Menu Icon
< back to main
 • 5 min read

Spotlight on Engineering | Encoding Customer Experience

Regina Andrade dives into her experience at Cobalt as the Engineering Manager of Customer Experience — Pentest.

Spotlight on Engineering | Encoding Customer Experience
Regina Andrade
Regina Andrade

Formerly a software engineer with around 20 years of industry experience, Regina is the Engineering Manager for one of Cobalt’s Customer Experience teams. After writing code for a wide variety of companies, she set her sights on leadership to leverage her extensive background and further the initiatives of diversity in engineering, and shifting left application security. She holds a BS in Engineering from Vanderbilt University, and a Certificate in Managing Global Teams from Cornell University, which form the foundation of her approach to balancing the technical and not-so-technical aspects of engineering management.

Want to see the platform in action?
get a demoArrow Right
Want to see the platform in action?
get a demoArrow Right

Cobalt’s Customer Experience (CX) is split into three teams aimed at creating delightful experiences for our customers with leading design, pentest workflow experience, integrations with developer and security tools via an easy-to-use API, and enterprise level security and permissions with access control. The team is divided into:

Blog Graphics

For this blog, I'll dive a bit more into my experience at Cobalt as the Engineering Manager of Customer Experience — Pentest.

My name is Regina Andrade, and I am an Engineering Manager at Cobalt. Prior to being a manager, I was a software engineer for almost 20 years. To some, that means I earned my stripes, but to me, that also means it is 20 years worth of code that managed, thankfully, to go unexploited.

Usually, security is not the first item on someone’s mind when writing code — faced with aggressive deadlines, changing requirements, and lofty ambitions. We want to get awesome features into the hands of our users, keep the architecture solid, and make designers and product teams happy. That being said, some of my prior companies had very robust security postures and practices. For example, companies where I knew someone else was going to double-check that I didn’t introduce flaws and also ones that guided me with great detail about how to check my work for potential vulnerabilities. Some companies, however, did not measure up. And at the time, I didn’t think it was my job to change that. I do now.

The landscape of being a software engineer is vastly different from when I started my career, and so is application security. Take a quick look back at the last 5-10 years, and we see an entirely new set of devices and information systems that connect to the internet — from home thermostats to smart watches, from utility grids to pacemakers. My husband has a cooking thermometer that is bluetooth connected to an app on his phone, for perfect temp steaks on the barbecue. Every time he uses it he gets an email asking for a product rating on Amazon; they know when he hasn’t added one yet, and they know when it’s in use. Everything, even seemingly minor details about each of us, is interconnected.

While the endless influx of gadgets and data can make for an amazing future, we have to do everything we can to secure it. Even the most well-trained, conscientious, and capable software engineer may not have the tools, guidance, or time to analyze how their changes alter an entire system from the perspective of potential attack surfaces, but no one wants to face the horrifying realization that code you wrote was hacked. This is why I’m so incredibly proud and inspired to lead one of our Customer Experience teams at Cobalt: for me, our ultimate customers are software engineers.

Of course we aim to make application security less painful and less difficult for organizations of all shapes and sizes, whether going through digital transformations or starting up to create the next great technology of our time. However, with the cybersecurity industry facing employment shortages and ever-increasing ways that information is gathered, applied, and accessed, the risk is constantly accumulating. Every time Cobalt runs a pentest, we are not only helping to protect our clients, we are also protecting the software engineers who may not have the support, training, and time to continually ensure that their work is secure every time they deploy it. Traditional pentesting cannot keep up. With Cobalt’s 2-day turnaround of planning and starting a pentest, we can.

On Customer Experience (CX) Pentests, we are creating intuitive, delightful workflows for defining and planning pentests, so that companies and engineers can focus on accurately outlining their portfolio of technologies and efficiently remediate any findings from those tests. Collaboration tools are set up to facilitate direct, timely communication with pentesters, both during the pentest and re-testing processes. Reporting and Insights displays continue to evolve as we incorporate customer feedback, to fine-tune the presentation of risk analysis and assessment. Our CX Integrations team is focusing on our public APIs and integration with other applications.

To start, customers can export found vulnerabilities to various issue reporting systems, such as Jira and GitHub. By more immediately notifying developers there is a problem, we shortcut the traditional pentesting approach of printed reports, and code corrections can begin immediately. These features have to be built upon a strong and secure foundation, which is what the CX Foundations team is tasked with. User management, in-app notifications, enterprise level security, and advanced feature-level access controls are a few of the projects on our horizon.

Cobalt’s Engineering teams are building a collaborative interface to the security workforce, and with our Pentest as a Service business model, we are revolutionizing application security. You can bet that we aren’t resting on our accomplishments. Our Cobalt values, which bring continuity and a shared culture to our widely distributed team, wouldn’t let us even if we wanted to.

Cobalt Engineering is determined, ambitious, highly skilled, and we are growing. You can be a part of that growth! We have several open roles for candidates with Ruby, React, and Kotlin (or Java) backgrounds. Any one of our managers would be happy to tell you more about your day-to-day life as a Cobalt Engineer, what our development stack consists of, and how we run Agile, but you can hear that from a lot of people in any number of companies. I thought it’s more important for you to hear what inspires me, why I’m proud to work for Cobalt, and why our career opportunities are unique and valuable to everyone in software engineering. Come join us.

Life at Cobalt

Related Stories

The State of Pentesting 2020
The State of Pentesting 2020
The State of Pentesting 2020 Finds Strong Relationship Between Security and Engineering
Read moreArrow Right
Meet Engineering Halfway: How Pentest as a Service Speeds Up Remediation
Meet Engineering Halfway: How Pentest as a Service Speeds Up Remediation
How does Pentest as a Service (PtaaS) help teams respond to findings quickly and effectively?
Read moreArrow Right
Spotlight on Engineering:  Tips From Our Hiring Team on How To Nail Our Interviews
Spotlight on Engineering: Tips From Our Hiring Team on How To Nail Our Interviews
Learn about our interview process and how to put your best foot forward.
Read moreArrow Right
Engineer Perspective: Benefits of Cobalt's PtaaS platform
Engineer Perspective: Benefits of Cobalt's PtaaS platform
Take a look at Cobalt's PtaaS platform from an engineer perspective with this interview of Sarah Ridge, a Cobalt Senior Software Engineer to see the benefits of a PtaaS platform brings to developers.
Read moreArrow Right

Never miss a story

Stay updated about Cobalt news as it happens