I moved to Des Moines in January for my job with Dwolla—it’s been quite a journey…
Before Dwolla, I was born in China. From there, I moved to Baltimore for graduate school at Johns Hopkins University, where I earned a Master of Science in Security Informatics.
Now, I find myself on the Dwolla Information Security team, and I have to admit Des Moines, IA, is very different from the cities that I have lived in before, like Shanghai or Baltimore.
Des Moines is a very peaceful city in the Midwest, with kind and warmhearted people.
Also, as a security guy, I’ve been surprised and excited by the InfoSec education opportunities. For example, I have attended the Des Moines security group, SecDSM, meetings to share and learn new techniques with other security professionals in Des Moines.
Working for Dwolla has been enjoyable—the team cares about cyber security quite a bit. This passion and dedication to security is especially important because Dwolla provides a white-labeled bank transfer service for businesses, helping customers leverage the Automated Clearing House (ACH) network.
As someone personally passionate about cyber security, I am especially excited to work for a company that is thoughtful about best practices.
Everyone here, from the CEO to developers, is educated on cybersecurity. We not only have very strong defensive measures in our system against cyber threats but also require every newly joined employee to take relevant training.
As a fresh college grad, I look forward to applying what I’ve learned in school to my work in the field.
Within the first two months working in Dwolla, I’ve already been part of interesting and innovative projects. These have helped me to learn the environment and systems Dwolla operates within.
For example, I took the time to implement enhanced MultiFactor Authentication options to all of our internal servers. I also replaced the instance-based AWS security system with a docker container-based solution. One additional interesting example was creating automation tools to generate alerts based on the abnormal behaviors of DNS traffic and TCP sessions.
Here’s How Dwolla Does InfoSec
Download the white paper to learn more.
From an InfoSec perspective, one of my favorite things about Dwolla is that security is never done. We take an interactive approach to improvement, and I look forward to making contributions to continuously improve our security system.
It’s safe to say there are also many, many more projects on my to-do list—secure logging system design, statistical analysis of security data—which is why we’re growing the tech team.
Interested in joining the team? Learn more on our careers page!
Here are some examples of projects we’d be tackling:
- Further automation of monitoring and alerting for long-lived network sessions
- A project to decommission a legacy Security Monkey system and replace with a fully Dockerized solution
- Implementation of additional MultiFactor Authentication options (push notifications)
- Additional automation of the monitoring and alerting for DNS traffic security events
- Testing the speed and effectiveness of several cryptographic signing algorithms across all operating systems and docker instances