From securing the battlespace to securing the codebase

Hi Daniel! Can you tell us about your background?

Hi! I started my professional career as an analyst for the United States Marine Corps where I worked in information security and satellite intelligence and served in multiple overseas deployments. Then I decided to come to Paris to study at Sciences Po, where I learned a lot about many interesting topics but not quite what I was most interested to work in. So I decided to do a Master’s at the Ecole de Guerre Economique to learn more about technical issues, and at the same time I started learning Python and pentesting – I was more of a script kiddie but I enjoyed it!

After graduating, I joined a digital risk protection company called CybelAngel. Part of my job consisted of monitoring the dark web for Personally Identifiable Information (PII) like stolen credit card numbers and other criminal activities. That was my first contact with the hacking world and more precisely data breaches and leaks.

Did you learn about the problem of secrets leaking at that moment?

Not really, we were scraping the web not looking for infrastructure secrets specifically, but more for open servers etc.

So you were already using automated detection tools in your daily job?

Yes! It became very clear how important both accurate detection and efficient triage are for having a useful solution.

Well, I'm glad this didn't turn you off cybersecurity!

Ahaha, not at all! After CybelAngel, I moved to a new job as a security consultant for PwC. This was yet another story. Lots of corporate risk investigations, a mix of financial, cyber, reputational, and physical risks. As a consultant, I was conducting technical analysis, but I realized I really wanted to focus more on the business development aspect. For me, it's about seeing a product evolve and not just working on deliverables. I love the relationship aspect. But I wanted to work in the cyber field.

You're new position sounds like a dream come true then, isn't it! How did you hear about GitGuardian for the first time?

Actually, I studied with Alexis (who joined GitGuardian in 2021 too, check his interview) in Sciences Po, and I knew he was working here. So we had a coffee and he told me more about the company. For me, it was a no-brainer, I applied and got accepted!

After all these experiences, you could have landed a job pretty much anywhere, what was so exciting about GitGuardian?

It's very unique. A cybersecurity start-up, in Paris, addressing a very real problem with some of the best minds out there - I can't think of anything else exactly like it. When I started going through the technical aspects of the solutions, I was really impressed. It's very important to work on a product you believe in. And I'm completely sold on both GitGuardian products, we are simply better than the competition!

You were familiar with cyber issues, but did you expect secrets exposure to be such a big problem?

Yes, finding so many secrets was (and is still) amazing. At CybelAngel we didn't have such a broad range of secrets in our scope (no focus on API keys specifically, for instance), so the results were not of the same order of magnitude.

That being said, the first thing you're taught in security, in general, is that the number one challenge is human error, so I was kind of expecting that.

What are the big advantages of working at GitGuardian according to you?

First and foremost is the freedom and independence we're given. I know that I'm doing best when I can try something and see if it works or if it fails.

As early as my first week here, I was meeting with prospects. The biggest surprise for me was that I was expecting to see only high-tech profiles when in reality they come from a lot of different activity sectors. I recently met with a hospital CISO and he was telling me about all the problems coming from the aging IT infrastructure. You would not believe how many companies, whose core businesses don't have anything to do with technology, do in fact employ hundreds of developers. The market is vastly underestimated in my opinion, and the issue of secrets sprawl touches nearly everyone in some way.

What do you enjoy outside of work?

I have a passion for learning new languages. I first learned French (my mother tongue is English American, I'm from Ohio!), then Arabic, Italian, and now I’m trying my hand at ancient Greek! I love it, and it's much more fun if you can practice by living in a foreign country (I lived in the Middle East and then in Italy).

Thank you very much for your time Daniel!

Thanks!