Menu
Take your Security Engineering from

Zero to One

"Specializing in product security, I bring over two decades of experience integrating secure design, threat modeling, and architecture reviews into fast-paced development environments. Helping engineering organizations, from startups to global enterprises, embed security across the SDLC process with prioritized, cost effective controls that support velocity and scale."

Scroll

Services

Application Security

  • Security Architecture & Design

    Building systems from the ground up to resist misuse, threats, and failures by integrating security principles into architecture, not just adding defenses after the fact.

  • Third Party and Ecosystems Security Programs

    Implement risk assessments, vulnerability management and secure coding practices for third party integrations and interactions across ecosystem components.

  • AppStore Security Standards

    Design policies, procedures and capability to secure the developer and partner ecosystems based on AppStores and Integration platforms.

Product Security

  • Software Supply Chain Security Programs

    Ensuring a secure software supply chain requires hardened build systems, signed and verified artifacts, and trusted deployments that validate code integrity from source to production.

  • Secure CI/CD Deployments

    Enforcing least privilege, securing secrets, and validating infrastructure and application code to prevent unauthorized changes and insecure deployments.

  • Vulnerability Management Programs

    Implement VM programs to develop continuous processes for identifying, assessing, prioritizing, and remediating security weaknesses across systems, applications, and infrastructure providing real time insights into the security posture of the organization.

  • Bug Bounty and Penetration Testing Programs

    Design and kick start vulnerability identification programs either based on penetration testing and/or bug bounty methodologies.

Product Security Operations

  • Security Analytics & Visualization

    Develop reporting capability such as dashboards and automated reports to equip organisations and teams with actionable insights by transforming complex security data into clear, visual stories that support rapid detection and informed decision-making.

  • Security Tooling & Automation

    Design, develop and deploy capability for DAST (Dynamic Application Security Testing), SAST (Static Application Security Testing), SCA (Software Composition Analysis) and Secrets Detection tooling.

AI Safety & Secure ML

  • Model Integrity & Robustness

    Manual and Automated testing for tampering, evasion, and exploitation ensuring trust at every inference.

  • Privacy & Transparency

    Design and develop safeguards around sensitive data while making model decisions understandable, accountable, and trustworthy.

  • Adversarial Machine Learning

    Manual and Automated testing involving manipulating input data to deceive AI models, potentially causing them to make incorrect predictions or decisions.

Education & Training

  • Security Champions Programs

    Empower passionate team members to advocate for security best practices and foster a culture of proactive risk management within their teams.

  • Secure Code Development Training

    Developer training on how to identify, avoid, and fix common security flaws to build safer, more resilient software.

History

Twenty years ago, my career started in offensive security and hands-on security engineering. In the early years, I was involved in and led penetration testing programs for major Australian financial institutions, delivering high impact assessments across web, mobile, and critical infrastructure. This foundational experience in identifying real world vulnerabilities shaped a practical, engineering first philosophy in me, one that would later define my approach to security engineering. As the scope expanded, I began advising product teams on secure architecture design, performing indepth code reviews, and developing penetration testing programs and teams across regions including Australia, the broader APAC region, U.S. and Israel.

Moving from external testing to embedded product security, I began working with fast-growing software companies to build inhouse capabilities from the ground up. I played a pivotal role in scaling the product security team for a global SaaS company, designing and implementing secure development practices across diverse codebases and global engineering teams. This included embedding security into CI/CD pipelines, deploying SAST, DAST, and SCA tooling and creating engineering driven security champion programs. Over time, I also built robust vulnerability management workflows, defined remediation SLAs and created automated risk reporting pipelines that gave executives real time insight into a product's security posture.

In the past decade, I have refined my identity as a product security engineering partner. I have architected secure by default tooling, implemented secrets management platforms, hardened application platforms with protective middleware (like anti-SSRF endpoints) and launched self service assurance platforms to shift security left at scale. Bug bounty programs, secure app store submission frameworks, and threat modeling exercises became part of the standard operating model I introduced and developed at companies. Today, I continue to help modern software companies embed security deeply into their engineering culture, empowering teams to ship fast, and ship securely, with security designed as a core feature and not an afterthought.

Testimonials

Author image Daniel Vydra CTO, Buildkite

I have worked with Ashwin since 2023, when as CTO, I engaged him for security consulting and assessment at a B2B software company. He worked independently from the initial brief, and delivered great insights around where we should focus our security investments. Subsequently I was happy to hire him into a permanent role, where he founded and grew all aspects of the security function within the organisation: corporate, infrastructure and software. Ashwin is reliable, communicates well, and is very capable of working with minimal guidance. I would happily work with him again.

Author image Marc Lee CTO, Josef Legal

Ashwin has proven to be an exceptional partner in strengthening our company's security posture, unlike many security vendors who adopt a one-size-fits-all approach. He tailored his recommendations to align with our specific business objectives. They are clear, pragmatic and practical advice and guidance. I trust and fully recommend him.