Jon Debonis

Information Security



BS Electrical Engineering – UC Davis









BSides SF – Presented on Peer code review in github

FinTech – Panel on Information security after Equifax

AppSec – Presented talk on Crypto anchors

AppSec – Presented paper on using chromebooks to protect production

MBA Tech – Moderated panel on Security and SaaS



Obtained an FAA Pilots License

Graduated High School two years early

Worked through college

Operated a home town computer repair service with clients including the local paper, and Nielsen Media

Spent three months traveling Europe for $50 per day

Ran the concert production & audio/visual for rock bands in >1,000 person congregations












Mountain biking in Lake Tahoe

Rock climbed an ascent to half dome (not the cables)

Woodworking including building a bed frame without screws, using hand tools.

Construction including kitchen remodel, framing, landscaping, electrical, plumbing, and full house preparation for sale.

Automotive - Rebuilt the head (top of engine with valves and camshaft) on my Toyota truck..



Head of Information Security & IT / CSO                    Blend


As head of information security, my responsibilities included structuring, building, and leading the security organization. Being a startup, ruthless prioritization was required with an initial focus on protecting customer data and core product and operational security. The team consists of these five departments:
Security Operations handle dev-ops work, log tooling, and incident response.
Program Management handle follow through on critical mulit-team projects, and ensure tasks are tracked and completed across the entire organization.
Security Policy handle internal training, internal audit, customer RFI, customer audit, certification audits, and vendor due diligence and management.
Security Development build software for the core product, internal tools, and walks developers through the threat modeling process to make sure all code is secure.
IT handles all non-production technology needs for Blend.

-              Planned the teams to scale as the company grew from 20 to 450 employees, 200 enterprise customers, and processing $2 billion in loans daily.

-              Hire, define roles and responsibilities, manage performance, and coach over 30 employees on multiple teams in my organization.

-              Built processes to continually assess risk and increase security efficiency at Blend.

-              Reported to the CEO and fostered positive relationships with and negotiated alignment with the head of legal, the head of finance, and head of Engineering, head of people operations, and the CEO.

-              Balanced the need to reduce engineer friction with better security by leading internal tool product management to build tools that make security simple.

-              Rewrote the open source project in ReactJS to add passphrase feature, and deployed the technology for all sensitive information sharing at Blend.

-              Brought Blend through ISO 27001, PCI, and SOC 2 Type 2 certifications and multiple customer on site audits.

-              Aligned closely with the head of infrastructure as it’s critical to security.


Member of the Technical Steering Committee     SPIFFE


SPIFFE is an open source standard (IETF candidate) and implementation for cryptographically secure, authenticated, server to server communication.

-              One of 3 people invited to the Technical Steering Committee

-              Own the Amazon Web Services attestation integration group resulting in code used in the AWS attester

-              Helped launch and define the open source project

Head of API Development and Infrastructure            Trov


-              Hired and developed employees

-              Defined the architecture for a global HA mobile application service

-              Lead the team of seven backend developers who built the API that powers the next generation of per-item insurance

-              Developed specs for iPhone and insurance integration APIs

-              Designed the authentication and authorization architecture

-              Built out secure development lifecycle and performed security code reviews

-              Setup the ISO 27001 certification program and got Trov certified

Engineering                                                                           Google


-              Increased the support team’s efficiency by writing a frontend to the salesforce email, ticket, and notes objects combining the support history into an easy to digest single view. Still in use today backing the google apps support teams.

-              Worked with on a project on renewable energy with the goal of eliminating inefficient generation stations by reducing grid load during peak usage periods.

-              Reduced high latency communications problem affecting 25% of all requests to google by identifying a long-standing bug in the global DNS system responsible for choosing the servers closest to the users.

Network Security Manager                  Kaiser Permanente


-              Developed a python tool to automate scheduling and tracking the remediation efforts required to locate and disable wireless access points connected to the production network. This tool eliminated head count requirements.

-              Identified and stopped data exfiltration attempts by analyzing all outbound network traffic and building models to categorize health care critical traffic and non-critical traffic.

-              Ran the network security team of eight.

Developer and Network Engineer         Wells Fargo Bank


-              Eliminated 5 head count by automating a complex network reconfiguration project across 7000 branches. This was achieved because I built a perl tool to connect to the network management database, ingest an excel spreadsheet, and execute a series of complicated network connections to change IP addresses, update routing protocols, and migrate to new frame relay circuits. We could update 100 devices in 5 minutes that required 750 different connections with one employee.


Other Work Experience

2003 -2007 – Completed electrical engineering degree from UC Davis

2005-2007 – Semphonic – Security Engineer Contract

2004-2005 – Wells Fargo Bank – Developer & Network Engineer

2003-2004 – Healthnet – Network Security

2002-2003 – Northpoint – Network Engineer

2001-2002 – Bankserv – IT and Network

2000-2001 – AMS – IT and Network

1998-2000 – C&D Computers – IT and Network

1996-1998 – ABC Music – Electronics and Audio Video Technician