• Oversee the entire product lifecycle, from roadmap development to go-to-market strategy, ensuring all deliverables meet high standards of quality and impact. • Apply your deep understanding of cybersecurity to design practical use cases that address key risks such as data retention and sensitive information accumulation. • Engage directly with customers to understand their security challenges, refine use cases, and ensure the platform meets their specific needs. • Collaborate with cross-functional teams to integrate use cases into Qostodian, ensuring they provide actionable insights and tangible risk reduction. • Utilize tools like ChatGPT to streamline the creation of detailed product requirements, reducing time spent on brainstorming and documentation while maintaining high accuracy. • Create user guides, release notes, and technical specifications while ensuring robust QA processes for reliable product performance. • Work closely with engineering, marketing, and sales teams to ensure the successful deployment of product features and their adoption by customers. • Define and monitor KPIs related to risk reduction and feature impact, using these insights to guide product iterations and improvements.

• Develop an information security vision and strategy that is aligned to organizational priorities. • Participate in strategic and operational governance processes. • Manage the information security management system. • Lead strategic information security planning to achieve business goals by prioritizing initiatives and coordinating the evaluation, deployment, and management of current and future technologies using a risk-based assessment methodology. • Provide regular reporting on the current status of the information security program to a variety of audiences including senior management. • Develop, implement, maintain, and oversee enforcement of policies, procedures, and associated plans for system security administration and user system access based on industry-standard best practices and regulatory requirements. • Manage the budget for the information security function, monitoring and reporting discrepancies. • Manage the information security organization, including hiring, development, retention and performance management. • Define and communicate plans, procedures, policies, and standards for the organization for acquiring, implementing, and operating new security systems, equipment, software, and other technologies. • Participate in feasibility studies and conduct risk assessments for software and systems under consideration for purchase and make recommendations. • Ensure that any new software and integration into company systems meet security requirements. • Act as advocate and primary liaison for the company’s information security vision via regular communications with the senior leadership, department heads, and employees. • Create a risk-based process for the assessment and mitigation of any information security risk in the ecosystem consisting of supply chain partners, vendors, consumers and any other third parties. • Work closely with the technology and product departments on corporate technology development to fully secure information, computer, network, and processing systems. • Develop, track, and control the security services annual operating and capital budgets for purchasing, staffing, and operations. • Recommend and implement changes in security policies and practices in accordance with changes in local or federal law. • Manage and contain information security incidents and events to protect corporate IT assets, intellectual property, regulated data and the company’s reputation. • Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action. • Develop and oversee effective disaster recovery policies and standards to align with the enterprise business continuity management program goals. • Coordinates the development of implementation of incident response plans and procedures to ensure that business-critical services are recovered in the event of a security event; provides direction, support and in-house consulting in these areas. • Facilitate and support the development of asset inventories. • Promote and oversee strategic security relationships between internal resources and external entities, including vendors, and partner organizations. • Remain informed on trends and issues in cybersecurity, including current and emerging technologies and threats. Advise, counsel, and educate executive and management teams on their relative importance and organizational impact.

• Improve the security properties of Tailscale by identifying opportunities for security and privacy features, bug fixes, and defense-in-depth, and implementing them across our codebase. • Audit Tailscale features for technical security weaknesses, identifying mitigations or solutions, and driving them towards resolution. • Support engineering decisions with threat modeling and security analysis and expertise. • You will spend at least 50% of your time in this role writing software vs purely operational or governance security responsibilities.

• Improve the security properties of Tailscale by identifying opportunities for security and privacy features, bug fixes, and defense-in-depth, and implementing them across our codebase. • Audit Tailscale features for technical security weaknesses, identifying mitigations or solutions, and driving them towards resolution. • Support engineering decisions with threat modeling and security analysis and expertise. • You will spend at least 50% of your time in this role writing software vs purely operational or governance security responsibilities.