Sunila Menon

As a leader overseeing a global product team at PayPal, I provide strategic direction and mentorship to a team of dedicated product managers who are extremely talented, passionate and hold a high bar for delivery excellence and end-to-end experience. Together, we deliver an exceptional suite of security products and platforms spanning Access Management, Application Security, Data Protection, Cryptography, and Threat Management Domains. Operating both on cloud and on-premises at scale, our focus is on ensuring seamless user and employee experiences with minimal friction.

Key Initiatives & Outcomes

• In the current role , successfully established a high-performing global product team specializing in Enterprise Cyber Security Products and Services for PayPal's internet payment infrastructure . Emphasized development of user-friendly products with minimal friction, effectively mitigating risks , always keeping in mind security and safety of the company and our customers. Below were the main areas of team responsibilities :
• Product Delivery Excellence for a 150+ member engineering organisation : Define , Build and Launch
• Developing 6 Pagers based on top down OKRs ( What and the Why aspects ) , defining product roadmaps optimizing for outcomes , success metrics and measurement for products ,managing intake and product backlog , driving prioritization , product adoption , creating go to market materials like product playbooks for field enablement activities working closely with cross functional teams across Engineering ,Customer Success , Business Leaders , Operations ,Marketing , Program Management , Office of the CISO , Cyber Threat Management function , Legal , Privacy , Sourcing teams at PayPal.
• Performing Problem Discovery , Creating User Journey Maps , Documenting Use Cases , Being Voice of the Customer , Gathering customer feedback , Industry and Threat Research are all incorporated into the organisational OKRs and priorities.
• Driving Vision and Strategy for In-house Products mainly - Next Gen Threat Management Platform , Key Management Systems , Identity and Access Management , Security Data Lake , Security Automation and Orchestration , Security Decision Engine systems.
• Participation in Agile Ceremonies , Prioritization of product capabilities for Yearly and Quarterly Planning Cycles , Planning Releases and Go Live Dates.
• Engage closely with Security Architecture , Engineering and Threat Modelling teams to help define target state for each of the domains such as getting to Zero Trust , Supply Chain Security , Customer Login Security , Shift Left , Inbound and Outbound Traffic security , Crypto Agility.
• Ideated and brought new products and capabilities to reduce friction caused by security controls
• Leading Build Vs Buy , Design Partnerships , Product Evaluations , Driving Proof of Concepts & Product selection across all the 5 security domains. This activity needs strong collaboration working very closely with a large team of internal and external stakeholders such as product vendors ,industry researchers , analysts teams like Gartner , Forrester and customers of the vendor products .Recent wins were closing out product evaluation and selection of products for Certificate lifecycle Management , Secrets Vault , EDR , Data Loss Prevention , Secret Scanning , SAST /DAST , Container Scanning , CSPM , Bot Detection , Egress Proxy , Identity and Access Management . The team also constantly looks for opportunities for consolidation moving to a platform approach and have shown great outcomes by reducing OPEX greatly last year.
• As the Head of the Product team , created position based organisational strategy , developed individual coaching plans , at the beginning of the year set OKRs that promoted a results-oriented culture within the team and is evident in the impact created by the product team in several areas like API Security , Product Security , Data Protection, Cryptography and Threat Management. Also helped align the product team's efforts with the overall goals and objectives of the organization. Also Focused on Product Management Process Maturity such as improving quality of roadmaps and artifacts.
• Hiring and Building the team , apart from hiring talent from outside , promoted Internal Mobility Established a Talent Pipeline through Product Apprenticeship for supporting, guiding, and shaping the future of aspiring Product Managers Created curated coaching plan for internal product management , have a proven track record of mentoring and coaching several individuals within the organization, leading to tangible outcomes , with a select few successfully transitioning into Product Management roles, thereby creating a valuable pipeline of candidates .Apart from internal mobility , I have also taken the initiative to lead intern hiring from Universities across India, extending my guidance not only from a product standpoint but also in terms of developing their overall skills, behavioural acumen, and business expertise , again most of them seamlessly transitioned into full-time employment in various disciplines.
• Additional responsibilities included serving as India Site lead for the Cyber Security Organization ( ~ 80 Full time Employees ) responsible for driving engagement , hiring and product delivery. Been instrumental in increasing overall engagement for teams creating opportunities to interact in meaningful ways, outside of regular meetings or presentations Fun activities that help people see each other in a different light allow them to connect in a different setting . There is greater bonding and belongingness seen this year due to these activities. Teams were seen helping each other not only at work but also when there were difficult personal situations.

• Before taking over the head of product role at PayPal , as a Lead Product I was responsible for
• Driving vision and strategy for products in the Threat Management Portfolio mainly Bot Mitigation and Fraud Detection Products enhancing trust with 350M+ customers and 30M+ merchants across multiple markets and regions. The primary objective was to make sure that only humans enter the ecosystem while stopping malicious bots at the edge with the below outcomes.
• Drove down Account Take Overs , fraudulent unauthorizes account access , synthetic account creation attempts by Integration of best of the breed advanced fraud detection technology solutions such as Google ReCaptcha , Hcaptcha , Arkose with inhouse next generation edge protection platform capable of processing billions of requests per day. Major outcomes were reduction in customer password resets ,drastic reduction in captcha shown to good users improving end user experience , prevention of 2.5M ATO events , and incremental business impact 190M in revenue through churn prevention and 7.5M loss prevention.
• Product Innovation : Proposed the concept of dynamic attack mitigation capabilities making it hard for attackers to break in . The release of this capability provided greater resiliency and flexibility that allows for experimentation to help thwart different type of attacks based on flows and complexities.
• Defined KPIS to measure effectiveness of these solutions such as total prevented password resets with tighter controls upstream , prevented ATO attacks , Catch Rate , FPRs and GUDR ( Good User Decline Rates)
• Collaborated with Identity and Risk Platforms to create Account Protection Funnel View to create a more proactive ATO Mitigation by identifying and understanding leakage at each layer ,proactively identifying abnormality in upstream layers by figuring out early warning indicators such as JA3 concentration , sophisticated fraud attack from different angles. This also led to creation of integrated analytics and feedback mechanism that greatly brought down the pressure to login and risk systems.
• Spearheaded the transformation of the next generation abuse prevention platform from on prem to cloud to support heterogenous / hybrid cloud environment to support business growth and scale.
• Led Transformation and Modernisation of security automation and orchestration product from legacy mulesoft platform to inhouse developed SOAR platform to be able to scale and process messages for autoblocks in real time at the edge network, enable faster incident response , support IAM automation as a few examples . Major outcomes driven here were delivering out of the box integrations for 40+ services , ability to auto block 1M + reputation based feeds to edge devices to stop DDOS and Malicious Bots decreasing the mean time to mitigate attacks.
• Drove release of Security Decision Engine with Risk Scoring from Product Inception to Launch to enable zero trust capabilities backed by AI/ML models.

RSA Security - Experience Summary

· Lead Product Manager responsible for RSA Netwitness Advanced Threat Detection Platform focusing on Endpoint Security Solutions.

· Experienced and passionate about leading and collaborating with multiple cross functional scrum teams to deliver products that solves big customer problems with simplified user experience

· Strong Decision making skills , and capabilities in Enterprise Security Domain and technical concepts

· Good knowledge of SDLC & Agile Methodology , Security Testing Processes , worked as Principal Quality Engineer in the first few years at RSA

Achievements

· Transformation of Legacy RSA Endpoint Product into an updated new enhanced product backed with latest technology , new user workflows , improved threat detection & superior performance

· RSA RED Challenge Contest Winner – Developing a Prototype of Advanced Threat Detection Use Case using a story board ( with 6 other members). This idea is productized into one of our solutions.

· Have Won several Champion Awards for key contributions to releases

Key Responsibilities

• Security Operations Engineering:

• Led research, solutioning, and development of integrated platforms for cost-effective management of security operations in an as-a-service model.

• Integrated and evaluated diverse security tools within Wipro's Security Framework to deliver seamless services.

• Conducted Proof of Concepts, provided technical inputs for RFPs, and supported presales in developing solution designs.

• Established lab environments for customer demos, conducted technical workshops, and assisted project teams in operations.

• Developed custom rules and report definitions for Global Security Operations Center (SOC) customers.

2. Security Architect - SIEM Implementation:

• Designed and implemented a Security Information and Event Management (SIEM) solution for a global credit card services leader.

• Prepared detailed Solution Design for PCI and security log monitoring.

• Developed questionnaires to gather information for solution design, engaged with customer teams to assess infrastructure and process requirements.

• Conducted meetings with platform owners and stakeholders to collect host distribution and configuration details.

• Mapped PCI compliance requirements to technical controls in SIEM and documented the collated information.

• Collaborated with Customer’s Enterprise Architecture Team to finalize the Solution Design.

• Prepared the Global Solution Rollout plan and defined timelines for implementation.

Expertise in a comprehensive array of security tools and technologies including:

• Security Information and Event Management (SIEM): ArcSight, RSA Envision, Novell Sentinel, LogLogic

• Database Security: Guardium

• Firewall Compliance and Risk Lifecycle Management: Skybox

• Vulnerability Assessment: Qualys

• Endpoint Security: McAfee TOPS

• Intrusion Detection and Prevention (IDS/IPS): McAfee IntruShield

• DDoS Prevention and Mitigation: IntruGuard

• Network Behavior Anomaly: Trend Micro Deep Security and Threat Mitigation