Jeremy Allen
What is security engineering? Generally, it is the engineering discipline of designing and building security into software with intention. The goal is to make systems resilient to attacks. Put simply, the art, science, and engineering discipline (such as it is) of ensuring software protects the system and user's resources. I have spent the last 19 years of my career in this field.
I have been in information security for 19 years as of 2025. I started as a consultant with Foundstone / McAfee in 2006. I had a software engineering background, so I ended up focusing on application security. Microsoft's SDL was a new idea. Threat modeling as a practice was just becoming a practiced thing. I delivered many application security assessments, code reviews and threat models. I then joined a small consulting firm, Intrepidus Group, which was later acquired by NCC Group. I would go on to found a consulting company, Carve Systems, with my business partners and friends, who I met at Intrepidus Group.
At Carve Systems, we focused on delivering high quality, boutique consulting engagements. We still focused on software security and threat models, but we branched into many different service lines. We delivered network penetration testing, red teams, risk assessments, and many other services for our customers. We always tried to deliver value to our customers. Carve Systems was acquired by iVision in August of 2021. I left Carve in 2023 and took a year off to remodel our house and figure out what I wanted to do next. I am now a Security Engineer at Google.
Much has been written about working at Google, so I won't write much. I work on securing Google's Cloud products. I work in the Authentication and Authorization space. Working at Google is very interesting and challenging and I enjoy it.