Over the last 15+ years, I’ve worked for leading finance, mobility, and consulting firms in the US and the Asia Pacific as a Platform & Security Engineer.
In doing this, I’ve learned that while possible to fulfill software development, infrastructure engineering, and security roles independently, it’s much more effective to take a holistic approach in what I call “Security-Driven Software Development.”
I believe that combining engineering skills with IT risk management, meaningful audits, and programs like bug bounty programs, and you’re well-positioned to deliver critical services with a high level of stability and confidence over time.
I now work providing consulting services for SimplyCubed and specialize in delivering secure and highly performant microservices written in Golang running on Google Cloud Platform (GCP), Google Kubernetes Engine (GKE), and Azure Kubernetes Service (AKS).
Collaborate with stakeholders to understand both the business and engineering motivations and context behind each project.
Start with a broad problem statement and refine the project requirements using use cases and an iterative approach to gather stakeholder feedback.
Create a high-level architectural design covering known critical components. This phase often includes threat modeling, data classification, data privacy, and confirmation of SLA's and SLO's.
Prototype the solution focusing first on high-risk areas to identify potential problem areas early in development. From there, I build only the core functionality for an end-to-end working system with unit and security tests.
From there, I continue to build the remaining features to satisfy the project requirements. During this phase, I continue to add automated security and load tests and work on refactoring any areas that are not scalable.
While active development does have a "Done" status, it's generally far from the end of the application and data lifecycle. To help with the transition to maintenance and support, I ensure that documentation and any handoff is complete before moving on to next actions.
Vulnscan is an open-source static source code, binary, and dependency analyzer designed for Software Engineers to deliver highly secure iOS and macOS applications.Read Me