LEONARD JOHNSON

• Led cross-functional response efforts for over 100 cybersecurity incidents annually, including third-party breaches, insider threats, and cloud misconfigurations, resulting in a 40% reduction in time-to-containment (TTC) for critical incidents over 12 months.
• Spearheaded the development and standardization of over a dozen incident response playbooks (e.g., APTs, identity compromise, code exposure), increasing team response consistency and reducing triage ambiguity by 60% during high-severity events.
• Designed and implemented a root cause analysis (RCA) framework using Cause Mapping® and integrated it into the organization's Correction of Error (COE) workflow, leading to a 30% increase in actionable post-incident learnings and enhanced executive reporting.
• Partnered with Legal, BCDR, and Threat Intelligence teams to streamline incident classification thresholds and escalation paths, which resulted in 15% faster decision-making during potential crisis events and clearer executive communication.
• Drove automation improvements in the incident management lifecycle by defining requirements for Slack-based alerting and Google SecOps integrations, enabling near-real-time notifications and reducing mean-time-to-awareness (MTTA) by 35%.
• Facilitated 10+ tabletop exercises annually across GEICO’s critical application landscape, including scenarios involving insider threats and physical security incidents. These exercises uncovered major gaps in contingency planning and forensic capabilities, which informed prioritized remediation efforts and improved readiness across 5 key business units.

• Spearheaded risk assessment and intelligence initiatives within the Trust and Safety department, leveraging expertise in threat detection and mitigation strategies.
• Conducted end-to-end investigations on complex topics such as financial scams, negative ad usage, and child safety (including exploitation of minors and human tracking) across Meta's family of apps, identifying intelligence gaps, validating controls, and determining risk mitigation solutions.
• Utilize advanced analytical tools (SQL) and methodologies to gather, analyze, and interpret data for the identification of emerging threats and patterns of malicious behavior.
• Collaborate closely with cross-functional teams including engineering, legal, and product management to develop proactive measures and policy enhancements to mitigate risks to the platform and its users.
• Lead the development and implementation of automated systems and processes for monitoring, detecting, and responding to potential security threats and abusive behaviors.
• Synthesized investigative findings into reports and presentations for executive leadership to mature key relations between Global Risk Operations and other Meta organizations.
• Liaison with law enforcement agencies, industry partners, and external stakeholders to share intelligence, coordinate investigations, and support legal proceedings when necessary.
• Led the Development of Risk Measurement framework to quantify risks, prioritize remediation, and support Meta's Compliance Report for the EU's Digital Services Act,

GDPR, SOC 2, and PCI-DDS.

• Collaborate with internal legal counsel to ensure investigations comply with applicable laws, regulations, and privacy standards.
• Stay abreast of industry trends, emerging threats, and best practices in trust and safety, contributing insights and recommendations to inform strategic decision-making.

• Led a 40-member Intelligence team, utilizing advanced investigative techniques reminiscent of law enforcement practices to address insider threats, culminating in a notable 35% reduction in open investigations and enhanced operational efficiency.
• Conducted comprehensive Risk Intelligence assessments and crafted tailored training programs to impart cybersecurity best practices to employees, fostering heightened awareness and proactively mitigating insider threats.
• Applied Intelligence methodologies, including proactive collection of information from open-source intelligence (OSINT), to bolster the team's capacity to identify and neutralize potential insider threats.
• Championed Incident Response initiatives, orchestrating rapid and effective resolution through proactive collaboration with cross-functional teams and advanced detection processes, ensuring a swift and comprehensive approach to mitigating both digital and physical security incidents.
• Provided expert leadership in post-incident analysis and remediation efforts, leveraging law enforcement investigative methodologies such as forensic analysis, witness interviews, and evidence preservation.
• Conducted extensive interviews and executed precise evidence collection procedures per law enforcement standards, ensuring the integrity and admissibility of evidence for effective prosecution in collections cases.

• Led a team of junior analysts in conducting end-to-end investigations of fraud incidents within the education sector, ensuring adherence to regulatory requirements and ethical standards.
• Utilized advanced data analysis techniques and fraud detection algorithms to identify patterns and anomalies indicative of fraudulent activities, enhancing fraud detection accuracy and efficiency.
• Prepared detailed investigative reports and recommendations for disciplinary action or legal proceedings, ensuring thorough documentation and adherence to due process.