Roman Romanenco

I help product and security leaders ship faster, at enterprise scale, without trading speed for safety.

Product leadership × Security engineering × Enterprise scale.

See how I work
Professional headshot of Roman Romanenco

About

Security is a product problem.

Most security programs slow companies down because they're built like compliance checklists, not products. I spend my days building the opposite — enterprise security capabilities that engineering teams actually want to use, currently across the Disney portfolio. My approach treats every control, integration, and policy as a product with users, feedback loops, and a shipping cadence, which is why the programs I lead get adopted instead of avoided. I learned that operating tempo matters early, as a U.S. Marine.

Roman Romanenco signature Download Resume

Where I've worked

  • The Walt Disney Company
  • Hulu
  • Verizon
  • Yahoo

Impact

Selected results

Measurable outcomes across enterprise security and product.

  • 1,000+ applications secured

    Drove adoption of a modular security suite across Disney's enterprise portfolio.

    The Walt Disney Company

  • Top 3 on Bugcrowd

    Built and launched Hulu's responsible disclosure program — 370+ vulnerabilities found, $270K in bounties.

    Hulu

  • #1 on HackerOne (2018)

    Managed Yahoo's bug bounty lifecycle to the platform's top-ranked program globally.

    Yahoo

  • 90% reduction in deployment effort

    Shipped Terraform-based infrastructure automation for security tooling across dozens of AWS accounts.

    The Walt Disney Company

  • FedRAMP compliance achieved

    Led security assessments that remediated 100+ vulnerabilities and unlocked pursuit of $10M+ in federal opportunities.

    Booz Allen Hamilton

  • Enterprise-wide security consolidation

    Developed the strategy and roadmap to unify product security programs across business units after a major reorg.

    The Walt Disney Company

Education

Education and certifications

Degrees
MBA, University of Texas (McCombs) · BS Information Systems, George Mason University
Certifications
CISSP · OSCP · GCSA (GIAC) · PMC · CSM

Explore

Writing & projects

Ideas on product security, and tools I've open-sourced.

View all articles →

Open source

security-scanner-cli

Lightweight CLI tool for automated security scanning of container images in CI/CD pipelines.

PythonDocker
Open source

terraform-aws-security

Opinionated Terraform modules for deploying security tooling across multi-account AWS orgs.

HCLAWS

View all on GitHub →

Contact me

Let's get in touch

Whether you have a potential project, a question, or just want to say hello — this is the gateway to reaching out. Let's explore the possibilities and make great things happen together.

Email me Connect on LinkedIn