Oracle Blogs

Andrew Whitaker is a Field CISO within Oracle SLED-C (S/L Government, Education, and Canada). Andrew focuses on advising customer CISOs on security and compliance issues related to cloud, technical messaging and thought leadership, as well as providing strategic direction on Oracle Cloud Infrastructure products, services, and partnerships. He facilitates conversations with security executives, communicates OCI’s security value proposition, and identifies opportunities where security can enable consumption. Andrew joined Oracle from Meta, where he led a team of Security Technical Program Managers responsible for solving some of Meta’s biggest security challenges across their global infrastructure. He has also worked for AWS in a leadership capacity leading multiple teams conducting security testing and bug bounty operations across all AWS services. Prior to that, Andrew was the CISO for the City of Seattle. In that capacity, Andrew was responsible for cybersecurity strategy, operations, compliance, risk, disaster recovery, and more across all City departments. He has experience working across public sector domains, including public safety (police/fire/emergency services), utility (water/electric), public services, and internal government departments.  Andrew is a frequent author and speaker on cybersecurity, risk, and compliance. He has authored multiple books, including Chained Exploits: Advanced Hacking Attacks from Start to Finish, and Penetration Testing and Network Defense. He has presented talks at such conferences as RSA, Defcon, BSides, GFirst Summit, and many others, and was personally invited to present to the US Intelligence Committee on the state of cyber attacks in the United States. Throughout his career he has achieved more than 20 IT certifications and has taught security courses across the globe to both private and public organizations. He belongs to several industry groups, including Cloud Security Alliance, OWASP, Project Management Institute, and Evanta.