Security built from
the inside out.

Built to accelerate engineering teams and protect the organizations depending on them.

Connect on LinkedIn GitHub
Scroll to explore
Tony Arthur - Security Engineering Leader

About

Most security leaders stop being engineers the moment they become leaders. I never did.

I write code and I run teams. I've built systems at Amazon scale and led enterprise security strategy as a CISO. That combination — hands-on technical depth alongside leadership — is what lets me build security that engineers actually use and organizations actually rely on.

The career arc tells the story: founding a behavior-based threat detection startup, leading incident response against nation-state actors, serving as CISO at Canadian Pacific Railway, leading security analytics and engineering teams at AWS, and now building AI-powered application security systems at Amazon. Different scales, different industries — the same conviction throughout.

Security done right is a force multiplier
for engineers and for the organization.

Recent Experience

Amazon

Sr Manager, Security Engineering

Building AI-powered security systems that accelerate engineering teams

AWS

Sr Manager, Software Engineering

Security analytics and engineering at Amazon scale

Career

A deliberate arc.
Always forward.

Present
Sr Manager, Security Engineering
Amazon
Leading Application Security for a major business unit at Amazon. Building AI-powered security tooling that measurably accelerates engineering teams — making security a velocity enabler, not a bottleneck.
AWS
Sr Manager, Software Engineering
Amazon Web Services
Architected, started, and led engineering teams building security services at Amazon scale — responsible for systems protecting millions of users across global infrastructure.
CP Rail
Sr Director / CISO
Canadian Pacific Railway
Full accountability for enterprise security strategy across a $14B critical infrastructure operator — board-level reporting, nation-state incident response, and defense against elite red teams and adversaries.
Founded
Founder
SevenTwentyNine
Built a behavior-based endpoint threat detection and response platform that caught threats others missed — without adding friction. Security should protect without obstructing — that conviction starts here.

01

Security is a design problem

Security that creates friction gets bypassed — and bypassed security protects nothing. Building it into how people work, from the start, beats bolting it on after.

02

AI changes the attack surface and the defense

Adversaries are using AI to operate faster and at greater scale. The only viable response is security programs that use it too — for detection, triage, and eliminating the manual work that slows defenders down.

03

The adversary doesn't slow down

Nation-states, ransomware groups, and insider threats operate at speed and scale. Security programs that can't match that pace are already behind. The only way to close the gap is automation — detection, response, and remediation that doesn't wait for a human to notice.