I've spent over a decade building governance, risk, and compliance functions inside companies moving too fast for traditional GRC to keep up, starting in life sciences regulatory compliance and growing into AI-native technology risk.

The throughline is Box, where over six years I built the Risk and Resilience function from a single headcount into an integrated program spanning technology risk, enterprise risk, and resilience, embedded risk into how engineering and product actually planned, stood up quantitative risk modeling the audit committee came to rely on, and led the company through crises like log4j.

I took what I learned at Box into senior second-line mandates at Netflix and Coinbase, both of which ended in role eliminations, Netflix as a security sub-pillar, Coinbase in a company-wide flattening.

What stayed constant across all three was the work: turning a second line from a bottleneck into the function the business turns to for its hardest decisions.