ReadMe

I’m Ali — a security engineer based in Berlin.

I started my career as a penetration tester, which turned out to be a pretty good way to learn how things break before trying to prevent them from breaking. Over the years I moved from the offensive side into building security programs, helping engineering teams ship more securely, and running DevSecOps transformations across organizations in telecoms, fintech, and cloud-native product companies.

On the OWASP side: I lead the OWASP Berlin Chapter, initiated and lead the OWASP ThreatAtlas project, and lead the OWASP DevSecOps Guideline project. I’m also a contributor to the OWASP Mobile Security Testing Guide. These projects matter to me because they’re built by practitioners for practitioners — not for compliance checklists.

On the speaking side, I’ve talked at BSides Munich, WeAreDev, TechNation, and the OWASP Berlin Meetup — mostly about threat modeling, DevSecOps culture, and the gap between security theory and what actually works in a real engineering org.

This blog is where I write about the things I’m working through: tools I’m evaluating, patterns that work, ideas I want to think out loud about. It’s not a polished content marketing operation — just notes from someone who spends a lot of time thinking about how to make software harder to attack.

If you want to talk, LinkedIn is the best place to find me.