Tilak Thimmappa

Tilak is currently working as a Senior Solutions Engineer at we45. As part of his role, Tilak is responsible for engineering and assessing we45’s Application Security Product Portfolio and Cloud Portfolio. He’s a polyglot technologist with skill sets in Vulnerability Management and Correlation, Cloud Security, Serverless, Containers and Kubernetes Security among others. He’s skilled in Python, JavaScript and Cloud-native tools and frameworks like Terraform, Serverless Framework and others.

He has contributed by developing several applications that have been used at multiple Capture the Flag Contests. In addition, he has extensive experience with integrating security scanners into Orchestron - An Application Vulnerability Correlation and Aggregation engine .

Tilak has been a lead developer for the we45 learning portal - which uses state-of-the-art technologies. He has extensive experience with multi-cloud platform integrations as well.

Tilak is a lead-trainer for we45’s Cloud Security training offerings that focus on AWS and Serverless.

In his spare time, Tilak contributes to the vibrant security Open Source Community and has built a powerful Source Composition Scanning tool called PyRaider for Python codebases.

Tilak is a trainer and speaker at multiple events across the world such as BlackHat USA,DefCon USA, GlobalAppSecDC, AppSecUS, AppSecCali, DjangoCon USA, DevSecCon and PyCon, AtHack Riyadh.

AWS Certified Security – Specialty

AppSecEngineer — Online Security Training with Hands-on Labs
AppSecEngineeer is an online training portal for security professionals that has courses ranging from cloudSecurity, DevSecOps, Container, Kubernetes and many more.All these courses have real world lab examples to deliver a holistic experience.
Orchestron — Vulnerability Management & Correlation Platform
Worked on an Application Vulnerability Correlation and Security Test Orchestration platform, that enables engineering and security teams to perform security scans within release cycles. Find vulnerabilities during development, and fix them as early as possible (shift left approach).
ThreatPlaybook — Threat Modeling as Code married with Application Security Automation as a single Fabric
We use threat modelling as a reactive and proactive measure for our application. The problem with the traditional approach is we can’t validate that vulnerability mapping back to the threat model. So we decided to solve this problem. That’s why we came up with an idea called ThreatPlabook.
Every quarter we do a Capture The Flag event for our testing team. I was part of multiple CTFs over the years and have developed multiple intentionally vulnerable CTF applications.

PyRaider - Python Source Composition Analysis Tool
Website: https://pyraider.raidersource.com/

We use a lot of open source packages in our projects. Some packages might have vulnerabilities that affect our projects. So I wrote an open source tool which scans python installed dependencies known to have security vulnerabilities. This can help avoid potential damage for the application as well as the organization.

OWASP Dependency Track

Website: https://owasp.org/www-project-dependency-track/

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Dependency-Track takes a unique and highly beneficial approach by leveraging the capabilities of Software Bill of Materials (SBOM). This approach provides capabilities that traditional Software Composition Analysis (SCA) solutions cannot achieve.

For this project the creator of the project wants to move frontend to vuejs. So I have designed and contributed to implementing the UI for this project. Currently OWASP Dependency Track uses new VueJs UI.