Moogsoft: Enterprise Security Platform Features
Role: SVP of Engineering & Interim CISO
Overview: This project involved a comprehensive enhancement of Moogsoft’s security platform, including SSO Integration (OIDC, SAML), RBAC, Custom Roles, and Proxy Collector Support. It also included a rewrite of security procedures for SOC II compliance, a new customer trust portal, and WAF improvements aligned with OWASP top 10. These efforts were crucial for Moogsoft’s expansion into the highly regulated financial sector.
Situation: Moogsoft needed to significantly upgrade its platform’s security features and compliance posture to meet the stringent requirements of enterprise customers, particularly in the financial industry, and to address evolving security threats. Existing security procedures required a complete overhaul to pass SOC II audits successfully.
Task: To lead the design, development, and implementation of enterprise-grade security features. This included rewriting all security procedures and controls to meet SOC II and related audit requirements, implementing a customer trust portal, and enhancing WAF capabilities. The ultimate goal was to unblock sales in regulated industries and improve overall platform security.
Action:
- Led the integration of Single Sign-On (SSO) with OIDC and SAML protocols.
- Implemented Role-Based Access Control (RBAC) and support for Custom Roles.
- Developed Proxy Collector Support for enhanced data security.
- Oversaw a complete rewrite of all security procedures and controls to align with SOC II audit requirements.
- Implemented a new customer trust portal to automate responses to security questionnaires.
- Directed changes to the WAF implementation to block known bad vectors, aligning with standards like OWASP top 10.
- Enhanced product features to provide users with more granular control over their authentication configurations.
Tech Stack Used: AWS EKS, AWS OpenSearch, AWS Aurora MySQL, Cloudflare DNS, Workers, CDN & WAF, Java, Vue.js, Kafka, Mongodb, Thanos, Auth0, Ambassador EDGE Stack.
Result: For the first time in company history, a SOC audit resulted in zero material findings following the comprehensive rewrite of security procedures and standards. This achievement drastically increased customer confidence in the product and platform, unblocking several pending deals and contributing approximately $1.5 million in new recurring revenue.
Context: As SVP of Engineering & Interim CISO, strengthening the security and compliance posture was a top priority. These platform improvements were instrumental in Moogsoft’s strategic push into the highly regulated financial sector, directly supporting record sales quarters in 2022 and contributing to the company’s $100 million exit with Dell.
Visuals:
