Did these controls slow developers down?

No. We kept deploy volume flat and cut change failure rate by ~9 points. The trick is making security defaults invisible: templates, generators, and automated gates that run in seconds, not manual approvals.

Why Cosign and Kyverno over other tools?

Cosign is the de-facto for container signing and works well with public registries. Kyverno’s native K8s CRD approach made it easy for app teams to reason about policies versus authoring Rego. We still use OPA/Rego where we need expressiveness (e.g., Conftest in CI).

How did you handle secrets and credentials?

HashiCorp Vault for app secrets with short TTLs, and AWS IRSA for workload identity. No long-lived human access to prod; break-glass via SSM Session Manager with approvals and full session logs.

What about legacy EC2 hosts and AMIs?

We wrapped them: SSM for access, Inspector for CVEs, and a WAF for edge traffic. Then we put them on a deprecation clock and moved critical data paths behind services with the new guardrails.

Case-studies · Oct 7, 2025 · 10 minute read

The Fintech Breach We Dodged: Shipping Faster After Making Security a First-Class Feature

A Series C fintech almost learned about data breaches the expensive way. We rewired their SDLC to make security boring, automated, and non-negotiable—without slowing delivery.

Alex Mercer

Principal Engineer, GitPlumbers

20-year veteran who’s shipped through the dot-com crash, SOX, the microservices hangover, and the AI hype cycles. Ex-Stripe and Atlassian platform/SRE. I fix brittle pipelines and insecure platforms so teams can ship safely.

If it isn’t signed and scanned, it doesn’t ship. No exceptions, no Slack approvals.

Back to all posts

The Fintech Breach We Dodged: Shipping Faster After Making Security a First-Class Feature

Key takeaways

Implementation checklist