Aviva Zacks of Safety Detectives had the wonderful opportunity to sit down with Giovanny Gongora, Software Engineer at NodeSource. She asked him all about how his company provides deep analysis into their customers’ processes.
Safety Detectives: What has your journey to NodeSource been like?
Giovanny Gongora: I have been at NodeSource for around four years, where I started as a support engineer helping customers resolve engineer-related and security problems. After that, I became a solution engineer where I started to help companies develop or fix their current solutions.
Lately, I have been focused on product development and the features we offer to customers. One feature is NCM—NodeSource Certified Modules, which is a security-related tool integrated inside NSolid and as a CLI.
SD: What does your company do?
GG: We create software for monitor Node.js applications. We try to provide really deep analysis and metrics about what your processes are doing. At the same time, we integrate NCM into our main product line, so you can see the vulnerabilities inside your code and get a few code static analyses.
SD: What companies use your services?
GG: We work with e-commerce, airlines, payment processors companies, and more.
SD: How does your company stay ahead of the competition?
GG: We provide metrics, secure information, and insights from your Node.js applications. The way we manage to get those metrics with minimal performance hits puts us in the lead. That’s the main difference. NSolid is evolving into a more complex and data-driven tool that provides accurate and top-notch information in production systems.
SD: What would you say are the worst cyberthreats today?
GG: Code injection, which is how many companies get involved in security breaks, for example, when using third-party NPM packages.
SD: How has the pandemic changed the way your company is handling security?
GG: We have been a remote company from the beginning. The way we manage our security has not changed. However, we have seen changes in our customers’ companies. We have seen an increase in traffic in services we own, for that reason, we have been trying to be sure those services stay secure, our APIs are behind auth middlewares and keeping an eye on DDoS attacks.