The Good Tech Companies - Where Security Begins: 5 Insights from the Intersection of Engineering and Teaching
Episode Date: July 16, 2025This story was originally published on HackerNoon at: https://hackernoon.com/where-security-begins-5-insights-from-the-intersection-of-engineering-and-teaching. Maxim Kh...omutinnikov blends engineering and teaching to embed security into software, from AI firewalls to student mentorship and public system upgrades. Check more stories related to cybersecurity at: https://hackernoon.com/c/cybersecurity. You can also check exclusive content about #application-security, #maxim-khomutinnikov, #embedded-cybersecurity, #ai-in-cybersecurity, #devsecops-best-practices, #secure-software-design, #cybersecurity-education, #good-company, and more. This story was written by: @jonstojanjournalist. Learn more about this writer by checking @jonstojanjournalist's about page, and for more stories, please visit hackernoon.com. Maxim Khomutinnikov unites engineering and academia to make security a core part of software development. From AI-driven WAFs to secure public systems and award-winning apps, he champions automation, ethical design, and secure thinking—while mentoring the next generation of cybersecurity talent.
Transcript
Discussion (0)
This audio is presented by Hacker Noon, where anyone can learn anything about any technology.
Where Security Begins. 5 Insights from the intersection of engineering and teaching,
by John Stoyan Journalist. Operating at the intersection of enterprise engineering and
academic instruction, Maxim Komutinyakov shows why embedded security is no longer a layer.
It's the foundation of how software must be built today. Cyber threats are growing not just in number, but in sophistication. According to IBM's 2024 cost of a data breach report,
organizations with fully deployed security, AI and automation saved an average of almost $1.8
million more than those without. As businesses race to protect cloud native applications and
increase singly distributed systems, the demand for integrated, proactive security has never been higher.
Drawing from the structured engineering culture of Eastern Europe and blending it with a practical,
solution-oriented mindset from the US, Maxim Komutnikov brings a grounded perspective to
cyber security and software engineering.
As a professor, engineer, and researcher, he's on a mission-toned security where it matters most,
at the core of how we build software. He is a certified cybersecurity specialist,
a member of IEEE, the world's largest professional organization for technical advancement,
and a candidate of the highly selective ISC2-CSSLP, which is the most globally recognized
cybersecurity credentialing organization.
As an application security engineer at ADP and an adjunct professor at Pace University,
he brings a rare dual lens of academic depth and frontline engineering.
An award-winning engineer, Maxim is the creator of UPET, the mobile platform that earned the
2025 Product of the Year award at the American Business Expo.
In this article, we break down 5 practical insights for professionals seeking to build
scalable and secure systems with each lesson illustrated by Maxim's breakthroughs.
Automation isn't optional anymore.
Manual thread detection can't keep up with today's attack vectors.
As Maxim's ease, signature-based systems just aren't fast or flexible enough to catch
today's rapidly evolving threats.
Things like zero-day exploits or social engineering attacks can change quickly, often faster than
these systems can adapt, he adds.
And in cloud environments where everything scales and shifts in real-time, manual security
checks leave too many gaps.
That's why modern teams need security that runs automatically alongside their development
tools, something that works continuously in the background, spotting issues before they
become problems. Enterprises now require continuous, automated monitoring tied directly into the
development lifecycle, what Maxim refers to as security woven into the pipeline, rather
than bolted on at the end. At ADP, Maxim developed and implemented
continuous integrations between security platforms, enabling real-time threat
intelligence sharing to ensure that internet-facing applications are
protected from malicious adversaries through rapid blocking. Additionally,
Maxim developed and deployed recurring automations to ingest and evaluate
enterprise-wide security risk states and indicators for prioritization and targeted messaging to product owners and development teams to streamline risk reduction
across the entire firm via improved awareness of security program adoption and finding remediation.
As a result, his methods not only improved the organization's overall security posture
but also allowed them to receive notifications about the status of their products and what
needs to be fixed.
Secure thinking improves legacy systems too.
Not all cybersecurity innovation happens in tech startups or Fortune 500 firms.
Sometimes, the most impactful upgrades take place in social and, therefore, well-funded
public systems.
During his time with the New York City Department of Sanitation, Maxim supported the modernization of internal digital workflows.
By crafting optimized SQL queries and implementing data normalization techniques,
Maxim improved database performance and reliability.
He then automated critical workflows by integrating prepared datasets into ServiceNow,
using JavaScript and built-in APIs such as GlideRecord and GlideAjax
to trigger asset request submissions without manual input. These changes boosted overall
productivity by 75% and helped the department reduce the lag between
service requests and execution. Working in public infrastructure opened my eyes,
Maxim recalls, you're not just solving technical issues, you're dealing with
systems that impact thousands of workers and residents.
It's humbling, and it made me realize how much value even small improvements can bring
when resources are tight.
His ability to implement these improvements stems from a cross-stack technical perspective,
sharpened through the DevOps certification and the certificates of programming with JavaScript
and full stack development from Meta, which refined his skills in secure deployment automation even within large, process-driven public environments.
This case demonstrates that secure thinking and process-aware automation don't just serve
the private sector. They have tangible benefits in government, too.
When security principles intersect with real-world inefficiencies, the result is improved data
hygiene, enhanced workflows,
and increased public trust. AI is changing the way we defend applications. Automation and
encryption lay the groundwork, but emerging threats demand smarter systems, ones that can adapt and
learn. As software systems grow in complexity and threats become more dynamic, traditional security
methods often struggle to keep pace with these evolving threats.
This is where artificial intelligence is beginning to reshape the cyber security landscape, offering
the ability to detect and respond to anomalies in real-time, at a scale and speed humans
alone can't match.
So, in his research on adaptive web application firewalls, WAF's, Maxim is researching the
integration of artificial intelligence
agents in a dynamic web firewall to increase the adaptability of application
protection. His upcoming paper explores this architecture with future plans to
develop a functional system. The model incorporates user behavior profiling
through incoming request and server response patterns enhanced by
statistical analysis and anomaly detection.
Using reinforcement learning, the AI agents learned to distinguish between legitimate
and suspicious actions over time. The research demonstrated a detection accuracy of up to
99%, with minimal false positives, which is a critical balance for practical deployment.
He also proposed a phased rollout approach, starting with monitoring and gradually
enabling active blocking, all while integrating the system with DevSecOps pipelines. The study
addressed potential risks including resource consumption, data privacy, and adversarial
manipulation. His work has since informed internal DevSecOps testing strategies and
sparked interest in scalable WAF enhancement across enterprise teams.
I've always been interested in solving problems that appear in the gap between research and
real-world systems, Maxim explains.
That's why I've also looked at how graduate AI programs fall short in preparing students
for industry and how monolithic software architectures hold back scalability.
His certifications, including ISC2 certified in cybersecurity
and AWS Solutions Architect, reflect that same blend of theory and application. Teach
security as a mindset, not a module. Still, no technology can succeed without the right
people behind it. And that begins with how we teach and think about security. Security
isn't just about code audits or vulnerability scanners.
It starts with how engineers think, Maxim is sure. At Pace University, Maxim brings this philosophy
to life by guiding students through real-world projects that simulate enterprise-grade security
challenges. His curriculum emphasizes not just the how, but the why of secure practices, from
configuring distributed database sand demonstrating how to securely collect and transmit data using Python-based DAPI calls
and encryption protocols. For instance, students explore how to encrypt messages when automating
email dispatch. These exercises highlight the importance of embedding security at the database
and architecture design stages. As a result, several of his students have
transitioned into roles at fintech firms and SaaS companies, crediting his teaching with
giving them a professional edge. Some of my students have gone on to internships at companies
like Amazon or BMW North America, Maxum shares. But it's never just about my course, they
learn from many professors and put in serious work themselves. I just try to make sure they're ready to explain real-world engineering problems when
it matters.
By mentoring students through capstone projects aligned with current security needs and promoting
forward-thinking discussions about AI and data ethics, Maximin stills a mindset that
prepares them for a constantly evolving field.
HiSufferts contribute not only to individual student success but to raising the overall bar of
cybersecurity talent entering the industry. Beyond code, Maxim mentors students and junior engineers
on secure thinking. He believes that security isn't just a checklist, it's a cultural shift.
He reinforces this through capstone projects, advising on AI curriculum alignment, and contributing
to professional standards via the IEEE. Even consumer apps must treat data like gold. These principles aren't limited
to enterprises or academia. They hold just a strew when designing software for the everyday
user. Maxim's work at ADP focused on securing large-scale enterprise systems, but his experience
translates just as well to the consumer space.
When building Upet, a comprehensive mobile platform for pet owners, he approached its
architecture with the same seriousness applied in corporate environments.
The app applies modern security practices, including development of encrypted API endpoints
and modular access controls, a level of rigor often missing in early-stage startups.
Instead of treating cybersecurity as an afterthought,
the architecture prioritizes responsible data handling from the start,
especially for sensitive features like health records and behavioral profiles.
I knew from the start that features like therapy programs and adoption tools
would require handling user data with care.
Pet profiles, behavioral info, and of in health records, Maxim explains.
So the architecture keeps that data isolated and permission from the ground up.
It wasn't just about meeting technical standards.
The idea was to make sure that the sensitive information is shandled responsibly and respectfully.
The success of U-PET, which won product of the year, in the mobile applications category
at the 2025 American
Business Expo, demonstrates that robust security is not only possible in lifestyle apps but
critical to user trust and platform growth. For developers building consumer-facing platforms,
the takeaway is clear. Trust and usability depend not just on features but on how responsibly you
handle user data. Good security design doesn't just prevent breaches.
It sets the tone for your entire relationship with the user.
In a world where AI-driven breaches and cloud vulnerabilities are increasing daily, the
most effective defense isn't just smarter systems, it's smarter engineers behind them.
From enterprise automation to consumer privacy, from AI-infused firewalls to future forward
classrooms, Maxim Kolmutynikov's
work shows what happens when security is treated as a mindset, not a checklist.
Security isn't a separate track, it's the infrastructure, the product, and the culture.
And the sooner it's embedded into how we build software, the safer the digital future becomes.
Thank you for listening to this Hacker Noon story, read by Artificial Intelligence.
Visit HackerNoon.com to read, write, learn and publish.