My name is Arshan Dabirsiaghi, and I'm a software security nerd from Baltimore, where, despite the news, I don't seem to get shot every day. Here's a snippet from my About page (which has a lot more about my research history, if that's interesting):
I started Contrast Security with Jeff Williams. We make (well, they make, now) the best damn vulnerability analysis tool on the market. It works by monitoring the application at runtime and noticing dangerous patterns of execution, which turns out to be way more precise than just scanning the code. The technology and business are successful, having been valued at $1.2B in 2021. Forbes also wrote about this company because of my dad's interesting immigration story.
I left and started Pixee where I now make a GitHub App (@pixeebot) that hardens your code and remediates your vulnerabilities -- fixing the things discovered by the tools people like me make, "closing the loop" of software security. I'm very proud of our free tier -- you can install it today and start getting cool PRs immediately and start getting less security results from your annoying scanners!
I'm starting a blog for three reasons.
First, I've found that writing is how I find clarity on tough subjects and develop a strong opinion -- even if loosely held.
Second, swyx told me I should learn in public, and that's a good idea. That I never heard before. Because nobody blogged about it. Maybe if someone had, I would have "learned in public" in my 20's. So, maybe there is a point to this, and it's not all about the author's enrichment.
Third, I'm enjoying my day job working on the open-source stuff that powers @pixeebot
, so I am already also kind of working in public. Now, I figure I can complete the circle by thinking more in public as well. Thinking in public will allow me to (hopefully) engage in discussions with a broader audience, outside of the people I pay to work for me every day.
On the very, very remote chance that someone finds anything here valuable, despicable, underexplored, brilliant, whatever -- let's talk about it. I mostly write about the intersection of software and security, with maybe some sprinkling of VC, company-building or Liverpool FC fanfic.
Hope you like it!