Application security
Application security is so much more than not writing injectable code. It is about skilled and sensible engineering and hygiene. Today we can enjoy mature frameworks, concepts and tooling. Let’s teach developers about engineering, reusing code and aiming for standardization, robustness and predictability.
Full-stack development
Being an engineer through and through, I have quite a strong background in multiple areas. This results in being operational rather quickly, and being able to resolve more integrated and complex issues.
Yet I’m often referred to as a person with effective soft-skills, being a go-to sparring partner and team-coach. Invite me over and take your pick ;)
Threat-modeling and architecture review
Good engineers use other engineers to challenge their ideas.
In the process we can use tools like threat-modeling, or consult to development-teams by reviewing their design choices or architecture.
I have extensive experience in designing, developing and maintaining complex enterprise-scale web-applications, including lots of system-integration, performance-tuning and for example Single Sign-on.
Combined with deep knowledge on cyber-security this can be a very effective mindset when it comes to bringing security-knowledge into development teams.
Smooth and clear communication is important to me. I love to work agile (Scrum / Kanban), using progressive CI/CD pipelines and solid security- and codingstandards.