Why we built it: A Q&A with Security Engineer Ibrahim

Welcome back to Why we built it, our Q&A series where we offer a closer look at the brilliant minds driving innovation at Lacework. Today, we’re introducing you to Ibrahim, a security engineer and an integral player behind our code security solution. Ibrahim is a key founder of Meta’s static analytics program, which is globally one of the most advanced programs in the industry. As a security engineer with extensive static analysis expertise, Ibraham applies his passion for developing impactful solutions to securely help businesses and industries advance. In this Q&A, we’ll discuss Ibrahim’s vision for code security, some of the best advice he’s received, and the technology experts who inspire him. Let’s get to know Ibrahim. 

Q: What’s the most interesting thing you have ever built?

A: The most captivating accomplishments in my career unfolded during my tenure at Meta. I take immense pride in being a key founder of the static analysis program. It was truly fulfilling to see the static analysis engines analyze hundreds of millions of lines of code and help us detect over 50% of vulnerabilities. Now, at Lacework, I eagerly anticipate contributing to the creation of more sophisticated tools, this time with a broader impact on the industry, empowering scalability through automation.

Q: What was the initial inspiration behind developing code security? 

A: Code plays a pivotal role in the modern technological landscape. Today, virtually every aspect of our lives, from financial transactions to healthcare and transportation systems, relies heavily on code. As a security engineer, I recognize the critical responsibility to ensure that businesses and industries can advance securely. The challenge is compounded by a shortage of cybersecurity skills in the market and the accelerating pace of software development, a trend expected to intensify with the integration of AI.

Our overarching goal for code security is twofold:

• Empower developers for secure code development: We aim to equip developers with the requisite knowledge to swiftly and securely navigate the ever-evolving coding landscape. The emphasis is on building toolings that equip developers to make informed decisions during the coding, ensuring that speed and security are not mutually exclusive.

• Scale application security teams with automation: Recognizing the need for scalability in the face of growing challenges, our approach includes the implementation of high-fidelity and quality automation tools. This not only accelerates the identification and mitigation of security vulnerabilities but also allows application security teams to efficiently manage the increasing demands of code security.

Q: How do you envision code security impacting the broader tech community? 

A: I see a significant disparity between defenders and attackers in product security. It’s concerning to witness breaches stemming from classic, well-known vulnerabilities like SQL injection and command injection, two attacks that were discovered more than two decades ago. I envision Lacework code security offerings playing a crucial role in bridging this gap. I am confident that we possess the expertise to address this gap and empower businesses to advance confidently with secure code and infrastructure.

Q: What is the most important advice that you have received as an engineer, and how has it impacted your career?

A: 

• Embrace continuous learning: In the fast-paced world we live in, the key is to keep evolving. Stay humble as you continuously learn, adapt, and grow. Your reputation is a delicate thing — build it wisely. 
• One reputation, cherish and preserve: As I’ve heard from many wise voices, we often have just one reputation. Protect it at all costs. Let your work speak for itself, showcasing your skills and maintaining a pristine reputation. Every interaction with your team or customers is an opportunity to reinforce your positive professional image.
• Work-life balance: As I navigated my younger years, the advice on work-life balance seemed elusive. Yet, it holds great importance. Achieving a balance doesn’t necessarily mean the focus of the number of hours. It’s about the quality of time invested in both work and life. Striking this balance ensures not only a fulfilling personal life but also optimal performance and longevity in the professional side. 

Q: Which technology leaders or innovators inspire you? 

A: The tech landscape is filled with inspiring minds, and I’m drawn to those who bring a unique blend of technical expertise and leadership skills. Orange Tsai and Tavis Ormandy‘s groundbreaking research consistently leaves a lasting impact on the world, and I find their innovative approach truly inspiring. Michał Zalewski (Lcamtuf) and Thomas Dullien, on the other hand, stand out for their exceptional balance between technical expertise and leadership. It’s this duality that inspires me the most, and I find their journeys both motivating and instructive.

Learn more about code security

Lacework is helping organizations gain the end-to-end visibility and context needed to innovate faster. Learn more about our new approach to code security and follow us on LinkedIn to stay up to date with our latest innovations.