I have been working with k9 Security Team for the past two and a half years. k9 Security Team is strong in providing structured security oversight and maintaining collaborative engagement with the platform security team. The primary way I use k9 Security Team is as a proactive security and compliance partner for our infrastructure and production environments. As an SRE, I rely on them mainly for vulnerability identification, risk assessment, and compliance validation. One of the key challenges they help us solve is managing security risk without slowing down delivery. For example, when we deploy new services or make infrastructure changes, they review configuration, identify potential vulnerabilities, and guide us on remediation steps before issues reach production. They also play a major role in compliance-related activities, especially around PCI controls. Instead of reacting to audit findings, we work with them continuously to close gaps early. This reduces last-minute pressure during audits. One specific example was during a container image upgrade for a backend service. Before a production release, we were updating the base image to include newer dependencies. During the pre-production security scan, k9 Security Team identified a critical CVE introduced through the updated base image. From an SRE perspective, everything was functionally working in staging, but this vulnerability could have easily gone unnoticed.
I have been working with k9 Security Team for the past two and a half years. k9 Security Team is strong in providing structured security oversight and maintaining collaborative engagement with the platform security team. The primary way I use k9 Security Team is as a proactive security and compliance partner for our infrastructure and production environments. As an SRE, I rely on them mainly for vulnerability identification, risk assessment, and compliance validation. One of the key challenges they help us solve is managing security risk without slowing down delivery. For example, when we deploy new services or make infrastructure changes, they review configuration, identify potential vulnerabilities, and guide us on remediation steps before issues reach production. They also play a major role in compliance-related activities, especially around PCI controls. Instead of reacting to audit findings, we work with them continuously to close gaps early. This reduces last-minute pressure during audits. One specific example was during a container image upgrade for a backend service. Before a production release, we were updating the base image to include newer dependencies. During the pre-production security scan, k9 Security Team identified a critical CVE introduced through the updated base image. From an SRE perspective, everything was functionally working in staging, but this vulnerability could have easily gone unnoticed.