About Me

Krzysztof Pranczk Photo

Krzysztof Pranczk

Author of DevSec Blog

I’m a Security Engineer and a Software Developer with a real passion to cybersecurity, especially Product and Application Security. I worked both on defensive and offensive sides of cybersecurity. As a Security Consultant, I performed hundreds of offensive security assessments against web and mobile applications. As a Security Engineer, I developed a number of dedicated solutions to secure applications within CI/CD pipelines.

I’m more than happy to share my knowledge and experience with security enthusiasts, engineers, software developers and anyone willing to learn.

About Me

I am currently a Senior Application Security Engineer working closely with software developers, securing various projects across the company. My responsibilities include vulnerability management, security assessments, the secure development lifecycle, and building a custom security infrastructure to enhance AppSec capabilities.

I have been interested in computer science since I was young. My passion started with computer games, and the first game I remember playing is River Raid when I was a child. As I grew older and experimented with technology, I began creating web applications using PHP, HTML, and CSS as a hobby. This sparked my interest in web application security. My passion evolved further when I studied Computer Science at Warsaw University of Technology and joined the Cybersecurity Club.

In 2016, I began my professional career as a Python Developer, responsible for developing web applications. In this full-stack role, I worked with Linux, Python, Flask, Django, and various web technologies. After earning my bachelor’s degree and working as a developer at a startup, I shifted my focus to cybersecurity because security topics excited me more. In 2018, I received an offer to join a security consultancy company that provided penetration testing and security auditing services. I worked there for over two and a half years, primarily conducting web and mobile application security assessments for global clients. Working with diverse clients gave me a comprehensive understanding of security issues from both technical and business perspectives. I also had the opportunity to conduct cutting edge security research with a fantastic team.

After finishing my chapter at the security consultancy firm, I was offered a position as an internal security expert at one of Poland’s largest banks. I managed and conducted internal security assessments while developing custom security solutions. Hovewer, my greatest challenge was joining the application security team at a well-known fast-paced European fintech company, where I used my skills in software development, application security, and providing security related workshops for my teammates. I was also leading a cutting edge project called Security Drone utilised to secure a number of projects across the company during SDLC in automated way. Security Drone performed hundreds of scans per day utilising customised Static Application Security Testing, Dynamic Application Security Testing and Infrastructure as a Code Scanning, providing results to developers in a convenient way at a Pull Request stage.

My extensive experience in application security inspired me to start this blog, where I share learning materials for other security engineers and developers. I hope you find it useful!