I'm an experienced software engineer with passion for security. Iβm based in Sweden πΈπͺ (CET/CEST) but I work remotely π.
I help companies, that don't have a budget or need for a full-time security lead, to protect data, IP and money.
I can help you to:
Build more secure products
I help companies to introduce best practices of secure product development.
I review critical parts of code and infrastructure. I set up automated security checks for the languages and frameworks you are using.
I teach and facilitate threat modelling (STRIDE) and risk assessment sessions for the features and releases.
I register the code in bug bounty programs.
I help prepare the product for security audits, find the right company to do that and create action items from their report.
I also help with security budget, so you don't spend money on what you don't need.
Improve security of work processes
I help you to adjust settings of your email/calendar and web meetings applications.
I can setup 2FA on your services and connect them to YubiKeys for protection and convenience.
I setup access, so employees have the right amount of access to do their job efficently.
I setup a program that trains your employees to recognize fake emails.
I know how to protect workplace in 100% remote and WFH-first organizations.
Limitations
If you are a big company with your own security department, I can offer you an independent second opinion.
I'm the most comfortable with mobile SDKs (Android/iOS/React Native) and with Go/JS/AWS. Other tech stacks might take some time to get me up to speed.
Some organizations introduce security theater: they sacrifice convenience in the name of "security". This is really sad, because these practices don't make anything more secure. It is called "security theater". I believe, that right security practices don't have to impede your work process or make UX of your product worse.
If you are interesed, let's talk!