Roman Romanenco

Security that ships.

Enterprise security programs that engineering teams actually adopt, without trading velocity for safety.

See the results
Professional headshot of Roman Romanenco

About

Security is a product problem.

Most programs slow companies down because they're built like compliance checklists, not products. I've spent a decade building the opposite, turning security from a gate into a platform.

Every control, integration, and policy gets treated as a product: users, feedback loops, a shipping cadence. That's why the programs I lead get adopted instead of avoided. Currently doing that across the Disney portfolio, backed by an MBA from UT McCombs and a decade of hands-on technical depth.

I learned that operating tempo matters early, as a U.S. Marine.

Roman Romanenco signature

Where I've worked

  • The Walt Disney Company
  • Hulu
  • Verizon
  • Yahoo

Impact

Selected results

Measurable outcomes across enterprise security and product.

  • 3,000+ applications secured

    Drove adoption of a modular security suite across Disney's enterprise portfolio.

    The Walt Disney Company

  • Top 3 on Bugcrowd

    Built and launched Hulu's responsible disclosure program — 370+ vulnerabilities found, $270K in bounties.

    Hulu

  • #1 on HackerOne (2018)

    Managed Yahoo's bug bounty lifecycle to the platform's top-ranked program globally.

    Yahoo

  • 90% reduction in deployment effort

    Shipped Terraform-based infrastructure automation for security tooling across dozens of AWS accounts.

    The Walt Disney Company

  • FedRAMP compliance achieved

    Led security assessments that remediated 100+ vulnerabilities and unlocked pursuit of $10M+ in federal opportunities.

    Booz Allen Hamilton

  • Security consolidated across business units

    Designed the strategy to unify product security across Disney's business units post-reorg, reducing tooling redundancy and establishing a single operating model.

    The Walt Disney Company

Education

Education and certifications

Degrees
MBA, UT Austin McCombs School of Business, 2026 · BS Management Information Systems, George Mason University, 2016
Certifications
CISSP · OSCP · GCSA (GIAC) · PMC · CSM

Explore

Writing & projects

Ideas on product security, and tools I've open-sourced.

  • Career

    Security Has a Product Problem

    I spent years finding critical vulnerabilities. Then I realized finding them wasn't the hard part.

    May 22, 2026 · 7 min read

  • Product Strategy

    A Roadmap Is Not a Product Strategy

    Most teams confuse a list of features with a strategy. Here's the 6-step framework I use to build product strategies that actually hold up under pressure.

    Sep 6, 2023 · 4 min read

View all articles →

Open source

Meridian

Unified inventory for source code management platforms. Aggregates from GitHub, GitLab, and beyond, with intelligence on languages, structure, and metadata.

PythonFastAPISQLite
Open source

Ballista

Automated creation of hardened, deployment-ready Kali Linux AMIs for red team operations and penetration testing in AWS.

TerraformPackerAnsible

View all on GitLab →

Contact me

Let's get in touch

If you're building enterprise security as a product capability, evaluating AppSec tooling and strategy, or hiring for product security leadership, reach out. I read every message.

Email me Connect on LinkedIn