The team leading SecureCodingHub

How the team works together

The four leadership profiles above cover the visible surface of SecureCodingHub — product, engineering, sales, legal — but the day-to-day work happens at the seams between those roles. Application security content is technical, time-sensitive, and high-stakes for the engineering teams that act on it, so the editorial process is built around cross-checking material before it goes live rather than relying on any one person's judgement in isolation.

A typical guide starts with a topic owner — usually Caner for strategy and AI/training pieces, Emre for code-level OWASP and SAST/DAST work, Melissa for buyer/program guidance, or Ceren for regulatory and incident-response material. The first draft is shared internally, reviewed by at least one other author for technical accuracy or framing, then run against the SecureCodingHub challenge library to make sure the published examples match what the platform actually teaches. If a guide makes claims about a specific language, framework, or analyzer behavior, those claims are verified against the corresponding production challenge before the post ships.

The same review loop applies to platform content. Practice mode challenges and learn mode scenarios are written by the engineering side of the team, reviewed for vulnerability accuracy by Caner or Emre, and cross-referenced against the relevant CWE and OWASP entries. Compliance-coverage claims — how a topic maps to PCI DSS 4.0.1 6.2.2, ISO 27001 Annex A.14, NIST SSDF, or EU Cyber Resilience Act conformity requirements — are vetted by Ceren against the current text of those frameworks rather than against an internal summary that may be out of date.

Who we hire and why

SecureCodingHub deliberately keeps the team small. The work demands deep practitioner experience in application security tooling, secure SDLC adoption, and compliance translation — domains where productivity scales poorly with headcount. A four-person leadership group means every author has hands-on context for the content under their byline, every customer conversation reaches a decision-maker quickly, and every product change ships through people who understand both the security and the pedagogical side of the platform.

When we add to the team, we hire for combinations rather than single skills. The roles we have grown into all sit at intersections: engineer-who-can-write-clearly, salesperson-who-understands-procurement-and-compliance, lawyer-who-can-read-CI/CD-logs. Single-discipline specialists who can only operate within their lane do not fit how SecureCodingHub work moves between code, training, regulation, and customer reality. The output you see across the blog, the guides, the documentation, and the platform itself is the product of that intentional generalist bias.

If you are evaluating SecureCodingHub for your engineering organization and want to talk to the person behind a specific piece of content rather than a generic sales contact, the byline on each post links to that author's profile — and the email address listed there reaches them directly rather than routing through a queue.