Professional Experience¶

LinkedIn Profile: johnturner313

Director, Product Security – Bose Corporation¶

August 2024–Present

Drive security-by-design across hardware, firmware, mobile apps, and cloud services
Define and execute product security strategy aligned with business risk appetite and evolving market demands
Lead secure development practices, including threat modeling, architecture reviews, and coordinated vulnerability disclosure
Partner with engineering, legal, product, and supply chain teams to embed trust and resilience into connected devices and customer experiences
Safeguard intellectual property through secure technology licensing, partner vetting, encryption strategy, and enterprise key management
Represent product security in executive risk discussions, regulatory engagements, and customer trust initiatives

September 2022–February 2024

Managed global programs for IoT device and services engineering team supporting Alexa security
Managed and expedited resolution of critical and high risk security vulnerabilities identified in API, Data Classification, and Privacy domains
Launched device certificate management service supporting Prime Video mobile and Echo Show 15 video and audio casting

June 2021–September 2022

Owned and directed crowdsourced bounty program strategy, financials, development and rewards
Resolved 212 vulnerabilities with over $286,000 in bounty rewards
Planned and executed 2 promotional events
Decreased open report backlog by 46%
Mentored 2 junior engineers
Designed, launched and grew bounty programs and communities for worldwide M&A
Authored and expanded repeatable bounty program onboarding & launch process for mergers and acquisitions
Scoped, launched and directed bounty programs for 5 acquisitions, tailored to each team's capabilities and risk profile
Built strong, collaborative partnerships with Engineering, Legal and Communications teams to help drive vulnerability count to zero

January 2020–June 2021

Conducted security stakeholder review and approval of 300+ IAM change requests for AWS cloud services in agile CI/CD pipelines
Assessed new technologies, vendors, and products for security requirements and standards, communicating findings to stakeholders
Developed and managed projects for summer interns with specific, measurable goals

2008–2019

2018–2019

Recruited, trained and guided an offensive security team of 11 security engineers and ethical hackers focused on red teaming and pentesting connected vehicles and mobility applications
Managed and directed bug bounty program including triage, bounty rewards, incident response plans, communication processes and promotional events

2015–2018

Hired, developed and lead a team of 5 engineers responsible for mobile and cloud infrastructure security architecture design and standards for connected and autonomous vehicles
Created, assessed and guided cybersecurity requirements and strategy for global mobility products such as FordPass and product integrations with Amazon Secure Delivery to Vehicle, Apple WatchOS, SiriusXM, Chariot, RedCap and others

2014–2015

Lead engineer and architect for connected & autonomous vehicle cybersecurity (C-V2X, V2V & V2I)
Represented Ford on multi-OEM technical team that delivered proof-of-concept PKI project in support of US Federal NHTSA FMVSS 150 to secure Basic Safety Messages (BSM) between vehicles

2012–2014

Lead engineer on multi-year Identity as a Service (IDaaS) project providing strategic password management, identity federation, single sign-on (SSO) and related services for 8 million customers

2010

Technical Reviewer for "iPad & iPhone Administrators Guide: Enterprise Deployment Strategies and Security Solutions" by Guy Hart-Davis ISBN 0071759069

2008–2012

Portfolio manager, infrastructure architect and team leader for global network management and automation services including change management, config management, monitoring and AAA

January 2005–January 2008