Bruce C.

Co-Founder

Glasgow, United Kingdom9 yrs 10 mos experience

Most Likely To SwitchHighly Stable

Key Highlights

Expert in building developer-centric security platforms.
Led enterprise-wide AppSec and DevSecOps programs.
Co-founded Observes IO, focusing on secure CI/CD.

Stackforce AI infers this person is a SaaS security architect with extensive DevSecOps experience.

Contact

Skills

Core Skills

Application SecurityDevsecopsSoftware Development

Other Skills

Azure Logic AppsSASTSecurity ConsultingShell ScriptingC#AutomationSystems DesignSCAMicrosoft AzureAzure DevOpsDASTIaCAPI SecurityContainersPython

About

Security should accelerate engineering, not slow it down. I build developer centric security platforms that make engineering faster and safer. My work focuses on secure CI/CD, automation, and guardrails‑not‑gates - enabling teams to ship quickly without compromising security. I’ve led AppSec and DevSecOps programmes across large enterprises, built self‑service security tooling at scale, and now co‑found Observes IO.

Experience

9 yrs 10 mos

Total Experience

2 yrs 1 mo

Average Tenure

3 yrs 10 mos

Current Experience

Observes.io

2 roles

Conference Speaker – DevOps Not Dead London (Q1 2026)

Mar 2026 – Mar 2026 · 0 mo

Spoke at DevOps Not Dead London on CI/CD pipeline security, focusing on the risks of trusting platforms to securely manage high-privilege service credentials.
Walked through how attackers can realistically exfiltrate “secured” credentials from pipelines and use them to pivot into cloud environments. Covered common misconfigurations, real-world attack paths, and how pipelines often expose more than intended.
Included a hands-on style demo showing how a compromised build job can quickly lead to broader cloud access, along with practical steps teams can take to better secure their pipelines.
This talk builds on my ongoing work in AppSec and DevSecOps, and ties directly into a lab I created for Pwned Labs focused on real-world pipeline exploitation scenarios.

Co-Founder

Sep 2025 – Present · 8 mos

Pwned labs

Lab Creator

Oct 2024 – Present · 1 yr 7 mos · Remote

Make the occasional hacking lab for Pwnded Labs.

M&g plc

DevSecOps Lead

Jul 2022 – Present · 3 yrs 10 mos · Scotland, United Kingdom · Remote

Working across the Enterprise to ensure the security of all applications. Creating and designing a self service Application Security Service for internally built applications covering SAST, SCA, DAST, IaC, API Security and Containers. Being the technical authority on the Application Security Tools and point of contact for development teams for additional triage.

Application SecurityAzure Logic AppsSASTSecurity ConsultingShell ScriptingC#+6

Centrica

Security Change Manager

May 2021 – Jun 2022 · 1 yr 1 mo

Product Owner and Service Manager of a self service Application Security Service for the business covering: internal software: SAST, DAST, SCA, and mobile applications. Commercial off the shelf software: binary scanning, malware checking and sandboxing.

Application SecuritySASTSystems DesignSCAMicrosoft AzureAzure DevOps

Fujitsu global

3 roles

DevSecOps

Jul 2019 – Apr 2021 · 1 yr 9 mos

Implementing the Security Orchestration Automation and Response solution within the cloud, developing playbooks in an agile approach and administration of system. Providing level 3 support for the application. Liaising with international internal/external stakeholders and product vendor. Developing external product/tool integrations in Python. Providing varying technical demonstrations to potential customers and end users. Help to continuously develop DevSecOps culture in Fujitsu and create team processes for DevSecOps. Creation of Infrastructure as Code (IaC) within CI/CD pipelines within Azure DevOps. Preforming code reviews of IaC, SOAR integrations, automations and playbooks. Responsible SOAR platform hygiene by patching and upgrading of SOAR production instances and development environment/instances. Troubleshooting the wider MSSP environment to identify and resolve issues within the environment and other offered services. Including but not limited to: EWS, AD, DNS, firewalls, networking, etc.

Application SecurityShell ScriptingAutomationSystems DesignMicrosoft AzureAzure DevOps+1

SOAR Architect

Jul 2019 – Apr 2021 · 1 yr 9 mos

Designing the Security Orchestration Automation and Response (SOAR) solution deployment strategy within the cloud. This includes disaster recovery, backup, enterprise management, application versioning, application configuration, data/process flows and audit trail logging. Onboarding of customers into the environment, and collaboratively designing approaches on how to access remote customer environments/services. Liaising with international internal/external stakeholders and product vendor. Evaluating different product(s) to integrate into the SOAR solution. Provide training of SOAR platform to both end users and platform administrators. Create, review and maintain technical documentation regarding SOAR Platform and wider Managed Security Services Platform (MSSP).

Shell ScriptingSystems DesignMicrosoft AzureDevSecOps

Cyber Security Graduate

Oct 2018 – Jun 2019 · 8 mos

Open source intelligence gathering in relation to cyber threats. Developing and maintaining scripts and automation efficiencies (C#, python). Liaising with international internal and external stakeholders. Project work for implementing and evaluating Security Orchestration Automation and Response platforms.

Hm revenue & customs

Software Developer

Mar 2016 – Sep 2018 · 2 yrs 6 mos

Architecting, developing and maintaining a bespoke suite of accessible internal applications (C#, VBA and SQL) for both desktop and tablet devices. Liaising with clients to ensure smooth delivery of projects. Live support for business developed applications. Developing colleague’s knowledge of programming techniques to share best practice.

Shell ScriptingC#Software Development