Why we built it: A Q&A with Patrice Godefroid, one of the experts behind Lacework code security
When it comes to securing your code and applications, the real challenge that security and development teams often face is seeing the full picture. Our code security solution finally changes that, addressing code and cloud security as part of a single security continuum that spans the entire software development life cycle.
Behind this innovation is a team of tech’s brightest engineers and product managers. Their technical expertise, combined with their deep understanding of developer and security team challenges, enabled Lacework to bring this solution to life. Over the next few months, we’re highlighting these individuals and learning more about their career paths, their roles in developing code security, and what they’re most excited to do next.
We’re kicking off the series with a Q&A with Patrice Godefroid, a distinguished engineer with more than 30 years of expertise in program analysis, testing, verification, security, and software engineering. Patrice has been instrumental in creating code security since he joined Lacework two years ago. Join us as we get to know him and how he invents never-done-before techniques for securing the cloud.
Q: What first sparked your interest in engineering and how did you get started in the field?
A: I studied Computer Science in Belgium (where I grew up) and then started doing computer science research, by accident. Engineers solve problems and build “stuff.” Researchers solve problems that have never been solved before, by anyone anywhere on the planet! It’s addictive to extend humanity’s collective knowledge on specific topics, and you get to meet and collaborate with all kinds of creative people all over the world. I was lucky to be good enough at it that I could make a living out of it, getting a PhD, and then joining Bell Labs Research for 12 years, and then Microsoft Research (MSR) for 15 years. I joined Lacework nearly two years ago and was attracted by the amazing talent at this company. I am now officially a “Software Engineer” at Lacework but don’t be fooled, I am still doing “research” in disguise, inventing new never-done-before techniques for securing the cloud, with a diverse group of colleagues that I consider as good as my amazing Bell Labs and MSR colleagues. Good research is “new, useful, and non-obvious,” and that’s exactly what we are building at Lacework.
Good research is 'new, useful, and non-obvious,' and that’s exactly what we are building at Lacework.
Q: What would you be doing if you weren’t an engineer?
A: I can’t think of myself doing anything else, sorry!
Q: If you could give yourself one piece of advice when you were first starting your career, what would it be?
A: It’s easier to be the first than the best. Don’t follow others. Try to be the first.
Q: What was the initial inspiration behind developing code security?
A: Our motto at Lacework is “security is a data problem.” Historically, Lacework started by generating runtime data with our agents in order to monitor cloud assets and detect security-related anomalies using machine learning algorithms. Recently, we extended the Lacework platform with additional cloud configuration data (about resources, identities, access rules, etc.) with agentless data. And now, thanks to Code Security, we have access to data about code, both statically (by accessing and analyzing source code in repos) and dynamically (by making our agents “code aware”). Lacework has now a modern, integrated, scalable, end-to-end data platform, built from the ground up, from code to cloud and from cloud to code. We cover the entire development life cycle of cloud applications.
Q: How do you think code security will change the way developers approach security?
A: The data coming from all these parts is going to revolutionize software engineering of cloud applications, starting with their security. We are now capable of extending these data sources and inventing new ways to connect these dots in order to gain new insights into the security of cloud assets.
The data coming from all these parts is going to revolutionize software engineering of cloud applications, starting with their security.
With access to code, we can also make concrete recommendations as to how to fix issues at their source, by filing tickets with rich context to the appropriate code owners, and sometimes by directly suggesting code fixes via automatically-generated “pull requests.” We are at the forefront of this revolution and we are just getting started, barely scratching the surface of what is possible…
Q: How do you envision this product impacting the broader tech community?
A: Before joining Lacework, I worked for 12 years at Bell Labs Research and then for 15 years at Microsoft Research, arguably the two best industrial research labs in the world at their time. And I have seen firsthand the creation of software technologies that have revolutionized the world and that we now take for granted. I believe we are currently experiencing one such moment at Lacework: the platform we are building combining production runtime agent data, with agentless data, and now with code data is simply… amazing.
I have seen firsthand the creation of software technologies that have revolutionized the world and that we now take for granted. I believe we are currently experiencing one such moment at Lacework.
By leveraging the cloud (aka unprecedented data collection and analysis) to secure the cloud, we are pioneering new ways software can be developed for the cloud, thanks to the cloud itself! Only one thing is certain (besides death and taxes): the impact of our work on the broader tech community will be huge, long lasting, and will go beyond “just” security.
Want to learn more?
Code security is helping organizations worldwide gain the end-to-end visibility and context necessary to innovate faster. Check out our blog for details on our new approach.
Follow us on LinkedIn and stay tuned to meet more of the technical experts here at Lacework.