Meet Team Kinsta: Security Engineer Andrew

In honor of #WorldPasswordDay, we turned to Kinsta Security Engineer Andrew to get his best tips for instantly making your site more secure, as well as to share more about what a day in the life of a security expert looks like (hint: your sites are in good hands!)

Keep reading to see more...

Tell us about your Kinsta journey: how did you get started in tech, and what brought you here?

I started out designing WordPress sites and improving local SEO rankings for small businesses. I then worked for a hosting company for 2 years as a Support Consultant and 3 years as a Linux SysAdmin. I joined Kinsta as a SysOps engineer and after a year, joined the Security team when the opportunity presented itself.

?What are the main responsibilities of your role??

In summary, ensuring that our infrastructure is secure. We have a mix of daily duties and project work. Daily duties include managing IAM, Secrets, investigating and patching vulnerabilities, firewall changes, regular scans, and internal audits. Projects may take a few days or a few weeks to implement and are generally aimed at improving our security stance. Projects may include building new tools and integrations, working with vendors, or optimizing existing tools and processes. The role involves frequent inter-team communication and making sure we cater to everyone's needs while minimizing friction and sticking with best practices.?

What’s been the best part about working at Kinsta??

The people and the culture. Our team comprises the best in the hosting industry. Everyone is smart and kind. What we have here at Kinsta is very special and it reflects in everything that we do and offer.

What are some security tips that you wish more people knew??

1. Having a security-first mindset. Imagine a scenario where some or all of your infrastructure has been compromised and create a plan to mitigate, detect, and respond. This allows the realization of the potential consequences an event like this could have on the organization and its reputation. Many organizations still think of security as an afterthought and wonder why things go wrong when they do. As regulations tighten and real consequences and increased media coverage start becoming an effective motivator, this mindset is improving rapidly, which is awesome! ??
2. Password / Secret Lifecycle Management and 2FA. Use strong (long!) passwords. Rotate them regularly. Enable 2FA wherever possible!
3. Patching plugins / themes / packages. Kinsta does a great job of letting customers know when a plugin or theme has a critical vulnerability. Take action on these immediately. Run frequent pro-active audits against your websites to make sure there are no known vulnerabilities in your code.
4. Follow development best practices and build them into your CI/CD or development workflows. Automate the boring parts of security as much as possible - where it has the biggest impact.

What’s something you accomplished recently that you’re proud of?

I recently worked on building a new system that we use to manage internal authentication. The solution has a lot of moving parts which was challenging to navigate initially. I learned a lot during the process! ??