About

Learn more about me

Staff Security Advocate

#GetSecure, #BeSecure & #StaySecure

  • OpenUK ambassador
  • GitHub Star 2021/22/23
  • CAPSLOCK & CyberGirls lead mentor
  • GirlCode ambassador
  • freeCodeCamp Top Contributor 2018/19/20/21/23
  • GitGuardian DevSecOps guest writer
  • Public speaker
  • INTJ-A

👋 Bonjour! I’m a Senior Security Advocate and a lifelong traveler who lived in the Middle-East, North Africa and Asia. Always looking for new challenges - I made a career change from International Business Consulting in 🇹🇳, 🇸🇦 and 🇸🇬 to Engineering in 🇰🇷 to Cybersecurity in the 🇬🇧.

Interests

DevSecOps

Cybersecurity

Artificial Intelligence

Advocacy

Cloud Security

Ethical Hacking

Programming

Languages

Mentoring

Writing

Consulting

DevRel

Testimonials

I was fortunate enough to have Sonya Moisset as our lead mentor for the Bug Squashers 8! with the Cybergirls. She is nice, a great nurturer, and excellent at what she does.

Confidence Staveley

CyberSafe Foundation Founder

During the time working with Sonya at Photobox, she never failed to impress or inspire me with regards to her extensive security knowledge and ability to share this with varying levels of her colleagues and peers. She always found new and inventive ways to engage people in improving and understanding the reasons and benefits of security within the business as well as for in their homes. I thoroughly enjoyed my time working with Sonya and know that wherever she goes she will be a huge asset and will continue to drive forward in her relentless pursuit of security excellence !

Kevin Foreman

Network and Infrastructure Lead

Working with Sonya as a duo (tech and product leads) whilst at Pride was a real joy! She brought organisation, clarity and purpose to her dev’s who all volunteered their time on evenings and weekends to deliver amazing results. Her partnership on shaping the roadmap, ensuring estimates were as accurate as we could get them and making sure we balanced time to deliver against effort/volunteering hours was amazing. We wouldn’t have succeeded without her!

Tom Howes

Senior Product Manager

Sonya is a Cyber-Superhero. During my time at Photobox Group I had the pleasure to work with Sonya on a number of initiatives. I witnessed her not only knock the socks of people by demonstrating her seemingly limitless knowledge, but by also watching Sonya turn arduous tasks into fun and engaging projects through her humble delivery style and ability to gamify just about anything. If you need a Cyber Security Pro who can deliver in spades, look no further...

John Thompson

Director of IT

Sonya is an inspiring AppSec leader. She has a wide range of technical expertise, which she continuously shares in her contributions to open source and the global information security community. She also goes out of her way for Diversity and Inclusion initiatives, such as Epic Women in Cyber, that benefit so many people.

Zoe Braiterman

Technologist

Experience

Check My Resume

Professional Experience

Staff Security Advocate

2022 - Present

Snyk, London, UK

Principal Security Engineer

2021 - 2022

Photobox, London, UK

I owned and nurtured the relationship between InfoSec and Engineering, and developed good working practices between the two teams. I improved PBX's engineering standards in line with industry best practices by embedding a secure by default approach into all stages of the development lifecycle.

    🌍 Brands included PBX UK and France, Hofmann (Spain) & PosterXXL (Germany)

    🏛️ Security Design and Architecture -> in collaboration with the Security Management team, engineers, and peers leaders, I drove innovation and progress on security design patterns for use in services and operations through understanding evolving security risks, security research, and deep technical understanding of engineering patterns.

    🗺️ Strategic Security Initiatives -> I drove strategic initiatives or cross-group projects contributing to the overall security strategy as needed to meet the changing security risk environment and ensure the team is achieving commitments. I worked with PMs and independently to create and implement accurate plans and develop success metrics and communication approaches for these initiatives and projects.

    🎓 Development and Growth of Organisational Security Expertise & Branding -> I helped develop and grow individual contributors in the team and across the division in security maturity and expertise

Lead Security Engineer

2019 - 2021

Photobox, London, UK

    🏛️ Security Design and Architecture - Architected, developed, and documented industry best practices to support Photobox initiatives while meeting performance and availability requirements - Performed security design evaluation and reviews, and provided subject matter expertise around application, cloud and network topics - Consulted with other engineers and stakeholders to analyse and propose application security standards, methods, and architectures - Balanced InfoSec risk with product feature advancement and incorporated the use of best-practice risk management methodology within the development process

    🗺️ Strategic Security Initiatives - Understood and identified the existing processes and security gaps, and recommended technical solutions - Improved and streamlined the development process to secure the application in every stage of software development by implementing DevSecOps - Evaluated current or proposed security projects and provided feedback on feasibility - Assessed security tools and integrated tools as needed, particularly open-source tools - Evaluated, implemented and managed 3rd party application security tools that complement Photobox's existing tech stack - Identified cybersecurity threats and performed analysis based on threat vectors and identified vulnerabilities and build solutions to reduce the risk level

    🎓 Development and Growth of Organisational Security Expertise & Branding - Developed security training and guidance to internal development teams - Worked with Engineers/Architects from other teams in projects - Mentored peers and junior team members in security technologies, designed best practices and cultivating positive partnerships with internal customers and teams - Led and conducted security engineering tasks, such as POC, lab exercises, R&D, security tools, and controls testing - Participated in industry working groups and provided insights to product development teams on leading architecture, design, and security practices

Lead Security Engineer

2019

Moonpig, London, UK

The duties at Moonpig were the same as within Photobox. I improved Moonpig's engineering standards in line with industry best practices by embedding a secure by default approach into all stages of the development lifecycle.

    🌍 Brands included Moonpig UK and Greetz (Netherlands)

    🏛️ Security Design and Architecture

    🗺️ Strategic Security Initiatives

Security Engineer

2017 - 2019

WorldRemit, London, UK

My main focus was to embed a secure by default approach into all stages of the development lifecycle.

    🏛️ My day to day duties covered - Performed code & design reviews for internal applications. Evaluated, architected, implemented, and supported security-focused tools and services. Monitored latest web app security developments and security trends. - Implemented secure coding and best practices across the SDLC, helping Product & Engineering teams to design, build, and ship robust code as part of a distributed microservices architecture. - Organised phishing campaigns with follow-up awareness training provided - Collaborated with the Engineers to remediate security issues with applications and APIs - Reviewed the security posture and collaborated with IT, Cloud and Site Reliability Engineering teams to remediate and make improvements - Operating the entire spectrum of security tools. Incident/Response/SOC - Bug Bounty triaging and reward evaluation - Strong knowledge of standard AppSec practices. OWASP Top 10, OWASP Pro Active Controls, OWASP ASVS, CIS Benchmarks, etc. - Security awareness training for all employees - Third-party review/onboarding - Policy Guidelines. PCI DSS/ISO 27001/Internal policies - Audit, reporting, presentations to teams & stakeholders

    🛠️ Stack/Tooling/Vendors. Burp, Postman, VirusTotal, Shodan, Snyk, SSL Labs, Kali, CrowdStrike, DarkTrace, Dynatrace, Mimecast, Bugcrowd, Distil, Neustar, Flashpoint, Proofpoint DMARC, Netscaler, New Relic, Akamai, OKTA, Cofense, OWASP tools, Azure Security Center, AWS Security Hub

Software Engineer

2016 - 2017

WorldRemit, London, UK

I worked on the corporate website and the development of new features (front/back-end)

    🏛️ My day to day duties covered - Built reusable code, components, and libraries for future use following Atomic Design and Pattern Library - Optimised applications for maximum speed and scalability - Collaboration with other teams & stakeholders - Security Champions

    🛠️ Stack/Tooling/Vendors. HTML, CSS, React, Nodejs, Express, Karma, Jest, C#, .NET, Nginx, Octopus, Docker, Splunk, Azure, Nexus, Umbraco, Wordpress

Volunteering

Ambassador

2022

Snyk

I helped the development community build securely. This includes collaborating with peers, spreading security awareness and engage with community through reports, workshops, talks, blogposts and other artefacts. My expertise is around Security within Open Source projects, supply chain attacks and DevSecOps.

Ambassador | Security Advisory Board Member

2022 - Present

OpenUK

I support the work of OpenUK, promote the organisation purpose of developing UK Leadership in Open Technology through reports, workshops, talks, blogposts and other artefacts. My expertise is around Security within Open Source projects.

    🏆 2023 OpenUK Honours, 2022 OpenUK Honours

CyberGirls Fellowship Mentor

2022 - Present

CyberSafe Foundation

Lead Mentor

2022 - Present

CAPSLOCK

DevSecOps Guest Expert

2022 - Present

GitGuardian

GitHub Star | Security Ambassador

2021 - Present

GitHub

I give back to the community by helping others hone their skills and by nurturing and growing less-explored communities and projects through reports, workshops, talks, blogposts and other artefacts. My expertise is around Security within Open Source projects, supply chain attacks and DevSecOps.

    The GitHub Stars program thanks GitHub's most influential developers and gives them a platform to showcase their work, reach more people, and shape the future of GitHub.

    🏆 GitHub Star 2021, GitHub Star 2022, Github Star 2023

Ambassador

2020 - Present

GirlCode

I support GirlCode's aim at empowering women through technology. We believe that the more women get involved with tech, design, development and leadership, the more successful and diverse companies and their products will be in the future.

    I give back to women in tech communities through presentations, podcasts and attending meetups/conferences on topics around leadership, career in tech and mentorship.

    🏆 Diversity & Inclusion Power List 2022

Publication Author

2020 - Present

freeCodeCamp

I am writing for FCC about Software Development, Security and DevOps.

    🏆 Top Contributor 2018, 2019, 2020, 2021, 2023

Education

Korean Language | Korean Culture | Korean History

2011 - 2012

Sogang University, Seoul, South Korea

  • Korean Language Education Center | 서강대학교 한국어 교육원
  • 7급(고급) 졸업 | 1400시간
  • 개근상

Google EU Scholarship | Android Developer Nanodegree

2010 - 2014

Udacity

🏆 1st Phase. 1/60,000 EMEA recipients | 2nd Phase. 1/1,000 EMEA recipients

International Business Management | Geopolitics

2002 - 2007

Paris School of Business

  • Master Degree with Honours - Valedictorian
  • Thesis: ‘The Development of Shanghai – A Reflection of China’s Development’

Blog

My Articles

Portfolio

Advocacy

  • All
  • Conference
  • Meetup
  • Webinar
  • Panel

CodeSecDays

Conference

CodeSecDays

Conference

DevSecCon London

Meetup

WTF is SRE? 2023

Conference

The Big Fix OWASP Top 10 Snyk Learn Path (Broken Access Control & SSRF)

Webinar

The State of OpenCon 2023

Conference