About Mark

Q: What is Mark Dorsi's current role? A: Mark Dorsi is the Chief Information Security Officer (CISO) at Netlify, where he leads enterprise-wide security, compliance, and IT initiatives. Q: What companies has Mark Dorsi worked for? A: Mark Dorsi has worked as CISO/Head of Security at Netlify (2022-present), HelloSign/Dropbox (2018-2021), Cloud Lending Inc (2017-2018), Qualys (2011-2017), iPass (2006-2011), and GoRemote (2000-2006). Q: What are Mark Dorsi's key achievements? A: Mark led HelloSign's security program enabling its acquisition by Dropbox, built critical infrastructure supporting Qualys' IPO, achieved 80% workforce adoption of passwordless authentication at Netlify in 6 weeks, and has helped multiple startups achieve successful exits through robust security programs. Q: What services does Mark Dorsi offer? A: Mark offers fractional CISO services, security advisory, coaching and mentoring, compliance consulting (SOC 2, HIPAA, ISO 27001), incident response training, and strategic investment through SVCI. Q: What is Mark Dorsi's educational background? A: Mark Dorsi holds a Bachelor's degree in Computer Science from Cal Poly San Luis Obispo (1997-2000) and an Associates degree from Allan Hancock College (1992-1997).

I am an accomplished executive and startup specialist with a proven track record of driving strategic transformation and delivering measurable business outcomes in high-growth technology organizations. As a thought leader, public speaker, trusted advisor, and mentor, I excel at aligning organizational objectives to spark innovation, scale rapidly, and accelerate growth. Known for mitigating risk while enabling scalability through advanced technologies, visionary strategies, and robust operational frameworks. Skilled at influencing executive decision-making, fostering cross-functional collaboration, and building resilient, future-focused teams. A results-driven leader with a demonstrated ability to distill complex challenges into actionable strategies, cultivating cultures rooted in trust, innovation, and long-term success.

Mark's Expertise

With extensive experience in cloud security, compliance, and cybersecurity leadership, Mark help's businesses implement robust security programs tailored to their unique needs. Mark specializes in:

Experience

CISO

Netlify

Mar 2022 – Present · San Francisco, California

As CISO at Netlify, I lead enterprise-wide security, compliance, fraud & abuse, and IT initiatives to protect infrastructure and customer data while enabling business growth. I oversee a high-performing team focused on risk management, detection and response, and compliance with PCI-DSS, HIPAA, ISO 27018, and SOC 2. By embedding security into infrastructure, systems, and customer-facing services, I ensure resilience and trust at scale. My leadership emphasizes measurable impact implementing programs in vulnerability management, secrets management, and fraud prevention transforming security into a business enabler that allows Netlify to innovate and expand with confidence.

vCISO

Crescendo.AI

June 2025 – Present · San Francisco, California

As the Virtual Chief Information Security Officer at Crescendo.AI, I established and led a security and compliance program tailored for an AI-driven environment. In this role, I developed frameworks supporting SOC 2, ISO 27001, and HIPAA readiness, while implementing policies for risk management, incident response, and responsible AI use. I worked closely with engineering and product teams to embed security into the development lifecycle and cloud infrastructure, ensuring scalable guardrails without slowing innovation. My efforts strengthened Crescendo.AI's security posture, safeguarded customer data, and built the trust required to support enterprise adoption and growth.

vCISO

EarnUp Inc.

December 2020 – Present · San Francisco, California

As the Virtual Chief Information Security Officer at EarnUp, I provided strategic leadership in developing and enforcing cybersecurity policies aligned with business objectives and regulatory requirements. I conducted risk assessments, built incident response strategies, and ensured compliance with industry standards such as SOC 2 and PCI. Collaborating closely with executive and technical teams, I embedded security into operations, fostered a culture of awareness, and enhanced the company's resilience against evolving cyber threats. My work protected sensitive financial data and strengthened client trust, enabling the business to scale securely.

Head of Infrastructure Security

Dropbox

Mar 2019 – Dec 2021 · San Francisco, California

As the Head of Infrastructure Security at Dropbox, I led security and infrastructure operations across both organizations. At HelloSign, I strengthened the security framework for digital transactions, driving compliance, risk management, and employee security awareness. At Dropbox, I oversaw infrastructure security for large-scale data environments, optimizing architectures and deploying advanced protections to reduce risk. This dual role allowed me to harmonize security initiatives across both platforms, ensuring the protection of sensitive data, regulatory compliance, and trust at scale.

Head of Security

HelloSign

Mar 2018 – Mar 2019 · San Francisco, California

As Head of Security at HelloSign, I led security operations spanning compliance, risk management, and vulnerability assessments. I implemented comprehensive policies and controls that strengthened the company's security infrastructure and safeguarded sensitive customer data. By embedding proactive threat management, regular monitoring, and employee training into daily operations, I built a resilient security culture that reduced risk and reinforced customer trust. These initiatives ensured HelloSign maintained a strong reputation for security and reliability in digital transactions.

Head of Information Security and Technology

Cloud Lending Inc.

May 2017 – Mar 2018 · San Mateo, California

As the Head of Security, Compliance, and Information Technology at Cloud Lending Inc., I led the strategic oversight of compliance, risk management, vulnerability assessments, and infrastructure initiatives. A key member of the CLS Leadership Team, I prioritized the protection of customer data above all else. I directed the development and enforcement of robust security controls, significantly reducing risk exposure and ensuring compliance with industry standards. My leadership was instrumental in consistently achieving zero medium and high severity vulnerabilities in external audits, as verified by third-party assessors. I also managed cross-functional teams in a dynamic environment to support large-scale SaaS and IaaS frameworks, enhancing operational efficiency and security posture.

Director of Infrastructure and Security

Qualys Inc.

May 2011 – May 2017 · Redwood Shores, California

As Director of Infrastructure and Security, I led compliance, risk management, vulnerability, patch management, and infrastructure initiatives. I implemented continuous security monitoring programs that consistently resulted in zero medium or high-severity vulnerabilities, validated by third-party assessments including SOC and FedRAMP. To support growth from under 1 million to over 3 billion scans annually, my team launched and managed 30 multi-tenant cloud deployments, transitioning from physical to virtual infrastructure and improving availability by two 9's. Through DevOps automation, we reduced cloud deployment times from 9 months to 3 days, cut planned downtime by 75%, and delivered multi-million dollar annual savings while accelerating time to market.

Information Security Officer

iPass Inc.

February 2006 – May 2011 · Redwood Shores, California

As Information Security Officer at iPass, I directed cross-departmental teams across Information Security, Systems, Database, and Network functions. I oversaw the design, implementation, and re-architecture of critical infrastructure, driving initiatives in virtualization, high availability, and disaster recovery to ensure resilience and reliability. By aligning technology and security strategies across departments, I improved operational efficiency and strengthened the organization's overall security posture. This role combined strategic leadership with hands-on technical oversight, resulting in greater system stability and trusted network operations.

Information Security Architect

GoRemote Inc.

November 2000 – February 2006 · Milpitas, California

As Information Security Architect at GoRemote, I led the Information Security, Systems, Database, and Network teams to enhance infrastructure through strategic design, re-architecture, and management. I drove initiatives in virtualization, high availability, and disaster recovery, ensuring system integrity and operational continuity across the network. By fostering cross-departmental collaboration and embedding security into core IT practices, I strengthened technological capabilities and improved resilience, positioning GoRemote as a secure and reliable provider in a competitive market.

Solutions Engineer

Globix

March 2000 – November 2000 · Milpitas, California

As a Solutions Engineer at Globix, I specialized in designing and administering large-scale systems across diverse environments. I collaborated with stakeholders to translate business requirements into optimized technical solutions that improved efficiency, performance, and scalability. My work delivered robust, adaptable systems that supported client growth and helped Globix maintain a competitive edge in a rapidly evolving technology landscape.

Education

Bachelor's Degree

Cal Poly San Luis Obispo

August 1997 – March 2000 · San Luis Obispo, California

Computer Science

Associates Degree

Allan Hancock College

August 1992 – May 1997 · Santa Maria, California

Chemistry, Physics, Engineering, Liberal Arts

Advisory & Board Positions

Strategic Advisor

Daxa.ai

2025 – Present · AI Security & Compliance

Providing strategic guidance on security architecture, compliance frameworks, and risk management for AI-driven platforms. Advising on secure development practices and regulatory readiness to support enterprise adoption and scaling.

Strategic Advisor

Dune Security

2024 – Present · Cybersecurity Solutions

Advising on product strategy, market positioning, and technical roadmap for innovative cybersecurity solutions. Contributing expertise in threat detection, incident response, and enterprise security program development.

Strategic Advisor

PensarAi.com

2024 – Present · AI & Machine Learning

Providing strategic counsel on AI security, ethical AI implementation, and compliance frameworks. Guiding the development of secure AI systems and advising on risk management for machine learning applications.

Member

SVCI (Silicon Valley CISO Investments)

August 2023 – Present · Strategic Investment & Advisory

Member of strategic investment firm focused on cybersecurity, AI, developer tools, and trust & transparency technologies. Providing capital and hands-on expertise to help startups scale securely and successfully. Contributing to investment decisions and offering strategic guidance on security architecture, compliance, and go-to-market strategies for portfolio companies.

Advisor

ICON (Israeli Silicon Valley Connection)

2022 – Present · Technology Leadership & Innovation

Advising Israeli startups within the ICON ecosystem to foster connections between Israeli and Silicon Valley technology markets. Contributing expertise in cybersecurity, enterprise technology, and startup scaling to support emerging companies in cross-border expansion. Mentoring portfolio companies on US market entry, security best practices, and growth strategies.