Onur Kolay

I am a Principal Security Engineer and cybersecurity leader with more than a decade of experience designing, building, and operating secure systems at scale. My work focuses on embedding security into technology rather than layering it on afterward, helping organisations build products that are resilient by design and trusted by default.

I specialise in application security, cloud security architecture, and DevSecOps practices. Over the years, I have led threat modelling efforts for complex platforms, shaped secure software development standards, and built automated security controls directly into delivery pipelines. My approach is pragmatic and engineering driven, balancing risk reduction with the realities of modern product development.

A core part of my work is translating complex technical risk into clear decisions for engineers, architects, and senior leadership. I am often trusted as a bridge between security and delivery teams, helping organisations move away from reactive security and toward sustainable, long term security ownership.

Beyond technical execution, I have led initiatives that strengthen security culture, including developer enablement, security champion programmes, and awareness efforts that reduce human risk. I believe strong security outcomes come from systems, processes, and people working together, not from tools alone.

In recent years, my focus has expanded into emerging challenges around trust, digital authenticity, and the security implications of artificial intelligence. I actively research and design approaches that address these problems at a foundational level, with an emphasis on robustness, transparency, and real world applicability.

I write and share my work to contribute to the broader cybersecurity community, challenge weak assumptions, and encourage a more thoughtful and responsible approach to security engineering.