Janith Malinga
New article: “My Review: SANS SEC 530: Defensible Security Architecture and Engineering” Read article

About me

I help teams ship software that is easier to trust.

I’m Janith Malinga, an Application Security Engineer at Amazon based in St Albans, UK. I work across threat modeling, secure design, cloud security, and developer enablement, then write about what I’m learning in plain language.

View experience Read articles
  • Application Security
  • Cloud Security
  • Threat Modeling
  • Secure SDLC
  • Automation & Tooling
  • AI for Security
Portrait of Janith Malinga

Experience

Security work shaped by teaching

My path moved from classrooms to consulting to product-scale security, and the through-line is making complex ideas practical.

Today

Application Security Engineer at Amazon

I focus on secure design, threat modeling, and helping development teams build securely at scale without slowing down useful delivery.

8 years

Security Consultant

I advised teams across government, finance, insurance, and defense on security reviews, assessments, and risk reduction.

Builder

Co-Founder, Education Institute

I helped build an institute for advanced IT concepts with practical experience, supporting students as they advanced or changed careers.

Foundation

Physics Teacher

Teaching advanced-level physics trained me to simplify hard problems, explain tradeoffs, and meet people where they are.

Certifications

Credentials that support the work

A snapshot of certifications across security, cloud, and engineering practice.

GIAC Defensible Security Architect Certification (GDSA) certificate

Awarded by GIAC

GIAC Defensible Security Architect Certification (GDSA)

GDSA validates a practitioner's ability to architect comprehensive defenses that balance prevention, detection, and response capabilities.

GIAC Web Application Penetration Tester (GWAPT) certificate

Awarded by GIAC

GIAC Web Application Penetration Tester (GWAPT)

GWAPT validates a practitioner's ability to advance organization security through penetration testing and deep understanding of web application security issues.

CREST Practitioner Security Analyst (CPSA) certificate

Awarded by CREST

CREST Practitioner Security Analyst (CPSA)

The CREST Practitioner Security Analyst (CPSA) is an exam that tests a candidate’s knowledge in assessing operating systems and common network services.

Books

A Few Books That Shaped My Life

Timeless ideas I revisit when I need clarity and momentum.

Cover of The 7 Habits of Highly Effective People by Stephen R. Covey

The 7 Habits of Highly Effective People

Stephen R. Covey

This is the book that shaped my life. When I joined Amazon, I had a major change of mindset I was going through a tough time initially. This book helped me navigate that period.

Cover of Atomic Habits by James Clear

Atomic Habits

James Clear

Practical systems for tiny improvements that compound over time. Helped me build sustainable routines for learning and writing.

Cover of Show Your Work! by Austin Kleon

Show Your Work!

Austin Kleon

A gentle nudge to share in-progress ideas. It changed how I think about teaching and documenting my work publicly.

Cover of The Productivity Project by Chris Bailey

The Productivity Project

Chris Bailey

Experiments and evidence-backed tactics for doing meaningful work with intention beyond busywork.

Selected Posts

Thoughts Worth Revisiting

A few posts that capture ideas I keep thinking about.

Janith Malinga @janithSmalinga

What you are shouts so loudly in my ears, I cannot hear what you say.

- Ralph Waldo Emerson

View on X
Janith Malinga @janithSmalinga

When a measure becomes a target, it ceases to become a good measure.

- Goodhart's law

View on X
Janith Malinga @janithSmalinga

Today I started working on a new challenge #100DaysOfWebHacking so, the next 100 days I will be exploring new web hacking concepts and I will share my journey here. Consistency is the master of excellency

- Robin Sharma

View on X