John Deere Financial

John Deere Financial is the lending and financing arm for John Deere dealerships and equipment. Operating under banking regulations, cyber security is a top priority. My main responsbility was reviewing our various web applications for security vulnerabilities, finding over 120 during my time. While some of these vulnerabilities were quite critical, the most important work I did during these engagements was the developer education that went along with finding and fixing them. Ensuring developers understood mistakes and are empowered to code more securely in the future is worth substantially more than any singular finding.

In addition to my main work reviewing code for vulnerabilities, I also supported our internal security dashboard and vulnerability scanning pipelines. Working to triage flaws, automate vulnerability discovery, and publicize important security metrics all created a force multiplier, letting the automation and the metrics do the work and tell the security story better than our team could by themselves.

Promotion

I started this role at John Deere's grade 7 engineer, and was promoted in place to grade 8 senior engineer approximately a year later. I believe this achievement represents not only my excellent cyber security capabilities, but also my breadth of impact in the larger financial organization.