Nvidia Sunnyvale
Devashri Datta
Technical Program Manager – Open Source Security, Compliance & Software Supply-Chain Governance
Devashri Datta Senior Technical Program Manager – Open Source Security, Compliance & Software Supply-Chain Governance Sunnyvale, California | [email protected] | 469-237-9310 | www.linkedin.com/in/devashri-datta-522b364b
Professional Summary
Executive Summary
Cybersecurity and Open Source software governance leader with 14+ years of experience establishing enterprise secure product and software
Core Competencies
• Cybersecurity Governance & Risk (NIST 800n53, FedRAMP readiness, ISO 27001,SOC2)
• Software Supply Chain Security (SBOM governance, SPDX/CycloneDX, OSS-Third Party notices report)
• DevSecOps Workflows and governance.
• Secure PLC / Secure SDLC implementations.
• Security Metrix and dashboard.
Work Experience
NVIDIA – Sunnyvale, CA Senior Technical Program Manager – Open Source Security & Compliance | 2023–Present
· FedRAMP Readiness for NVIDIA AI platforms enabled adoption by U.S. government agencies requirements to cater US federal government clients.
· SBOM reports in Cyclone DX/SPDX formats to Nvidia automotive industry clients to fulfill U.S. Executive Order 14028 before product launch.
· 100% Phase‑1 coverage, standardized enterprise-wide SBOM generation.
· Phase-2 , automate the SBOM generation through use of AI and LLM.
· Defined enterprise OSS security standards and governance processes, integrating open-source risk management into global engineering workflows.
· Collaborated with Open Source tools like Synopsys (Palamida/CodeInsight) and BlackDuck improving Binary Scan and vulnerability-remediation response by 30% and reducing manual inventory effort by 60%.
· Developed Security PLC OSS Playbooks, release readiness procedures, Binary Scan implementations reducing manual effort by ~60% .
· Audit & Review Third Party Notices report to detect Copyright and License limitations
· Nvidia GitHub-First Playbook to develop public-by-default mindset across all stages of PLC - planning, development, and maintenance improvements.
· Open-Source Awareness & tools knowledge to product team.
· Organized FOSS funds from Nvidia to help OSS projects teams.
Impact: -
· 100% SBOM coverage for Phase‑1 projects; 60% reduction in manual effort.
· 50% improvement in AI deployment speed and stability; processes adopted across engineering teams and incorporated into operational client delivery.
· 100% Open-Source Awareness among teams
Senior Security Technical Program Manager, Pure Storage
Mountain View, CA | Dec 2021 – Jul 2023
· Led security governance across Engineering, GRC, Legal, IT, and Product teams, strengthening enterprise-wide security posture and maturity.
· Built and executed security policies, controls, and the DevSecOps 6‑Point Maturity Program for Digital Experience team, improving secure‑by‑design adoption across product engineering.
· Developed security metrics dashboards (Power BI/Tableau) and automated reporting pipelines, elevating executive visibility into risk, compliance, and vulnerabilities.
· Strengthened security maturity and DevSecOps adoption across product engineering and GRC through governance, automation, and audit readiness programs.
· Directed STRIDE threat modeling, vulnerability lifecycle governance, PenTest operations, and CVSS‑based risk scoring.
· Oversaw SOC 1, SOC 2, and ISO 27001 audit readiness and automated evidence workflows, improving audit efficiency.
· Facilitate Security Awareness & Training to product /engineering team through Secure Code Warrior
Cisco Systems – Various Locations Senior Program Manager – Security Metrics & Governance | 2013–2021
· Designed and led starting from feasibility analysis , gap analysis, risk analysis and developed Unified Security Metrics (USM) Dashboard for Executive and IT team to show the security posture in Cisco
· Enhanced to real time Next-Gen USM frameworks for enterprise-wide cybersecurity risk management. Operationalized security dashboards and executive reporting, enabling leadership-level decision-making and risk prioritization. Both USM and NG-USM supported security governance across global engineering and infrastructure organizations, enabling consistent executive-level risk visibility.
· Cisco Security Conference (SecCon) presenter and booth setup for Seurity metrics.
· Conduct meetings with all department executives to review and improvise Security status and propose necessary changes.
· Security Awareness & Training to IT , engineering teams.
· Implemented NIST-aligned governance controls Likelihood Vs Impact Risk rating framework improving audit readiness, and lowering operational risk.
· Streamline vulnerabilities by reporting and mitigate security risk.
· Organized & presented in Cisco women for cybersecurity.
Publications & Peer Reviews: -
· Conducted expert technical and security review of “DevSecOps on Static and Dynamic Code Scanning” — Pure Storage (Feb 2024)
· Reviewed “How to Implement Threat Modeling in Your DevSecOps Process” — Pure Storage
· Reviewed “Next‑Generation Unified Security Metrics” — Cisco Trust Center (May 2019)
· Reviewed “Unified Security Metrics” — Cisco Trust Center (Apr 2016)
· Reviewed NVIDIA SBOM Methodology — NVIDIA (2025)
· Enterprise SBOM Governance at Scale: Lessons from AI & Automotive — Published by IEEE, 2026.
· Enterprise SBOM Governance at Scale: Lessons from AI & Automotive — Released as a CC0 public‑domain whitepaper, enabling unrestricted reuse and industry‑wide adoption (2026).
Awards & Recognition –
· Gold Award — Unified Security Metrics (USM), RSA Conference (2016)
Lead contributor to Cisco’s enterprise-wide USM security metrics framework recognized as a top global cybersecurity innovation.
· Technical Content Contributor — RSA Conference Presentation on Unified Security Metrics (2014).Provided core metrics and governance content for the USM framework showcased at RSA.
· CSO40 Award — Unified Security Metrics Program, CSO Magazine (2014)
Honored for outstanding achievement in enterprise security governance through contributions to Cisco’s USM program.
Conference Presentations, Volunteering
· Cisco SecCon Security Conference (India & USA), Presenter (2014–2019)
· NVIDIA AI & Security Conference (USA GTC 2025), Volunteering
· RSA Conference (Security Metrics Presentations), 2014,2016
Professional Memberships –
· Open‑Source Program Office (OSPO) Network – NVIDIA
Active contributor supporting open‑source governance and compliance initiatives.
· OWASP Bay Area Chapter
Community participant engaged in secure‑coding and application‑security best‑practices forums.
· Women in Cybersecurity (WiCyS)
Member and participant in professional development and cybersecurity community activities.
Professional Community Participation (Non‑Member / Open‑Access)-
· IEEE – Community Participant
Engages informally with publicly accessible IEEE cybersecurity and engineering discussions, webinars, and knowledge‑sharing activities.
· The Linux Foundation – Open Source & Security Community Participant
Participates in publicly accessible Linux Foundation and OpenSSF Slack channels focused on open‑source security, SBOM practices, software supply‑chain risk, and OSS governance discussions.
· SSRN (Social Science Research Network) – Public Research Contributor
Shares and accesses publicly available research on cybersecurity and governance topics through SSRN’s open research platform.
· ACM (Association for Computing Machinery) – Community Account Holder & Participant
Holds a free ACM account and participates in publicly accessible ACM webinars, newsletters, and computing‑community discussions related to cybersecurity and software engineering.
Certifications –
· Learning Cloud Computing: Cloud Security
· Certified Scrum Master (CSM)
· Certified Scrum Product Owner (CSPO)
· Gen AI: Beyond the Chatbot
· CISM- Certified Information Security Manager(Coursera)
· Johns Hopkins University – Advanced Academic Programs (AAP)
Professional Certificate: Data Science
Education –
· Master of Business Administration (MBA)