Learn more about me
#GetSecure, #BeSecure & #StaySecure
👋 Bonjour! I’m a Senior Security Advocate and a lifelong traveler who lived in the Middle-East, North Africa and Asia. Always looking for new challenges - I made a career change from International Business Consulting in 🇹🇳, 🇸🇦 and 🇸🇬 to Engineering in 🇰🇷 to Cybersecurity in the 🇬🇧.
Check My Resume
Snyk, London, UK
Photobox, London, UK
I owned and nurtured the relationship between InfoSec and Engineering, and developed good working practices between the two teams. I improved PBX's engineering standards in line with industry best practices by embedding a secure by default approach into all stages of the development lifecycle.
🌍 Brands included PBX UK and France, Hofmann (Spain) & PosterXXL (Germany)
🏛️ Security Design and Architecture -> in collaboration with the Security Management team, engineers, and peers leaders, I drove innovation and progress on security design patterns for use in services and operations through understanding evolving security risks, security research, and deep technical understanding of engineering patterns.
🗺️ Strategic Security Initiatives -> I drove strategic initiatives or cross-group projects contributing to the overall security strategy as needed to meet the changing security risk environment and ensure the team is achieving commitments. I worked with PMs and independently to create and implement accurate plans and develop success metrics and communication approaches for these initiatives and projects.
🎓 Development and Growth of Organisational Security Expertise & Branding -> I helped develop and grow individual contributors in the team and across the division in security maturity and expertise
Photobox, London, UK
🏛️ Security Design and Architecture - Architected, developed, and documented industry best practices to support Photobox initiatives while meeting performance and availability requirements - Performed security design evaluation and reviews, and provided subject matter expertise around application, cloud and network topics - Consulted with other engineers and stakeholders to analyse and propose application security standards, methods, and architectures - Balanced InfoSec risk with product feature advancement and incorporated the use of best-practice risk management methodology within the development process
🗺️ Strategic Security Initiatives - Understood and identified the existing processes and security gaps, and recommended technical solutions - Improved and streamlined the development process to secure the application in every stage of software development by implementing DevSecOps - Evaluated current or proposed security projects and provided feedback on feasibility - Assessed security tools and integrated tools as needed, particularly open-source tools - Evaluated, implemented and managed 3rd party application security tools that complement Photobox's existing tech stack - Identified cybersecurity threats and performed analysis based on threat vectors and identified vulnerabilities and build solutions to reduce the risk level
🎓 Development and Growth of Organisational Security Expertise & Branding - Developed security training and guidance to internal development teams - Worked with Engineers/Architects from other teams in projects - Mentored peers and junior team members in security technologies, designed best practices and cultivating positive partnerships with internal customers and teams - Led and conducted security engineering tasks, such as POC, lab exercises, R&D, security tools, and controls testing - Participated in industry working groups and provided insights to product development teams on leading architecture, design, and security practices
Moonpig, London, UK
The duties at Moonpig were the same as within Photobox. I improved Moonpig's engineering standards in line with industry best practices by embedding a secure by default approach into all stages of the development lifecycle.
🌍 Brands included Moonpig UK and Greetz (Netherlands)
🏛️ Security Design and Architecture
🗺️ Strategic Security Initiatives
WorldRemit, London, UK
My main focus was to embed a secure by default approach into all stages of the development lifecycle.
🏛️ My day to day duties covered - Performed code & design reviews for internal applications. Evaluated, architected, implemented, and supported security-focused tools and services. Monitored latest web app security developments and security trends. - Implemented secure coding and best practices across the SDLC, helping Product & Engineering teams to design, build, and ship robust code as part of a distributed microservices architecture. - Organised phishing campaigns with follow-up awareness training provided - Collaborated with the Engineers to remediate security issues with applications and APIs - Reviewed the security posture and collaborated with IT, Cloud and Site Reliability Engineering teams to remediate and make improvements - Operating the entire spectrum of security tools. Incident/Response/SOC - Bug Bounty triaging and reward evaluation - Strong knowledge of standard AppSec practices. OWASP Top 10, OWASP Pro Active Controls, OWASP ASVS, CIS Benchmarks, etc. - Security awareness training for all employees - Third-party review/onboarding - Policy Guidelines. PCI DSS/ISO 27001/Internal policies - Audit, reporting, presentations to teams & stakeholders
🛠️ Stack/Tooling/Vendors. Burp, Postman, VirusTotal, Shodan, Snyk, SSL Labs, Kali, CrowdStrike, DarkTrace, Dynatrace, Mimecast, Bugcrowd, Distil, Neustar, Flashpoint, Proofpoint DMARC, Netscaler, New Relic, Akamai, OKTA, Cofense, OWASP tools, Azure Security Center, AWS Security Hub
WorldRemit, London, UK
I worked on the corporate website and the development of new features (front/back-end)
🏛️ My day to day duties covered - Built reusable code, components, and libraries for future use following Atomic Design and Pattern Library - Optimised applications for maximum speed and scalability - Collaboration with other teams & stakeholders - Security Champions
🛠️ Stack/Tooling/Vendors. HTML, CSS, React, Nodejs, Express, Karma, Jest, C#, .NET, Nginx, Octopus, Docker, Splunk, Azure, Nexus, Umbraco, Wordpress
Snyk
I helped the development community build securely. This includes collaborating with peers, spreading security awareness and engage with community through reports, workshops, talks, blogposts and other artefacts. My expertise is around Security within Open Source projects, supply chain attacks and DevSecOps.
OpenUK
I support the work of OpenUK, promote the organisation purpose of developing UK Leadership in Open Technology through reports, workshops, talks, blogposts and other artefacts. My expertise is around Security within Open Source projects.
🏆 2023 OpenUK Honours, 2022 OpenUK Honours
CyberSafe Foundation
CAPSLOCK
GitGuardian
GitHub
I give back to the community by helping others hone their skills and by nurturing and growing less-explored communities and projects through reports, workshops, talks, blogposts and other artefacts. My expertise is around Security within Open Source projects, supply chain attacks and DevSecOps.
The GitHub Stars program thanks GitHub's most influential developers and gives them a platform to showcase their work, reach more people, and shape the future of GitHub.
🏆 GitHub Star 2021, GitHub Star 2022, Github Star 2023
GirlCode
I support GirlCode's aim at empowering women through technology. We believe that the more women get involved with tech, design, development and leadership, the more successful and diverse companies and their products will be in the future.
I give back to women in tech communities through presentations, podcasts and attending meetups/conferences on topics around leadership, career in tech and mentorship.
🏆 Diversity & Inclusion Power List 2022
freeCodeCamp
I am writing for FCC about Software Development, Security and DevOps.
🏆 Top Contributor 2018, 2019, 2020, 2021, 2023
Sogang University, Seoul, South Korea
Udacity
🏆 1st Phase. 1/60,000 EMEA recipients | 2nd Phase. 1/1,000 EMEA recipients
Paris School of Business
My Articles
Artificial intelligence (AI) has become one of the most talked about technologies in cybersecurity. Driven by the rising sophistication of cyber threats and large talent shortages, organizations are turning to AI as a force multiplier for security teams. But integrating AI into security workflows requires thoughtful planning and evaluation. Cybersecurity leaders need reliable data to justify the business case and return on investment (ROI) compared to existing tools and processes.
The journey from code to cloud and back to code necessitates a holistic approach to security. Organizations can build secure and resilient applications, protect sensitive data, and establish a strong AppSec culture by integrating security throughout the software development lifecycle. With the aid of tools like Snyk and GitGuardian, DevSecOps practices can be strengthened, allowing for more efficient and secure software development processes.
En esta guía, descubrirás los pasos clave que puedes seguir para mejorar la seguridad de tus proyectos de código abierto, incluyendo la adopción de un enfoque de DevSecOps, abordar las vulnerabilidades de código abierto, automatizar las tareas de seguridad, conocer tus propios activos y proporcionar capacitación en seguridad a los desarrolladores.
이 핸드북에서는 데브시큐어옵스 접근 방식의 채택, 오픈 소스 취약점 대응, 보안 업무 자동화, 자산 파악 및 개발자에 대한 보안 교육 등 오픈 소스 프로젝트의 보안 상태를 개선할 수 있는 주요 단계에 대해 알아볼 수 있습니다.
Dans ce guide, vous découvrirez les étapes clés que vous pouvez suivre pour améliorer la sécurité de vos projets Open Source, notamment en adoptant une approche DevSecOps, en traitant les vulnérabilités Open Source, en automatisant les tâches de sécurité, en connaissant vos propres actifs et en proposant une formation en sécurité aux développeurs.
Discover how AI is revolutionizing threat detection, enhancing accuracy, and automating tasks. From detecting malware and phishing attacks to bolstering network security, AI is reshaping the cybersecurity landscape.
Ethical hacking is important because it helps organizations identify and address vulnerabilities before they can be exploited by cybercriminals. Ethical hackers can provide valuable insights into a system's security posture and recommend improvements to mitigate the risk of a successful attack.
Ethical hacking refers to the practice of using hacking techniques to identify and expose vulnerabilities in computer systems, networks, and applications. Unlike malicious hackers, ethical hackers use their skills and knowledge to help organizations and businesses identify security weaknesses before they can be exploited by malicious actors. Ethical hacking can include a range of activities, from scanning and penetration testing to social engineering and physical security testing.
The role of reporting and reports in ethical hacking is critical. Without proper reporting, the results of an ethical hacking engagement may not be effectively communicated to the relevant stakeholders, and remediation efforts may be inadequate or delayed. Reports are the primary means by which ethical hackers communicate their findings and recommendations to their clients.
The importance of ethical hacking in today's world cannot be overstated. With the rise of technology, our personal and professional lives are increasingly dependent on computer systems and networks. Cyberattacks are becoming more sophisticated and frequent, with the potential to cause significant harm to individuals, organizations, and even nations. Ethical hacking helps prevent such attacks by identifying weaknesses in systems and networks before they can be exploited by malicious actors.
In this handbook, you'll learn about the key steps you can take to improve the security posture of your open source projects, including adopting a DevSecOps approach, addressing open source vulnerabilities, automating security tasks, being aware of your own assets, and providing security training for developers.
I wrote a piece for GitGuardian where I share tips to improve your open-source repository's security in a few simple steps using the applications and actions on the GitHub marketplace, and how to harden your open source project.