Securing Internal Applications @ Loom

Presented at BSidesSF 2022 Rescheduled, June 5, 2022, 2 p.m. (25 minutes).

A chain is only as strong as its weakest link' is a common security paradigm that we believe at Loom. Believing in this, we decided to take a security first approach to improve the security posture for our internal applications which are used widely for administrative purposes.


Presenters:

  • Narayan Gowraj - Loom
    Loom is a Series C startup and an essential tool for hybrid workplace. Narayan Gowraj is a Security Engineer at Loom where he has been leading and pioneering security initiatives. Narayan has also been actively working on developing hands-on security techniques with product teams to have security baked into their SDLC process. Before joining Loom, Narayan held Security Engineer roles at Lyft, Adobe. At Lyft, he worked on different security programs around cloud security. One such project is trimming down IAM entities based on a risk driven approach. This was presented at fwd:cloudsec 2020 (https://fwdcloudsec.org/2020\_speakers.html#security-onion). Narayan helped scale the Bug Bounty program at Lyft. At Adobe, Narayan held a key role in helping secure premium creative cloud apps (like PS, Lightroom, etc), having built a CI/CD system for securing the mobile ecosystem at Adobe using in-house automated tools.

Links: