Photo: AI-generated image based on a 0x41434f prompt
Introduction
A lot of people I meet ask me what exactly I do as a Security, Privacy, and Compliance Engineer. Instead of explaining it every time, I thought I'd write a blog post to break it down. I'll also share how my passion for this field led me to start my own automated data security and privacy compliance startup and develop tools that empower users.
I. Security Engineering
In security engineering, my focus is on keeping systems safe from unauthorized access and cyber threats. This involves:
i. Diving into software architecture to ensure it's designed with security in mind, including analyzing code and modeling potential threats.
ii. Conducting various security tests, like penetration testing, to find and fix vulnerabilities before someone else does.
iii. Responding quickly to security incidents, containing issues, and learning from them to prevent future problems.
For example, when a company's network was breached, I led the incident response team. We identified the source, contained the breach, and ensured no data was lost. Then we strengthened our defenses to prevent it from happening again.
II. Privacy Engineering
Privacy engineering is all about protecting user data and handling it responsibly:
i. Enhancing user privacy by working on features like privacy dashboards or tools that anonymize data.
ii. Ensuring that data flows are properly mapped and that sensitive information is encrypted.
iii. Regularly reviewing our products to make sure we're complying with privacy regulations like GDPR and collecting only the data we truly need.
One of the projects I'm most proud of is a web app I built to help users regain control of their personal information. The app simplifies the process for consumers to manage their data by finding companies that may have their information. With a simple tap, users can send a request for the company to delete their account or stop selling their data. This empowers individuals to take charge of their privacy without navigating complex legal processes.
III. Compliance Engineering
Compliance is about following the rules and regulations that govern our industry:
i. Making sure we're meeting requirements like GDPR, CCPA, NDPA, and other relevant laws.
ii. Evaluating third-party vendors' security and privacy practices to ensure they meet our standards.
iii. Creating and maintaining policies that guide our company's data handling practices.
When new privacy regulations came into effect, I updated our data handling practices and user consent processes to ensure we remained compliant. Additionally, when we decided to partner with a new vendor to handle customer data, I conducted a thorough review of their systems to ensure they adhered to our high standards before we moved forward.
IV. My Startup Initiative
Photo: AI Generated / 0x41434f Prompt
Beyond my day job, I took my passion a step further by starting an automated data security and privacy compliance startup. Our platform helps companies detect and manage their sensitive data—both known and shadow data—across all their cloud-native data stores, managed and unmanaged. It automatically prioritizes actual and potential risks by:
i. Discovering and classifying data: Automatically locating all data stores and classifying the sensitive information within them.
ii. Identifying and eliminating exposed data: Finding data vulnerabilities and taking action to secure them.
iii. Preventing data leakage: Stopping unauthorized data movement between environments.
iv. Providing continuous security and compliance: Offering actionable insights to maintain ongoing compliance with evolving regulations.
Through this platform, data security, compliance, and governance professionals can answer some of the most fundamental questions about their cloud data, helping them stay ahead of vulnerabilities and compliance violations.
V. Bringing It All Together
These roles often overlap. I might be conducting a security review while also considering privacy implications and ensuring we're compliant with regulations. It's a balancing act that requires attention to detail and a deep understanding of various aspects of technology and law.
Recently, we faced a potential security threat. My team and I acted quickly to contain it, identified the vulnerability, and updated our systems to prevent similar issues in the future. This is a perfect example of how security, privacy, and compliance intersect in my work.
Conclusion
Being a Security, Privacy, and Compliance Engineer means I'm constantly working to protect data, respect user privacy, and ensure our company follows the rules. Whether it's through my day job, my startup, or personal projects, I'm passionate about building trust with users and keeping the digital world a bit safer. It's challenging but rewarding work that combines technology, law, and a commitment to doing what's right.