Hi everyone,
I’d like to introduce Chris Steipp, who starts today as our Senior
Security Engineer. Chris comes to us from Global Media Outreach,
where he served as their CTO. Before that, he worked at Novacoast,
doing security consulting. He went to school at Royal Hollaway in
Egham, UK (just outside London).
The Software Security Engineer was originally conceived as a means of
increasing our code review capacity. One bottleneck in our code review
process was when a specific security review was needed, because most
people aren’t as confident in themselves to perform a specific review
for security, nor confident in each other. That led to a situation
where we had one person (Tim Starling) who would be the bottleneck for
complicated security reviews. Now with Chris on board, we have
someone (else) whose job it is to do security reviews.
However, that won't be Chris's sole responsibility. A lot of Chris's
time will be spent designing and developing new features and enhancing
existing features of Wikimedia systems, with a particular focus on
features requiring expertise in security (such as improved HTTPS
support, better/different authentication features, and other handling
of sensitive data).
Chris is a friendly and enthusiastic teacher, and is planning to lead
secure development training for the organization.
Chris lives here in the SF Bay area with his (soon to be growing)
family. Please join me in welcoming Chris!
Rob