I build and break security systems until they actually reduce risk.

I'm Mert Satilmaz, a security engineer with a software engineering background. Before security, I spent six years building low-latency trading systems and market-making engines in C++ and Scala. That background shapes everything I do now: I write the tooling, build the automation, and engineer the systems that make security programs work at scale.

Most security failures aren't caused by a lack of tools. They're caused by poor engineering, noisy data, and false confidence. My work is about removing those failure modes.

Writings

• Why I Built SecPortal — February 2026
• What Quantitative Trading Taught Me About Security Engineering — January 2026
• Building a Vulnerability Triage Pipeline That Actually Scales — January 2026
• Cloud Security as Code: Moving Beyond Checkbox Compliance — December 2025
• Embedding AppSec Into CI/CD Without Becoming the Bottleneck — November 2025

What I Write About

• Why most vulnerability management programs fail at scale
• Building security automation with real code, not just configuration
• Cloud security as code that survives contact with real systems
• The intersection of software engineering and security engineering
• Embedding security into SDLCs without slowing teams down
• Incident response lessons you only learn after production incidents

Why You Might Care

• 10+ years across security engineering, quantitative development, and systems programming
• Built trading systems in C++ and Scala before transitioning to security
• Owned vulnerability management and pentesting programs across 100k+ assets
• Built SecPortal, an AI-native security workflow management platform, in TypeScript
• Hands-on with AWS, Azure, GCP, Terraform, OPA, and Python/C++ security automation
• OSCP and CISSP certified with contributions to Inspect AI and other open-source projects

Elsewhere

GitHub
LinkedIn
SecPortal — AI-Native Security Workflow Management Platform