Julio Araujo
Head of Security @ Rocket.Chat
Orléans, France
Actions
Brazilian security professional based in France, Julio Araujo is currently the Head of Security at Rocket.Chat. With over 6 years of experience in the offensive and application security spaces, his challenge revolves around securing an open-source project that is used in critical industries.
Area of Expertise
Topics
Building Layne: Scaling Security Scanning @ Rocket.Chat
Shifting security left is hard to operationalize at scale - especially with a small security team. Every team reinventing its own CI pipeline integration leads to inconsistent coverage and blind spots that slip into production.
Layne is how Rocket.Chat's security team scales appsec without scaling headcount. It's a GitHub App that centralizes Semgrep (SAST), Trufflehog (secret detection), and Claude across repositories - without touching a single workflow file. Every pull request gets scanned in parallel, with results surfacing as native GitHub Check Run annotations that block merges on high-severity findings.
We'll cover the architecture, the lessons learned deploying it at Rocket.Chat, and an honest take on where LLMs genuinely add value in a security pipeline.
https://github.com/RocketChat/layne
How Developing Security Fixes Made Me A Better Security Engineer
We will explore the transformative journey from being a penetration tester who identifies vulnerabilities to a security engineer who builds the solutions. This talk will illuminate how the intricate process of designing, implementing, and deploying security fixes provides a profound and unparalleled understanding of system architecture, threat models, and the practical challenges of defense. I'll share key insights and examples demonstrating that by shifting our focus from merely breaking things to meticulously fixing them, we can cultivate a more resilient and holistic approach to security, ultimately elevating our craft and building a safer digital world.
From Scratch: Creating AppSec Program And Its Challenges
This presentation will take attendees inside a journey to build a practical, scalable Application Security program supported by open-source technologies and content. Instead of focusing on a single process or tool, we will highlight the broader ecosystem we rely on and how it enables a small security team to manage risks effectively across a large and fast-moving codebase. The session will outline how to integrate security into development workflows, introduce automation that enhances visibility, and promote a security mindset throughout engineering.
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top