Alex Smolen is a security engineering leader and proprietor of EngSec Labs with 15+ years building security programs, detection engineering, and GRC automation for high-growth SaaS and AI startups. He has a strong software engineering pedigree and deep AWS expertise demonstrated across roles scaling security at LaunchDarkly and Clever, plus hands-on product work at Twitter where he led account security and authentication migrations. Alex is pragmatic about shipping automation—he built a security asset data lake, automated FedRAMP vulnerability management, and implemented zero-trust endpoint architectures to reduce blast radius. An active open-source contributor, he improved Okta MFA, WebAuthn, and AAD/ADFS flows in the widely used saml2aws CLI project, reflecting his focus on practical interoperability. Based in Oakland, he blends executive leadership with day-to-day technical craftsmanship, often pairing governance and compliance goals with developer-friendly tooling.
15 years of coding experience
15 years of employment as a software developer
BA Electrical Engineering and Computer Science, BA Electrical Engineering and Computer Science at University of California, Berkeley
MIMS Information, MIMS Information at UC Berkeley School of Information
CLI tool which enables you to login and retrieve AWS temporary credentials using a SAML IDP
Role in this project:
Back-end Developer
Contributions:12 commits, 7 PRs, 12 comments in 2 years 2 months
Contributions summary:Alex primarily focused on enhancing the functionality of the `saml2aws` CLI tool by implementing and refactoring Okta MFA support. This involved addressing TOTP authentication issues, adding WebAuthn (U2F) support, and integrating a cookie jar for device token retrieval. Furthermore, the user made improvements to the AAD (Azure Active Directory) and ADFS (Active Directory Federation Services) authentication flows, which suggests an effort to improve compatibility across various SAML identity providers. Additionally, tests were created and added to the project to ensure that the new Okta functionality worked correctly.
A tool for privacy design analysis and requirements gathering.
Contributions:45 commits, 2 PRs, 10 pushes in 8 years 11 months
securitygatheringprivacy
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.