← All work

Security Scanning Across 3,000+ Services

Scaled automated security scanning across the engineering org and made threat modeling routine, without slowing release velocity.

Role
Engineering Manager, Application Security
Year
2019 to 2025
Stack
SAST · SCA · DAST · Secrets Scanning · Threat Modeling

The problem

Application security at Okta needed to scale across thousands of services without becoming a bottleneck for engineering.

Approach

  • Rolled out automated SAST, SCA, DAST, and secrets detection across 3,000+ services.
  • Instituted a lightweight threat-modeling program adopted by 15+ product and engineering teams in its first year, enabling secure-by-design delivery without blocking releases.
  • Built unified security data pipelines ingesting application and cloud telemetry to automate risk classification.
  • Embedded security requirements directly into quarterly roadmaps across 8 product lines.

Outcome

  • 60% reduction in average vulnerability triage time.
  • Mean time to remediate findings dropped from weeks to days.
  • Manual triage effort cut by more than 50%.