Eva Sarafianou
eva.sarafianou@gmail.com

I'm a Security and Engineering leader focused on how software is built, validated, secured, and delivered at scale. At Mattermost, I lead Product Security, Release, and Test Infrastructure for a mission-critical collaboration platform used in security-sensitive and regulated environments. My focus spans securing the product lifecycle, strengthening release confidence, and building the quality systems and test infrastructure that enable reliable software delivery at scale. Previously, I was a Principal Product Security Engineer at Auth0/Okta. I've shared my work and insights at BlackHat EU, Real World Crypto, and OWASP AppSec IL, among others.


Work Experience

        Senior Engineering Lead, Product Security & Release (February 2026 - Present)

        Engineering Lead, Product Security & Release Engineering (August 2025 - January 2026)

        Product Security Engineering Lead (February 2023 - August 2025)

                     Principal Product Security Engineer (April 2022 - January 2023)

                    Staff Product Security Engineer (June 2021 - April 2022)

                    Senior Product Security Engineer (April 2020 - June 2021)

                   Product Security Engineer (August 2018 - April 2020)

                    Security Consultant

Certifications

             Offensive Security Web Expert (OSWE), 2020 (credential)

             AWS Certified Security - Specialty, 2021 (credential)

             GIAC Strategic Planning, Policy, and Leadership (GSTRT) (credential)

Public Speaking

Managing Vulnerabilities in Open Source Dependencies


CyberChess 2025 - Riga




Managing Vulnerabilities in Open Source Dependencies


FOSDEM 2025 - Brussles




Managing Vulnerabilities in Open Source Dependencies


Secure Open Source Software (SOSS) Community Day 2024 - Vienna




Lessons learned from helping scale a Product Security program from startup to acquisition


DevSecCon 2022




Threat Modeling in the "Shift Security Left" era


FTW Conf 2021 (International Women's Day) - Virtual




Security Facts and Fallacies about Browser Storage


OWASP AppSecIL 2020 - Virtual




Bring your questions about Product Security


Avocado Labs community hour 2020 - Virtual 2020




The Rupture API: Productizing TLS Attacks


Real World Crypto 2017 - New York




CTX: Eliminating BREACH with Context Hiding


Black Hat Europe 2016 - London




Automating cryptanalysis of HTTPS


BSides Athens 2016 - Athens, Greece