Cody Keller
About

Cody Keller

CISSP  ·  CISM  ·  CRISC Candidate  ·  Published Author

Information security leader with 10 years aligning technical security operations with business strategy. I build compliance programs that pass audits, enable revenue, and hold up under scrutiny — not checkbox exercises.

GRC & Compliance AI Governance SecOps SOC 2 · SOX · CJIS · HIPAA
Advisory Services Connect on LinkedIn GitHub
Experience

10 Years Building Security Programs

Senior Information Security Analyst September 2024 – Present
SoundThinking, Inc. (SSTI, Nasdaq) — Fremont, CA
  • Directs the end-to-end compliance lifecycle for SOC 2 Type 2, HIPAA, CJIS, TX-RAMP, and SOX across a $400M+ public company. Authored the SOX ITGC compliance operations standards, consolidating IAM, Change Control, and Disaster Recovery into a unified playbook.
  • Accelerated sales deals by creating public-facing security whitepapers and a Security Trust webpage. Reduced customer questionnaire response time from 2 weeks to 3 days using master templates and AI agents.
  • Modernized Third-Party Risk Management by shifting from manual questionnaires to a NIST 800-53 baseline approach, reducing vendor review turnaround by ~50%.
  • Spearheaded enterprise AI governance: authored the corporate Acceptable AI Use Policy (ISO/IEC 42001 reference), deployed AI Best Practice training to 350+ employees, implemented DLP controls for shadow AI detection, and drove the transition to secure enterprise AI models including Claude Enterprise and GitHub Copilot Enterprise.
Information Security Analyst May 2021 – August 2024
SoundThinking, Inc. (SSTI, Nasdaq) — Fremont, CA
  • Led the company through its inaugural SOC 2 Type 2 audit — achieving 100% control compliance with zero exceptions across 3 products (now 5). Built the control assessment, gap remediation, and audit fieldwork processes from the ground up.
  • Deployed and managed the enterprise security stack via MDM (Jamf and Intune), including EDR, SIEM, and DLP. Transformed incident response from ad-hoc to a mature, procedural discipline.
  • Drove 100% onboarding security training completion by automating workflows with HR. Led the "Shared Security Responsibility" culture through tabletop exercises and company-wide presentations.
Information Security Analyst February 2016 – May 2021
Edgewood Insurance Brokers and Consultants — Concord, CA
  • Owned the vulnerability management program — implemented an automated patch strategy that resolved critical/high vulnerabilities across 3,500+ endpoints within 30 days of initial deployment.
  • Delivered weekly threat intelligence briefings to 30+ stakeholders including executives, IT, and M&A teams, enabling proactive risk mitigation.
  • Managed the internal phishing simulation program (KnowBe4) and employee security training curriculum.
Open Source & Projects

Built in the Field, Shared Publicly

Guardian AI — Threat Intelligence Agent
Automated threat agent that aggregates CISA/NIST feeds and uses GenAI to map critical vulnerabilities to internal assets, reducing manual triage noise.
AI Vendor Response Agent
RAG-based tool that ingests historical audit artifacts (SOC 2, SIG) to autonomously draft responses to incoming vendor security questionnaires.
Breach Notification Engine
Logic engine that calculates mandatory legal notification deadlines for GDPR, HIPAA, and SEC regulations based on incident severity metrics.

All projects available at github.com/codyjkeller

Certifications

Credentials

CISSP — Certified Information Systems Security Professional
(ISC)² · Credential ID: 797229
CISM — Certified Information Security Manager
ISACA · Credential ID: 1390053
CRISC — Certified in Risk and Information Systems Control
ISACA · Testing April 2026
CompTIA Security+
CompTIA · Credential ID: COMP001020948034
Core Competencies

Technical & Domain Expertise

GRC & Compliance

SOC 2 Type 2 SOX ITGC HIPAA CJIS TX-RAMP TPRM Audit Management

GovTech & Frameworks

NIST 800-53 ISO/IEC 42001 GovRamp FedRAMP Readiness

AI Governance

Responsible AI LLM Agents RAG Architecture DLP / Shadow AI Prompt Engineering

Security Operations

SIEM / EDR Jamf Pro Intune Qualys Incident Response Business Continuity
Education

Academic Background

Bachelor of Science — Business Administration, Management
California State University, Chico
May 2013