Cobalt’s Customer Experience (CX) is split into three teams aimed at creating delightful experiences for our customers with leading design, pentest workflow experience, integrations with developer and security tools via an easy-to-use API, and enterprise level security and permissions with access control. The team is divided into:
For this blog, I'll dive a bit more into my experience at Cobalt as the Engineering Manager of Customer Experience — Pentest.
My name is Regina Andrade, and I am an Engineering Manager at Cobalt. Prior to being a manager, I was a software engineer for almost 20 years. To some, that means I earned my stripes, but to me, that also means it is 20 years worth of code that managed, thankfully, to go unexploited.
Usually, security is not the first item on someone’s mind when writing code — faced with aggressive deadlines, changing requirements, and lofty ambitions. We want to get awesome features into the hands of our users, keep the architecture solid, and make designers and product teams happy. That being said, some of my prior companies had very robust security postures and practices. For example, companies where I knew someone else was going to double-check that I didn’t introduce flaws and also ones that guided me with great detail about how to check my work for potential vulnerabilities. Some companies, however, did not measure up. And at the time, I didn’t think it was my job to change that. I do now.
The landscape of being a software engineer is vastly different from when I started my career, and so is application security. Take a quick look back at the last 5-10 years, and we see an entirely new set of devices and information systems that connect to the internet — from home thermostats to smart watches, from utility grids to pacemakers. My husband has a cooking thermometer that is bluetooth connected to an app on his phone, for perfect temp steaks on the barbecue. Every time he uses it he gets an email asking for a product rating on Amazon; they know when he hasn’t added one yet, and they know when it’s in use. Everything, even seemingly minor details about each of us, is interconnected.
While the endless influx of gadgets and data can make for an amazing future, we have to do everything we can to secure it. Even the most well-trained, conscientious, and capable software engineer may not have the tools, guidance, or time to analyze how their changes alter an entire system from the perspective of potential attack surfaces, but no one wants to face the horrifying realization that code you wrote was hacked. This is why I’m so incredibly proud and inspired to lead one of our Customer Experience teams at Cobalt: for me, our ultimate customers are software engineers.
Of course we aim to make application security less painful and less difficult for organizations of all shapes and sizes, whether going through digital transformations or starting up to create the next great technology of our time. However, with the cybersecurity industry facing employment shortages and ever-increasing ways that information is gathered, applied, and accessed, the risk is constantly accumulating. Every time Cobalt runs a pentest, we are not only helping to protect our clients, we are also protecting the software engineers who may not have the support, training, and time to continually ensure that their work is secure every time they deploy it. Traditional pentesting cannot keep up. With Cobalt’s 2-day turnaround of planning and starting a pentest, we can.
On Customer Experience (CX) Pentests, we are creating intuitive, delightful workflows for defining and planning pentests, so that companies and engineers can focus on accurately outlining their portfolio of technologies and efficiently remediate any findings from those tests. Collaboration tools are set up to facilitate direct, timely communication with pentesters, both during the pentest and re-testing processes. Reporting and Insights displays continue to evolve as we incorporate customer feedback, to fine-tune the presentation of risk analysis and assessment. Our CX Integrations team is focusing on our public APIs and integration with other applications.
To start, customers can export found vulnerabilities to various issue reporting systems, such as Jira and GitHub. By more immediately notifying developers there is a problem, we shortcut the traditional pentesting approach of printed reports, and code corrections can begin immediately. These features have to be built upon a strong and secure foundation, which is what the CX Foundations team is tasked with. User management, in-app notifications, enterprise level security, and advanced feature-level access controls are a few of the projects on our horizon.
Cobalt’s Engineering teams are building a collaborative interface to the security workforce, and with our Pentest as a Service business model, we are revolutionizing application security. You can bet that we aren’t resting on our accomplishments. Our Cobalt values, which bring continuity and a shared culture to our widely distributed team, wouldn’t let us even if we wanted to.
Cobalt Engineering is determined, ambitious, highly skilled, and we are growing. You can be a part of that growth! We have several open roles for candidates with Ruby, React, and Kotlin (or Java) backgrounds. Any one of our managers would be happy to tell you more about your day-to-day life as a Cobalt Engineer, what our development stack consists of, and how we run Agile, but you can hear that from a lot of people in any number of companies. I thought it’s more important for you to hear what inspires me, why I’m proud to work for Cobalt, and why our career opportunities are unique and valuable to everyone in software engineering. Come join us.