Where cybersecurity, compliance, and business assurance meet.

Sanjeev Agarwal

Sanjeev Agarwal is the Founder of BIDODI Infosec and a Product Security professional with deep roots in Enterprise Architecture. He builds scalable security programs that balance technical rigor with business velocity, with work spanning global roadmap strategy, DevSecOps transformation, crisis management (Code Blue), and FedRAMP and public sector compliance—translating complex security challenges into clear, actionable outcomes for the business.

He is an active member of several OWASP GenAI Security Project initiatives, serving on the Agentic Security Initiative across projects such as AIBOM, the Red Teaming Guide, and the OWASP Top 10 for LLMs and Agentic Applications. He also contributes to the OWASP AI Exchange—including Project MOSAIC (Multi-Organization Secure AI Coordination), a collective effort to advance AI security standardization—as well as the Coalition for Secure AI (CoSAI) and the AIUC-1 Consortium, the world's first certification standard for AI agents. In addition, he is a community contributor to NIST initiatives, including the NCCoE Cyber AI Profile and NIST SP 800-53 COSAiS.

He currently serves on the advisory board of AI healthcare startup TraumaCare.AI, where he advises on secure cloud architecture, SDLC, access control, monitoring, incident-response readiness, SOC 2 control design, evidence preparation, risk management, and HIPAA/HITECH/HITRUST compliance—strengthening the company's overall security strategy and roadmap.

Previously, he served as Head of Product Security for SAP Identity & Access Governance (SAP-IAG) at SAP Labs, where he defined the product security strategy, roadmap, and KPIs across cloud and on-premise portfolios. He spearheaded FIPS-200/140 compliance with SAP NS2 to enable FedRAMP cloud migration and unlock U.S. government sector opportunities. He led a Global Security Roundtable to align standards, share threat intelligence, and ensure consistent governance across international teams. He also formalized an Enterprise and Product Risk Management Framework that translated technical findings into clear, prioritized business risks for development leaders. Throughout, he cultivated a "Security-First" engineering culture through threat modeling, GDPR assessments, and close partnership with BISO leadership.

With more than 20 years of experience in the Application and Information Security domain, Sanjeev brings a rare combination of strategic vision and hands-on technical depth to every engagement.

He holds leading industry credentials, including the CISSP (ISC2) and CRISC (ISACA), and is a certified SAP Threat Modeling Expert. These certifications reflect a formal grounding in security engineering, risk management, and threat modeling that complements his hands-on experience.