About

Learn more about me

Staff Security Advocate

#GetSecure, #BeSecure & #StaySecure

  • OpenUK ambassador
  • GitHub Star 2021/22/23
  • CAPSLOCK & CyberGirls lead mentor
  • GirlCode ambassador
  • freeCodeCamp Top Contributor 2018/19/20/21/23
  • GitGuardian DevSecOps guest writer
  • Public speaker
  • INTJ-A

👋 Bonjour! I’m a Senior Security Advocate and a lifelong traveler who lived in the Middle-East, North Africa and Asia. Always looking for new challenges - I made a career change from International Business Consulting in 🇹🇳, 🇸🇦 and 🇸🇬 to Engineering in 🇰🇷 to Cybersecurity in the 🇬🇧.

Interests

DevSecOps

Cybersecurity

Artificial Intelligence

Advocacy

Cloud Security

Ethical Hacking

Programming

Languages

Mentoring

Writing

Consulting

DevRel

Testimonials

I was fortunate enough to have Sonya Moisset as our lead mentor for the Bug Squashers 8! with the Cybergirls. She is nice, a great nurturer, and excellent at what she does.

Confidence Staveley

CyberSafe Foundation Founder

During the time working with Sonya at Photobox, she never failed to impress or inspire me with regards to her extensive security knowledge and ability to share this with varying levels of her colleagues and peers. She always found new and inventive ways to engage people in improving and understanding the reasons and benefits of security within the business as well as for in their homes. I thoroughly enjoyed my time working with Sonya and know that wherever she goes she will be a huge asset and will continue to drive forward in her relentless pursuit of security excellence !

Kevin Foreman

Network and Infrastructure Lead

Working with Sonya as a duo (tech and product leads) whilst at Pride was a real joy! She brought organisation, clarity and purpose to her dev’s who all volunteered their time on evenings and weekends to deliver amazing results. Her partnership on shaping the roadmap, ensuring estimates were as accurate as we could get them and making sure we balanced time to deliver against effort/volunteering hours was amazing. We wouldn’t have succeeded without her!

Tom Howes

Senior Product Manager

Sonya is a Cyber-Superhero. During my time at Photobox Group I had the pleasure to work with Sonya on a number of initiatives. I witnessed her not only knock the socks of people by demonstrating her seemingly limitless knowledge, but by also watching Sonya turn arduous tasks into fun and engaging projects through her humble delivery style and ability to gamify just about anything. If you need a Cyber Security Pro who can deliver in spades, look no further...

John Thompson

Director of IT

Sonya is an inspiring AppSec leader. She has a wide range of technical expertise, which she continuously shares in her contributions to open source and the global information security community. She also goes out of her way for Diversity and Inclusion initiatives, such as Epic Women in Cyber, that benefit so many people.

Zoe Braiterman

Technologist

Experience

Check My Resume

Professional Experience

Staff Security Advocate

2022 - Present

Snyk, London, UK

Principal Security Engineer

2021 - 2022

Photobox, London, UK

I owned and nurtured the relationship between InfoSec and Engineering, and developed good working practices between the two teams. I improved PBX's engineering standards in line with industry best practices by embedding a secure by default approach into all stages of the development lifecycle.

    🌍 Brands included PBX UK and France, Hofmann (Spain) & PosterXXL (Germany)

    🏛️ Security Design and Architecture -> in collaboration with the Security Management team, engineers, and peers leaders, I drove innovation and progress on security design patterns for use in services and operations through understanding evolving security risks, security research, and deep technical understanding of engineering patterns.

    🗺️ Strategic Security Initiatives -> I drove strategic initiatives or cross-group projects contributing to the overall security strategy as needed to meet the changing security risk environment and ensure the team is achieving commitments. I worked with PMs and independently to create and implement accurate plans and develop success metrics and communication approaches for these initiatives and projects.

    🎓 Development and Growth of Organisational Security Expertise & Branding -> I helped develop and grow individual contributors in the team and across the division in security maturity and expertise

Lead Security Engineer

2019 - 2021

Photobox, London, UK

    🏛️ Security Design and Architecture - Architected, developed, and documented industry best practices to support Photobox initiatives while meeting performance and availability requirements - Performed security design evaluation and reviews, and provided subject matter expertise around application, cloud and network topics - Consulted with other engineers and stakeholders to analyse and propose application security standards, methods, and architectures - Balanced InfoSec risk with product feature advancement and incorporated the use of best-practice risk management methodology within the development process

    🗺️ Strategic Security Initiatives - Understood and identified the existing processes and security gaps, and recommended technical solutions - Improved and streamlined the development process to secure the application in every stage of software development by implementing DevSecOps - Evaluated current or proposed security projects and provided feedback on feasibility - Assessed security tools and integrated tools as needed, particularly open-source tools - Evaluated, implemented and managed 3rd party application security tools that complement Photobox's existing tech stack - Identified cybersecurity threats and performed analysis based on threat vectors and identified vulnerabilities and build solutions to reduce the risk level

    🎓 Development and Growth of Organisational Security Expertise & Branding - Developed security training and guidance to internal development teams - Worked with Engineers/Architects from other teams in projects - Mentored peers and junior team members in security technologies, designed best practices and cultivating positive partnerships with internal customers and teams - Led and conducted security engineering tasks, such as POC, lab exercises, R&D, security tools, and controls testing - Participated in industry working groups and provided insights to product development teams on leading architecture, design, and security practices

Lead Security Engineer

2019

Moonpig, London, UK

The duties at Moonpig were the same as within Photobox. I improved Moonpig's engineering standards in line with industry best practices by embedding a secure by default approach into all stages of the development lifecycle.

    🌍 Brands included Moonpig UK and Greetz (Netherlands)

    🏛️ Security Design and Architecture

    🗺️ Strategic Security Initiatives

Security Engineer

2017 - 2019

WorldRemit, London, UK

My main focus was to embed a secure by default approach into all stages of the development lifecycle.

    🏛️ My day to day duties covered - Performed code & design reviews for internal applications. Evaluated, architected, implemented, and supported security-focused tools and services. Monitored latest web app security developments and security trends. - Implemented secure coding and best practices across the SDLC, helping Product & Engineering teams to design, build, and ship robust code as part of a distributed microservices architecture. - Organised phishing campaigns with follow-up awareness training provided - Collaborated with the Engineers to remediate security issues with applications and APIs - Reviewed the security posture and collaborated with IT, Cloud and Site Reliability Engineering teams to remediate and make improvements - Operating the entire spectrum of security tools. Incident/Response/SOC - Bug Bounty triaging and reward evaluation - Strong knowledge of standard AppSec practices. OWASP Top 10, OWASP Pro Active Controls, OWASP ASVS, CIS Benchmarks, etc. - Security awareness training for all employees - Third-party review/onboarding - Policy Guidelines. PCI DSS/ISO 27001/Internal policies - Audit, reporting, presentations to teams & stakeholders

    🛠️ Stack/Tooling/Vendors. Burp, Postman, VirusTotal, Shodan, Snyk, SSL Labs, Kali, CrowdStrike, DarkTrace, Dynatrace, Mimecast, Bugcrowd, Distil, Neustar, Flashpoint, Proofpoint DMARC, Netscaler, New Relic, Akamai, OKTA, Cofense, OWASP tools, Azure Security Center, AWS Security Hub

Software Engineer

2016 - 2017

WorldRemit, London, UK

I worked on the corporate website and the development of new features (front/back-end)

    🏛️ My day to day duties covered - Built reusable code, components, and libraries for future use following Atomic Design and Pattern Library - Optimised applications for maximum speed and scalability - Collaboration with other teams & stakeholders - Security Champions

    🛠️ Stack/Tooling/Vendors. HTML, CSS, React, Nodejs, Express, Karma, Jest, C#, .NET, Nginx, Octopus, Docker, Splunk, Azure, Nexus, Umbraco, Wordpress

Volunteering

Ambassador

2022

Snyk

I helped the development community build securely. This includes collaborating with peers, spreading security awareness and engage with community through reports, workshops, talks, blogposts and other artefacts. My expertise is around Security within Open Source projects, supply chain attacks and DevSecOps.

Ambassador | Security Advisory Board Member

2022 - Present

OpenUK

I support the work of OpenUK, promote the organisation purpose of developing UK Leadership in Open Technology through reports, workshops, talks, blogposts and other artefacts. My expertise is around Security within Open Source projects.

    🏆 2023 OpenUK Honours, 2022 OpenUK Honours

CyberGirls Fellowship Mentor

2022 - Present

CyberSafe Foundation

Lead Mentor

2022 - Present

CAPSLOCK

DevSecOps Guest Expert

2022 - Present

GitGuardian

GitHub Star | Security Ambassador

2021 - Present

GitHub

I give back to the community by helping others hone their skills and by nurturing and growing less-explored communities and projects through reports, workshops, talks, blogposts and other artefacts. My expertise is around Security within Open Source projects, supply chain attacks and DevSecOps.

    The GitHub Stars program thanks GitHub's most influential developers and gives them a platform to showcase their work, reach more people, and shape the future of GitHub.

    🏆 GitHub Star 2021, GitHub Star 2022, Github Star 2023

Ambassador

2020 - Present

GirlCode

I support GirlCode's aim at empowering women through technology. We believe that the more women get involved with tech, design, development and leadership, the more successful and diverse companies and their products will be in the future.

    I give back to women in tech communities through presentations, podcasts and attending meetups/conferences on topics around leadership, career in tech and mentorship.

    🏆 Diversity & Inclusion Power List 2022

Publication Author

2020 - Present

freeCodeCamp

I am writing for FCC about Software Development, Security and DevOps.

    🏆 Top Contributor 2018, 2019, 2020, 2021, 2023

Education

Korean Language | Korean Culture | Korean History

2011 - 2012

Sogang University, Seoul, South Korea

  • Korean Language Education Center | 서강대학교 한국어 교육원
  • 7급(고급) 졸업 | 1400시간
  • 개근상

Google EU Scholarship | Android Developer Nanodegree

2010 - 2014

Udacity

🏆 1st Phase. 1/60,000 EMEA recipients | 2nd Phase. 1/1,000 EMEA recipients

International Business Management | Geopolitics

2002 - 2007

Paris School of Business

  • Master Degree with Honours - Valedictorian
  • Thesis: ‘The Development of Shanghai – A Reflection of China’s Development’

Blog

My Articles

The AI and Cybersecurity Handbook – Past the Hype and Onto the ROI

Artificial intelligence (AI) has become one of the most talked about technologies in cybersecurity. Driven by the rising sophistication of cyber threats and large talent shortages, organizations are turning to AI as a force multiplier for security teams. But integrating AI into security workflows requires thoughtful planning and evaluation. Cybersecurity leaders need reliable data to justify the business case and return on investment (ROI) compared to existing tools and processes.

5 tips to supercharge app security from code to cloud

The journey from code to cloud and back to code necessitates a holistic approach to security. Organizations can build secure and resilient applications, protect sensitive data, and establish a strong AppSec culture by integrating security throughout the software development lifecycle. With the aid of tools like Snyk and GitGuardian, DevSecOps practices can be strengthened, allowing for more efficient and secure software development processes.

Guía de seguridad para software de código abierto

En esta guía, descubrirás los pasos clave que puedes seguir para mejorar la seguridad de tus proyectos de código abierto, incluyendo la adopción de un enfoque de DevSecOps, abordar las vulnerabilidades de código abierto, automatizar las tareas de seguridad, conocer tus propios activos y proporcionar capacitación en seguridad a los desarrolladores.

오픈 소스 소프트웨어 보안 핸드북

이 핸드북에서는 데브시큐어옵스 접근 방식의 채택, 오픈 소스 취약점 대응, 보안 업무 자동화, 자산 파악 및 개발자에 대한 보안 교육 등 오픈 소스 프로젝트의 보안 상태를 개선할 수 있는 주요 단계에 대해 알아볼 수 있습니다.

Guide de sécurité pour les logiciels open source

Dans ce guide, vous découvrirez les étapes clés que vous pouvez suivre pour améliorer la sécurité de vos projets Open Source, notamment en adoptant une approche DevSecOps, en traitant les vulnérabilités Open Source, en automatisant les tâches de sécurité, en connaissant vos propres actifs et en proposant une formation en sécurité aux développeurs.

How Security Analysts Can Use AI in Cybersecurity

Discover how AI is revolutionizing threat detection, enhancing accuracy, and automating tasks. From detecting malware and phishing attacks to bolstering network security, AI is reshaping the cybersecurity landscape.

What is Ethical Hacking?

Ethical hacking is important because it helps organizations identify and address vulnerabilities before they can be exploited by cybercriminals. Ethical hackers can provide valuable insights into a system's security posture and recommend improvements to mitigate the risk of a successful attack.

A day in the life of an ethical hacker

Ethical hacking refers to the practice of using hacking techniques to identify and expose vulnerabilities in computer systems, networks, and applications. Unlike malicious hackers, ethical hackers use their skills and knowledge to help organizations and businesses identify security weaknesses before they can be exploited by malicious actors. Ethical hacking can include a range of activities, from scanning and penetration testing to social engineering and physical security testing.

Ethical Hacking: Reporting Your Findings

The role of reporting and reports in ethical hacking is critical. Without proper reporting, the results of an ethical hacking engagement may not be effectively communicated to the relevant stakeholders, and remediation efforts may be inadequate or delayed. Reports are the primary means by which ethical hackers communicate their findings and recommendations to their clients.

Ethical Hacking: Skills & Training

The importance of ethical hacking in today's world cannot be overstated. With the rise of technology, our personal and professional lives are increasingly dependent on computer systems and networks. Cyberattacks are becoming more sophisticated and frequent, with the potential to cause significant harm to individuals, organizations, and even nations. Ethical hacking helps prevent such attacks by identifying weaknesses in systems and networks before they can be exploited by malicious actors.

Open Source Software Security Handbook

In this handbook, you'll learn about the key steps you can take to improve the security posture of your open source projects, including adopting a DevSecOps approach, addressing open source vulnerabilities, automating security tasks, being aware of your own assets, and providing security training for developers.

GitHub Security 101: Best Practices for Securing your Repository

I wrote a piece for GitGuardian where I share tips to improve your open-source repository's security in a few simple steps using the applications and actions on the GitHub marketplace, and how to harden your open source project.

Portfolio

Advocacy

  • All
  • Conference
  • Meetup
  • Webinar
  • Panel

CodeSecDays

Conference

CodeSecDays

Conference

DevSecCon London

Meetup

WTF is SRE? 2023

Conference

The Big Fix OWASP Top 10 Snyk Learn Path (Broken Access Control & SSRF)

Webinar

The State of OpenCon 2023

Conference