Tag Archive security engineering

Announcing Jemurai Security Automation

Matt Konda one comments

Its been an exhilarating few weeks.  I had to remind myself to take a breath and blog today.

What’s new-ish is that, we have a core team working on a new platform for security automation.  It extends the work we’ve done with Glue and other ideas taken from a great sample of client consulting engagements.  Across all of those engagements it just never felt like any solution was complete or as intuitive as it should have been.  We were always bending rules to live in Jenkins or to write custom scripts to check things that maybe aren’t that unique.

I’ve tried to always remind my team:  get meta.  What’s the problem behind the problem?  That vuln isn’t the problem.  Its the SDLC that allows the vuln to be introduced and not reviewed or noticed that is the problem.

Frankly, as a team we all started to think that all the tooling we’re using for DevOps and Security Automation is all too opinionated.  None of it is at its root there to be the backbone of a flexible solution.  Usually the existing tooling is pushing you into a particular vendors security tool.

We don’t have a combination of a rich inventory, accessible through an API, combined with a flexible way to do things with source code, containers, live systems, clouds in an abstracted way that can be assembled to build a better security automation solution.  The opportunity presented itself to start working on it and as a team we couldn’t be more excited to be building the next generation of tooling.  We’ve got prototypes flying that look at this problem in a whole new way.

If you’re interested in hearing more, are struggling with security automation, or have ideas you want to share to help us, I would personally love to hear from you.  We’re also actively looking for beta testers.  Catch me at matt at the company domain dot com.

What is Security Engineering?

Matt Konda No Comments

Security Engineer is an interesting title.  Across our customers, it has different meanings to different people.  At one end of the spectrum, it is a synonym for a security analyst, which we think of as a skilled resource focused on a very specific portion of security – maybe monitoring the SIEM, maybe running static analysis, maybe feet on the ground doing vulnerability management.  At the other end of the spectrum, security engineering is software engineering around security related features.

If you know Jemurai well, you know we focus at the engineering end of the spectrum.  We’re developers at heart, working on security.  We’ve increasingly engaged in projects where writing code to do security has been foundational to the role we’re in.

As we have grown, we have started to extract some of the most common of these engineering tasks – things like:

  1. Improving application security signal
  2. Managing secrets in Vault
  3. Broadening input validation
  4. Data protection in big data environments.

Clients have appreciated not just advise or gap analysis, but implementation help doing this work.  Turns out it is extremely rewarding as well.