Hi, my name is

Ari Kalfus

I am a security leader, security engineer, and developer advocate who tricks companies into letting me run application and product security programs.

About Me

I currently lead Product Security at DigitalOcean. I strongly believe that security programs are only effective if they enable partners in product and engineering, instead of adding friction or blocking gates.

I write, intermittently, about security, software development, leadership, and other topics that interest me.

External Articles

Contextual Vulnerability Management With Security Risk As Debt
Learn how we redesigned our vulnerability management program at DigitalOcean using the concept of ‘security debt’ to drive meaningful risk reduction and empower engineering teams to prioritize and resolve security issues autonomously.
Fine-Grained RBAC For GitHub Action Workflows With GitHub OIDC and HashiCorp Vault
Read about how we designed a password-less model of least privilege secrets management in CI/CD.
Enabling Engineering Teams Through Developer-First Secrets Management
Secrets management is a challenge that every organization must face. This article goes through the challenges with shifting left and how to develop developer-first secrets management.

Speaking Engagements

OWASP 2023 Global AppSec
Security Leadership Culture
OWASP 2023 Global AppSec
Influencing Without Authority: The Foundations of a Successful Security Department of Yes
HashiTalks 2023
Secrets Management CI/CD Developer-First Security
HashiTalks 2023
Building Scalable Enterprise Secrets Management with GitHub OIDC and HashiCorp Vault
SnykCon 2021
DevSecOps CI/CD Open Policy Agent
SnykCon 2021
How Compliance-as-Code Grants Developers Actionable Security Insights

Get in Touch

I am not currently seeking new job opportunities. If you are interested in reaching out for another reason, I’d be happy to chat.