Saturday, June 10, 2017

About JP

Jean-Paul Lizotte (« Jaypee »)

SecDevOps Transformation Leader | Zero-Trust & Compliance Automation | 30 + years in IT driving resilient, people-centric delivery

I build high-trust, Zero-Trust engineering cultures. From programming Microsoft BASIC in 1981 to leading SOC 2 Type II attestations, my career arcs around one idea: technology should empower people, not become their bottleneck

Today I coach organisations out of “guru dependency” and into collaborative, self-healing SecDevOps ecosystems that cut lead-time, raise security posture, and make audits almost invisible to engineers.

Signature Results

  • SOC 2 Type II readiness in under 12 months – Automation and coordination of implementation of Audit controls.
  • 45 % fewer production defects after embedding SAST / DAST / IaC gates into CI / CD.
  • Daily releases down from bi-weekly by coaching five cross-functional squads on trunk-based development and feature flags.
  • Hub-and-spoke Azure landing zone Bicep Deployment, with policy-as-code and private endpoints, now hosting 30 + workloads.

Playbook

  1. Strategy & Governance – Map business risk to guard-rails; bake compliance into workflow.
  2. Automation – Everything-as-Code: pipelines, policies, infrastructure.
  3. Culture – Psychological safety, shared ownership, continuous feedback loops, security baked-in everything.

Core Competencies

  • SecDevOps Leadership & Cultural Transformation
  • Zero-Trust Architecture & SOC 2 Type II Compliance
  • CI / CD & IaC: Azure DevOps · GitHub Actions · Bicep · Docker / AKS, SonaQube, Snyk
  • Multi-Cloud & Hybrid Governance (Azure-first, some AWS)
  • Data & Pipeline Security: SAST · DAST · Secrets Management · SIEM log centralisation
  • Coaching & Mentoring cross-functional squads

Recent Roles

Emyode | Certified B Corp 

7 years 10 months 

SecDevOps Practice Leader | Deputy CIOSO 

May 2024 - May 2025 (1 year 1 month) 
Montreal, Quebec, Canada 

As Deputy to the CIOSO, I contributed to the company’s operational security strategy by identifying systemic risks, establishing process controls, and implementing scalable governance frameworks across development teams. A key part of this role involved leading the implementation of Emyode’s SOC 2 security readiness program, aligning teams and operations with rigorous audit controls and evidence-based compliance standards. As SecDevOps Practice Leader, I fostered a security-first culture by embedding security at every stage of the SDLC. I coached cross-functional teams on secure automation, threat modeling, and continuous improvement— transforming DevOps maturity into measurable business value. Key Contributions: Operationalized the SOC 2 readiness initiative, from gap analysis to policy implementation and evidence collection, ensuring audit readiness.
  • Designed DevSecOps pipelines with embedded quality and compliance checks. 
  • Led security training, risk workshops, and architecture reviews with both internal teams and external clients. 
  • Established metrics and dashboards for real-time security KPIs and remediation tracking. 
  • Acted as an executive liaison to support communication between stakeholders and security teams. Drove enterprise SOC 2 program, instituted Zero-Trust controls, and centralised observability

Read more »
at No comments:
Labels: , , , , , , , , , ,
Subscribe to: Posts (Atom)

L’excellence en ingénierie est-elle une espèce en voie de disparition?

Une réflexion SecDevOps sur le rapport 2025 " State of Software Engineering Excellence " Pourquoi ce rapport est important pou...