Diego Zamboni

CISO • Organizational Leader • Security Expert • Computer Scientist

Senior computer scientist, security expert and organizational leader with 30 years of experience across security governance, cloud security architecture, research and engineering. I combine strategic leadership, technical depth and clear communication to help organizations design secure systems, scale teams and deliver measurable outcomes.

Professional Highlights

Management and leadership, IT security, cloud computing

  • Chief Information Security Officer for Governance at Avaloq, defining and managing Avaloq's global ISO27001-certified Information Security Management System

  • Managed security architecture at the Stellantis Virtual Engineering Workbench project. Worked with Stellantis CISO and business stakeholders to define governance, establish security best practices and drive risk analysis, threat modeling and mitigation.

  • Established scalable and durable mechanisms to enable partners to work securely in the Volkswagen Digital Production Platform (DPP) program.

  • Managed security architecture, risk management, data governance and compliance (ISO27001, ISAE3402/3000, etc.) for Swisscom's Cloud platforms.

  • Established and led the Swisscom IT Clouds security community of practice.

  • Established and led the Health and State Management team at Swisscom to design, implement and operate a framework for scalable monitoring, logging and alerting for Swisscom's Cloud platforms.

  • Established and led the first computer security organization at UNAM, which has grown into the university's Information Security Coordination (UNAM-CERT).

  • Managed IT security customer relationships at HP Enterprise Services, including overseeing the activities of operational and engineering teams, risk and compliance management, requirements discussion and reporting.

Research, architecture and design

  • Designed the Orchard monitoring framework for Swisscom's Application Cloud platform, and led the team that implemented it and brought it into production.

  • Designed and implemented the Billy Goat malware capture and analysis system at IBM.

Experience

CISO Governance

– Present 2 yrs 2 mos
Switzerland

Lead Avaloq's global CISO Governance team and define and monitor the company's Information Security Management System.

  • Own security policy and governance direction.

  • Provide second-line oversight of first-line security functions.

  • Drive compliance monitoring and control effectiveness in a regulated fintech environment.

Global Security Architect / Senior Global Security Architect

2 yrs 4 mos
Switzerland

Worked with global AWS customers and internal teams to improve security posture, define secure architecture patterns and scale security awareness.

  • Led security architecture in the Stellantis Virtual Engineering Workbench program.

  • Established security workstreams, metrics and reporting for business and technical stakeholders.

  • Helped launch and scale Security Champions and Security Guardians initiatives.

  • Supported secure collaboration mechanisms for the Volkswagen Digital Production Platform.

Swisscom

7 yrs 2 mos
Enterprise Architect and IT Clouds Solution Security Architect
2 yrs 6 mos
Switzerland

Led security architecture, risk and compliance activities for Swisscom cloud platforms across multiple services.

  • Directed compliance and governance activities including ISO27001, ISAE3402/3000 and GDPR requirements.

  • Built and led a Security Champions community across IT Clouds teams.

  • Coordinated threat modeling, audits, penetration testing and vulnerability management.

Team Lead & Product Owner for Health & State Management
4 yrs 8 mos
Switzerland

Built and led the Health and State Management team for Swisscom cloud platforms.

  • Managed a team of up to 16 people.

  • Owned roadmap and prioritization with product managers and stakeholders.

  • Defined and delivered platform-wide monitoring, logging and alerting capabilities.

  • Led the Orchard project through its implementation, production release and further improvements and development.

Product Manager

2 yrs 8 mos
Norway/U.S.A. (remote)

  • CFEngine Advocate, with a special focus on security.

  • Managed the CFEngine language roadmap.

  • Created and led the CFEngine Design Center project, which was the foundation for the current CFEngine Build service.

  • Coordinated the work on CFEngine third-party integration (e.g. AWS EC2, VMware, Docker and OpenStack).

  • Wrote the book Learning CFEngine 3, published by O'Reilly Media, which became the de facto introductory text to CFEngine.

Research Staff Member

8 yrs
Switzerland

Member of IBM Zurich's Global Security Analysis Laboratory, working on intrusion detection, malware containment and virtualization security research.

Founder and lead of Computer Security Area

1 yr
Mexico

  • Established UNAM's Computer Security Area, the University's first team dedicated to computer security, which has evolved into the Information Security Coordination (UNAM-CERT).

  • Managed up to nine people working on different projects related to computer security.

  • Provided security services to the whole University, including incident response, security information, auditing and teaching.

Education

Certifications

See full list on Credly

Research

Billy Goat: Active worm detection and capture

IBM Research
6 yrs

  • Pioneered active worm-capture technology that became the foundation for modern honeypots and honeynets

  • Designed system to simulate thousands of vulnerable hosts to attract and capture propagating worms

  • Implemented automated analysis to extract signatures and update intrusion detection/prevention systems

  • Publications: [18], [25]

Software

Honors & Awards

Fulbright Scholarship (for pursuing Ph.D. studies at Purdue University)

Awarded by Fulbright Program and CONACYT

Selected publications

Skills

Leadership

  • 32 years of multidisciplinary team and project leadership experience
  • IT Enterprise Architecture
  • Scaled Agile Framework (SAFe)

Information and Cyber Security

  • Enterprise security governance
  • Enterprise security architecture
  • Virtualization and cloud computing security
  • Risk management and compliance
  • Intrusion detection and prevention
  • Software security and secure software development
  • ISO27001

Technology

  • Broad and deep IT expertise
  • Cloud computing
  • Computer security
  • Operating systems
  • Networking
  • Configuration management
  • Software & services development
  • Programming languages

Research

  • Ph.D. in Computer Science
  • 9 years of experience at IBM Research

Communication

  • Excellent written and spoken communication skills
  • Extensive public speaking experience
  • Professional writing and teaching experience

Languages

Spanish

Native

English

Full proficiency

German

Intermediate proficiency (B2 level)

Other Professional Activities

References

Available by request