Hi, my name is

Ari Kalfus

I am a security leader, security engineer, and penetration tester who tricks companies into letting me run application and product security programs.

About Me

I am a security engineer and penetration tester currently leading Product Security at DigitalOcean. I strongly believe that security programs are only effective if they enable partners in product and engineering, instead of adding friction or blocking gates.

I write about security, software development, leadership, and other topics that interest me.

Speaking Engagements

OWASP 2023 Global AppSec
Security Leadership Culture
OWASP 2023 Global AppSec
Influencing Without Authority: The Foundations of a Successful Security Department of Yes
Event Session
HashiTalks 2023
Secrets Management CI/CD Developer-First Security
HashiTalks 2023
Building Scalable Enterprise Secrets Management with GitHub OIDC and HashiCorp Vault
Watch Recording
SnykCon 2021
DevSecOps CI/CD Open Policy Agent
SnykCon 2021
How Compliance-as-Code Grants Developers Actionable Security Insights
Watch Recording

Notable Open Source

artis3n.tailscale
An Ansible role to install and configure a Tailscale node.
GitHub OIDC + HashiCorp Vault
A Terraform module to configure Vault for GitHub OIDC authentication from Action runners.

Get in Touch

I am not currently seeking new job opportunities. If you are interested in reaching out for another reason, I’d be happy to chat.