained and secured all internal and external LAN, WAN, and Internet data communications.
Designed, built, and maintained Internet security for BECU's first web-banking offering.
Demonstrated assurance through ongoing internal and external technical audits.
Highest escalation support for a 1,000+ node financial network.

Founder, Minuet

1994 – 1997

Ran technical and business operations for a 3-employee systems-integration firm.
Specialized in LAN integration and Internet connectivity for CPAs and tax attorneys.
Provided design, project management, cabling, OS migration, software conversion, and training.

Senior Technology Specialist, KPMG Peat Marwick

1991 – 1994

Lead manager for 150 CPAs on a Netware LAN of Windows and Mac hosts.

Systems Technician, Chaminade University

1990 – 1991

Sysadmin for the Academic Support department — managed a DEC PDP-11/44, SCO Unix, and Novell Netware.

Affiliations

InfraGard Member Alliance — Executive board (Seattle 2001–2012, Delaware 2017–2023), Treasurer 2018–2023, Sector Chief for Financial Services 2015–2023.
ISC2 Delaware Chapter — President 2021–2025, Membership Chair 2019–2021.
MITRE AI Common Weakness Enumeration (CWE) working group — participant, CWE-1426.
Cyber Finance Working Group (CFWG) — Executive Partnership for Integrated Collaboration with the FBI Washington Field Office, 2020+.
FBI Citizen's Academy — class of 2006.
University of Washington — Information Assurance certificate program advisory board, 2005–present.
University of Washington — Information Systems Security certificate program advisory board, 2006–present.
University of Washington — IT Audit certificate program advisory board, 2012–2014.
HoneyNet Project, Pacific Northwest Chapter — member, 2012–present.
Richard Hugo House — board member, 2005–2010.
Dept. of Homeland Security — Northwest Warning, Alert & Response Network advisory board, 2002–2004.
US Secret Service, Seattle Electronic Crimes Task Force — consultant, 2000–2004.
Washington Software Alliance Security SIG — speaker and participant, 2000–2004.
Web Application Security Consortium — contributing author.
Society of Information Risk Analysts — professional member.
OWASP Mobile Top Ten 2015 — reviewer.

Education

B.A., Liberal Studies — Information Technology, University of Hawaii, 1990.
Certificate in Data Communications, University of Washington, 1999.

Certifications

Certified Information Systems Security Professional (CISSP) 2008+
AI Governance Professional 2025+
AWS Certified Solutions Architect, Associate 2016
GIAC Law of Data Security & Investigations (GLEG) 2015
ISO 27001 Lead Auditor, International Register of Certificated Auditors 2006
Novell Certified IntraNetware Administrator 1998
Cisco Certified Network Associate 1998
Microsoft Certified Systems Engineer 1997
Certified Computing Professional in Systems Management 1992

Beyond Security

The other half of a polymath's CV.

Creator and artist, Heidi, Geek Girl Detective — webcomic and ebook.
Literary producer, Scavenging the Future — Richard Hugo House & the Science Fiction Museum, 2005.
Published game designer — "START Arcade: Three Games in One," STart Magazine, 1989.
Security blogger at assumebreach.blogspot.com.