my photo

Alexa​ (StarChild) Kelley

Former security manager at VRChat

I am a security professional with a diverse array of skills, including security operations, vulnerability management, people management, cloud architecture, data analysis, threat modelling, and cyber intelligence. I strive for continuous improvement, heavily influenced by the principles of servant leadership. I excel both as a leader—empowering my team to succeed—and as an individual contributor (IC) engineer, hardening an organisation against threats.
My professional philosophies include:  

  • Treat people with dignity and respect.
  • Designing systems with a people-first approach.
  • Prioritising sustainable design and implementation for long-term success.
  • Focusing on techniques and concepts over tools, i.e., adopting a tool-agnostic approach wherever possible.
    •  

Skills

• Security Operations • Incident Response • Cyber Threat Intelligence • Intrusion Detection • Threat Modeling

• Vulnerability • Risk Management • Cloud Architecture • AWS • GCP • Azure • SOAR • EDR • SIEM

• Kubernetes • DevOps • Technical Documentation • Terraform • Atlantis • Virtualization • Data Analysis

• People Management • Program Management(Agile, SCRUM, Waterfall) • Public Speaking • Policy Writing

Experience

VRChat (Aug 2022 — Jun 2024)

Security Manager

Languages used: Golang, Nodejs, Python, C#, Rust

During my time as Security Manager, I was responsible for the greenfield construction and maturation of a company-wide security organisation. As part of this, I:

  • Hired and led a multidisciplinary security team of 7 members supporting 150+ employees.
  • Developed an incident response programme from scratch and trained engineers on IR best practices.
  • Planned and implemented short-term (<1 year) and long-term (1-5 years) security strategies, reporting status updates against OKRs to executives and senior staff on a regular basis.
  • Advised and implemented strategies for securing user-generated content (UGC).
  • Educated employees on security and consulted with 12+ other teams to improve technical designs and reduce security risks.
  • Mentored employees and advocated for technical and professional development.
  • Performed vulnerability scans and hardened AWS cloud infrastructure for production environments with millions of assets.
  • Coordinated with API engineers to identify security risks and developed mitigation plans, including on cloud architecture and configuration.
  • Assisted in onboarding new engineers and partnered with the legal team on compliance needs.
  • Conducted incident response as needed.

Vimeo (Sep 2019 — Aug 2022)

Infrastructure & Operations Security Engineer

Languages used: PHP, Python, Terraform

  • Designed, implemented, and managed a company-wide incident response programme, including training, documentation, KPIs, and executive briefs.
  • Coordinated multiple simultaneous high-priority projects across complex environments and requirements.
  • Evaluated and remediated cloud architecture vulnerabilities across both AWS and GCP.
  • Interviewed dozens of candidates for hiring initiatives and assisted in improving the hiring process.
  • Researched industry security best practices and tested implementations.
  • Mentored junior colleagues on professional development.

Jackson National Life (Feb 2019 — Aug 2019)

Security Engineer

Languages used: Python, SQL

  • Scoped, designed, and implemented an Ansible and Docker-based SOAR platform directly improving incident analysis/response times.
  • Updated and maintained SIEM infrastructure, including parsing new log sources and writing custom detection rules.
  • Participated in cross-team and department initiatives for hardening company security.
  • Established team-wide version control policy and best coding practices for future projects.
  • Advocated for project resilience and disaster recovery initiatives.

Spoken Languages

• English • Japanese • Swedish

Social Links

  • Github: https://github.com/PurpleStarChild