Keeping more than 200 million users (and their users) protected is not an easy task. We spoke with 5 of our Security Experts to hear more about the challenges they’re facing and about what makes Wix’s approach to security unique
Spiderman’s most famous quote - “With great power comes great responsibility” - is quite a cliche. However, cliches are often based on solid truths, and for our Security group, these words represent our view of our users’ (and their users) data here at Wix. In other words: we feel extremely obligated to keep it safe.
Alexander Lavreniuk joined Wix 2 years ago after a career in development and security roles. “I’m a Security Engineer in our (IR) Incident Response team. When there’s a cyber event, our job is to make sure that Wix’s infrastructure and our fellow employees are protected and that our processes aren’t delayed in any way. While we respond to events, about 60% of my time is devoted to developing tools, solutions and automations that will enable us to react as fast as we can in case of an attack.
“Basically, the reason we have a fast growing internal Security team is because Wix is growing so fast. Like many other companies, we’re targeted by attackers all the time. This means that our main challenges are building and maintaining a secure environment that’ll allow our developers to do everything they need to do without creating any obstacles that’ll slow them down. At the same time, we work hard to improve our systems while we scale up.
”This is what sets Wix apart from other companies. Our state of mind as Security people here is putting our employees’ needs first and not intervening with their work as much as we can. To do that, we use the best technologies out there, but we tweak them so they’ll perform at 120%. Our approach is to allow everything unless it's an obvious security risk because we want to give everyone the freedom to do their best. In other words, we want our security efforts to feel seamless”.
What is it like to work in your team?
“I think that what’s special about our team is that everybody is doing hands-on work and that we share knowledge and collaborate more than in other places. You don't feel here as if you’re a tiny part of a giant machine. You’re always encouraged to voice your opinion and take the initiative. It’s very interesting, very fulfilling and you never have a dull moment here”.
“We want to enable, not delay, and this state of mind creates a very comfortable work environment”
Areli Fallach is a member of the CPR (Cyber Protection and Response) team working closely with the IR team. He says that what brought him to Wix were the big security challenges and the overall attitude towards security. “I liked the fact that there’s an understanding of the importance of this issue and a willingness to allocate resources in order to do it well. On top of that, before joining the company I used the Wix platform as a user and I liked it. I can also say that I didn’t have any security issues with it”, he grins.
What did you learn about Wix after you joined?
“What distinguishes Wix from many companies is not just the sheer number of users, but also their users. When someone builds a website on our platform, we don’t only have a responsibility to keep them safe. We’re also responsible for their customers’ information. Anything that passes through their site. On top of that, when Wix acquires another company, we test and improve their technology and security methodologies so they’re aligned with Wix’s standards.
“On another level, I learned that although security is a very tough and serious field, at Wix you can have fun at work, and it's something that you really can’t take for granted in our line of work. It was a very pleasant surprise”.
Zohar Shachar is Wix’s Application Security Team Lead, which means that his team accompanies R&D teams across Wix during their development processes. “We provide them with security guidelines at every stage of their application development - from design to coding to production. When they’re done, we also conduct penetration tests and manage their bug bounty efforts”.
What are the main challenges your team is facing?
“Wix is a very complex technological company and at our scale and our development pace, taking care of application security is much more challenging than doing so at, say, an insurance company. On top of it, Wix is a ‘business first’ type of company unlike some organizations where the attitude is ‘security first’. What this means is that our Security group can’t stop other teams’ development efforts or slow them down. Our scale and the cutting edge tech we use here usually prevent us from relying on solutions developed by other companies. The upside of this is that it often forces us to come up with our own solutions and that’s fun”
Tamar Hoffert joined Wix as a Security Expert about two years ago. “I was working at a small consultancy security company and I thought that working at a big company with a product that positively impacts millions of people around the world would be a great professional development opportunity for me. So I came and fell in love with the company”, she smiles.
“Because everybody is nice here and people want to help. Seriously. Before joining Wix I used to always feel like I was one of the ‘bad guys’ because I was expected to tell people what they couldn’t do. At Wix, the attitude is completely different. We want to enable, not delay, and this state of mind creates a very comfortable work environment. On top of that, we’re always encouraged to learn, take courses, and develop. It isn’t something I've felt at other places in the past”.
Can you describe what you do?
‘Im a part of the IRM (Information Risk Management) team and we’re responsible for securing Wix’s headquarters and its many different groups - People, Finance, Legal etc. What we essentially do is map all the domain’s processes and systems, check its maturity level and build a work plan for improvements. For example, right now I’m checking a third party system that’s integrated into one of Wix’s systems. I’m looking for better ways to protect it, encrypt the information it uses and so on”.
“I love the idea that what we do keeps our users safe and their businesses running”
Omer Dodi is a part of the Data team in our Security group. “We provide data-based solutions that will enhance and improve Wix’s overall security efforts. This includes data analysis, building machine learning and statistics-based models which autonomously study malicious activity, prevent them in real-time and then block them from causing any damage further down the road”, he explains.
Omer says that what makes his team unique in the security landscape is the combination between the data and the security methodologies. “We use the tons of data we receive due to our scale in order to prevent cyber attacks in the future. Ironically, our scale and the high number of attacks we prevent, enables us to be better at what we do”.
What’s your favorite thing about the job?
“I love the idea that what we do keeps our users safe and their businesses running. We always have to stay on top of things to provide the high level of security that we’re expected to provide and that’s also very cool because you’re always learning new things here and developing yourself further”.
Always dreamed of making an impact on hundreds of millions of people and doing good at the same time? Here’s your chance! Explore all available positions at Wix’s Security group.