Designing and developing security automations, integrations, products, tools and features to implement security at scale.
Integrations
Commercial security products are usually expensive but often underutilized due to a lack of resources dedicated to exploiting their programming interfaces. Integrating security products among them and with other non-security products has great potential to increase their effectiveness and reduce toil for security roles.
Developing your own integrations ensures that your organization gets the most out of its security ecosystem without becoming dependent on any specific security vendor. Integrations may be used to automate the operation of your security products, exchange information between security products or automatically discover and inventory assets (infrastructure, applications, code…) to use as their input.
Integrations can also leverage the various outputs of security products in order to automatically conduct reporting, contention, triaging and remediation actions by integrating with your communication channels (email, tickets, messaging…), your cloud/datacenter infrastructure providers/orchestrators and additional security products.
Products & Tools
Security products enable a company to provide security services directly to employees without intermediaries. Providing good products instead of operating managed services allows an organization to free resources from security operations while consistently improving the experience for the users of those services.
Security tools help engineers take ownership of security tasks that would otherwise be centralized in a classical security team. They can allow engineers to easily manage their vulnerabilities, scan their code and artifacts for security issues or recieve automated alerts about threats to their services and their compliance status.
Security products can also engage regular employees with security by gamifying security through visual and compelling metrics, providing fun and interactive on-demand security training or by conducting automated phishing simulations.
Good tools can also ensure that regular tasks are performed securely by default. Such tools may assist engineering teams in conducting risk assessment themselves, verifying that their code dependencies are updated, reviewing their commits to avoid leaking sensitive information or providing them with custom hardened OS and container images.
Features
Most products and services must provide security features in response to user needs, legal regulations and potential threats. Engineering teams are sometimes faced with the task of improving a feature in their products in response to a security incident or audit.
Security features include authentication, authorization, encryption, fraud prevention, secure communications… Developing security features requires specific security knowledge and experience that is not always present in engineering teams.
I can work together with an engineering team in researching, designing and developing a security feature in any of their products and services.