Security Engineering Leader
Mohit Bansal.
I build and scale security engineering teams that turn reactive, manual programs into automated, telemetry-driven organizations.
01 / About
I'm a security engineering leader with 10+ years building and scaling high-impact teams across cloud infrastructure, detection & response, and application security.
My focus is turning manual, reactive security programs into automated, telemetry-driven organizations, cutting risk exposure and shrinking remediation timelines. I've done this at Walmart, Okta, and now Webflow, where I rebuilt the security engineering org from the ground up.
I care about security that fits how engineers actually build: secure-by-design, metrics-driven, and automated so the safe path is the easy one. I also write and speak about cloud and detection engineering.
What I focus on
- Cloud Security
- Detection & Response
- Application Security
- Vulnerability Management
- Threat Modeling
- Security Org Building
Recognition
- IEEE Senior Member
- AIUC-1 Consortium Member
02 / Experience
-
Webflow Senior Manager, Security Engineering
Lead Security Engineering: software supply-chain defense, cloud and container vulnerability management, and the endpoint and detection stack (EDR, MDM, SIEM).
-
Okta Engineering Manager, Application Security
Scaled automated security scanning across the engineering org and made threat modeling routine, without slowing release velocity.
-
Walmart Sr. Software Engineer, Security
Built automated vulnerability assignment and exposure tooling that turned a flat findings list into routed, owned, SLA-tracked work.
03 / Writing & Research
Published articles, press features, and talks across the security community.
Thought Leadership & Articles
- Jun 2026 The AI Vulnerability Surge: Transforming Vulnerability Management AI accelerates vulnerability discovery faster than teams can triage it, forcing new prioritization frameworks and automation at scale. The Purple Book Community
- Jun 2026 Audit trails are a feature, not a compliance tax Why audit logging is a competitive business asset that accelerates sales, enables AI accountability, and supports breach reconstruction. Webflow Blog
- May 2026 The GitHub Breach Wasn't a Fluke, It Was a Preview of What's Coming for All of Us A malicious VS Code extension supply-chain attack on GitHub reveals a recurring threat pattern most orgs are unprepared for. The Purple Book Community
- May 2026 Trusted by Default: The npm Attack Pattern Security Teams Miss How attackers abuse npm postinstall hooks to compromise developer laptops, treating the endpoint as the target, not just a pivot into infrastructure. SC Media
Featured & Interviews
- Jun 2026 When AI Agents Go 'God Mode,' the Security Perimeter Must Move to the Database As AI agents widen database access across the org, enforcement has to move to the data layer itself, not just good faith. The Read Replica
- May 2026 AI Can Speed Up the SOC, But Humans Own the Hard Calls AI is strong on triage, enrichment, and correlation, but humans must own irreversible actions like shutting down services or rotating credentials. The Security Digest
Talks
- Sep 2026 Upcoming Blue Team Con 2026 Speaking at Blue Team Con. Chicago, IL
- Aug 2026 Upcoming BSides Las Vegas 2026 Speaking at BSides Las Vegas. Las Vegas, NV
- Jun 2026 OWASP Bay Area Spoke at OWASP Bay Area. Bay Area, CA