At Duolingo, we pride ourselves on hiring individuals who are passionate about our mission and want to use their expertise to change the world for the better. To give you a peek into what it’s like working for Duolingo, we’ve asked our team members to share more about their experience at the company! Today, meet Matt, a Senior Engineering Manager on our Platform Security team!
What’s your background and what did you do before Duolingo?
Before I joined Duolingo I worked at PwC, Blackstone, and Compass. At each of those companies I focused on different domains of security: insider threat, application security, cloud security, and digital forensics. I want security to truly be viewed as a partner and advisor to the rest of the organization, not a gatekeeper. Security should be focused on educating teams, distributing knowledge, and addressing security at a systemic level by running continuous testing.
Why did you choose Duolingo?
I chose Duolingo because I was given the opportunity to help form the security strategy and direction of an organization with an incredible mission. I wanted to be able to set up the company for long term success and help keep Duos and learners safe.
What team do you work on? What excites you about what your team is doing?
I manage the security team within Duolingo, and lead the organization's security strategy. What excites me about the team is that we are designing and implementing a security program that is working in lockstep with the organization's business goals. Our solutions are built to enable developers, give them easy access to information, and ultimately put the accountability for decisions in the hands of those closest to the problem
I am also excited about our approach to hypothesis-driven security. We are orchestrating systems and tests to ensure our controls work the way they should and then using the outcomes to direct new work. This way, we are actively closing observability and provable security gaps and making sure every project has real developer and user impact.
What are some of the technical challenges your team faces?
We are a small team working at a very fast paced organization that is constantly changing, so we have to be very agile and open to change on a day to day basis. We can’t be afraid to pivot or throw out projects that were relevant yesterday but are no longer today. We also have to work with teams that work in various programming languages and architectures and do our best to understand them so we can offer useful solutions.
What are three words that describe Duolingo’s culture?
Kind, efficient, dedicated
What is unique about working at Duolingo?
Security at Duolingo is very much in tune with the larger organization. We work on projects that enable developers to make informed risk decisions and consult with them on architecture alongside working on our own backend features. This dual stream of work both learner-facing and developer-facing provides opportunities for all types of developers! It also keeps a very tight feedback loop with developers as well as ourselves as we always dog-food our own controls and systems.
What is it like to be a leader at Duolingo?
Being a leader at Duolingo is a challenging and incredibly rewarding experience. The organization moves very fast and ships hundreds of changes every quarter, so leaders have to be able to pivot and stay closely aligned with the business goals. On my team, leaders must ensure there is a high degree of trust between security and other areas so teams feel comfortable and safe engaging with us. That trust allows us the leeway to try new things in the security space and ask development teams to try new methods of preventing and finding vulnerabilities. I have learned so much from other leaders at the company who are always willing to teach me something new or upskill me in an area I may be unfamiliar with.
Can you share a fun fact with us?
I have been running an ongoing Dungeons and Dragons game with 6 players, both virtually and in-person, spanning 3 campaigns over 6 years!