Ari Kalfus
I am a security leader, security engineer, and developer advocate who tricks companies into letting me run application and product security programs.
Hi, my name is
About Me
I currently lead Product Security at DigitalOcean. I strongly believe that security programs are only effective if they enable partners in product and engineering, instead of adding friction or blocking gates.
I write, intermittently, about security, software development, leadership, and other topics that interest me.
External Articles
Contextual Vulnerability Management With Security Risk As Debt
Learn how we redesigned our vulnerability management program at DigitalOcean using the concept of ‘security debt’ to drive meaningful risk reduction and empower engineering teams to prioritize and resolve security issues autonomously.
Fine-Grained RBAC For GitHub Action Workflows With GitHub OIDC and HashiCorp Vault
Read about how we designed a password-less model of least privilege secrets management in CI/CD.
Enabling Engineering Teams Through Developer-First Secrets Management
Secrets management is a challenge that every organization must face. This article goes through the challenges with shifting left and how to develop developer-first secrets management.
Speaking Engagements
Security Leadership
Culture
OWASP 2023 Global AppSec
Influencing Without Authority: The Foundations of a Successful Security Department of Yes
Secrets Management
CI/CD
Developer-First Security
HashiTalks 2023
Building Scalable Enterprise Secrets Management with GitHub OIDC and HashiCorp Vault
DevSecOps
CI/CD
Open Policy Agent
SnykCon 2021
How Compliance-as-Code Grants Developers Actionable Security Insights
Get in Touch
I am not currently seeking new job opportunities.
If you are interested in reaching out for another reason, I’d be happy to chat.