Have something to share about engineering practices, architecture or DevOps?
Become a speaker now
Dmitry Tiagulskyi

Dmitry Tiagulskyi

Tech Lead at Grammarly, Ukraine

For many years, Dmitry has been a tech lead at Grammarly, where he has developed cloud services for millions of users. As an on-call warrior, he is interested in making software simple and reliable. Now he is mostly focused on security and privacy engineering.

Dmitry works with Java, AWS, and natural language processing. He still remembers programming in BASIC on a Soviet PC “Korvet” with nostalgia.

Speaker's activity

Building a security program at Grammarly. Integrating security in product development.

Talk

Russian

You are a software developer or engineering leader in a typical internet product or service company. You have web, mobile, or native apps for different platforms, and your backends run in the cloud. You embrace test-driven development, rapid iterations, infrastructure as code, continuous delivery, and monitoring.

But what about security? Someday your users, your clients, or your CEO will ask this question. Maybe there is another breach in the news. Or someone has sent you a vulnerability report to security@yourcompany.com. Wait—do you even have security@yourcompany.com mailbox?

In a big enterprise, someone takes care of security for you. In a growing product internet company, you must implement it from scratch.

In this talk, I’ll show how to begin focusing on practical things that worked for us at Grammarly. We will talk about:

– How much “security” is enough?
– When to build a security team and how to establish roles and structure.
– Working with external consulting and penetration testers.
– How to launch a bug bounty program and make the most of it.
– How a security team interacts with development teams in a non-blocking way.
– What if your DevOps (or NoOps) teams release features and experiments multiple times per day?
– Infrastructure, tools, monitoring, and automation for DevSecOps.

Slides