Mastery Coding | Security

Governance

Mastery Coding prioritizes your security and privacy with robust, layered controls, continuous monitoring, and strict data protection measures applied consistently across all systems.

Access is limited to only those with a legitimate business need and granted on the principle of least privilege.

Security controls are implemented and layered with redundancy and fallbacks.

Security controls are applied consistently across the organization.

Controls are maintained, reviewed, and improved at regular intervals.

Data Protection

Data at Rest

Mastery Coding stores all user data in secure servers located within the continental United States. Customer data is housed in encrypted MongoDB Atlas clusters, and user-uploaded files (like portfolio projects and assignments) are stored in Google Cloud Storage buckets. All data, including databases and files, is encrypted at rest using AES-256.

Data in Transit

Mastery Coding uses TLS 1.2 or higher everywhere data is transmitted over potentially insecure networks. Server TLS keys and certificates are managed by Google Certificate Manager and deployed via Application Load Balancers with strict SSL policies.

Secret Management

Encrypted application secrets are stored in the private Github repos of the applications and Dotenv servers using Dotenv Vault for use during CI builds through Github Actions.

Product Security

Application Vulnerability Scanning

Mastery Coding requires vulnerability scanning at key stages of our Software Development Lifecycle. We use the following Datadog observability services:

Static code analysis (SAST) of code in our Github repos and at runtime

Software Composition Analysis (SCA) to identify known vulnerabilities in our software supply chain

Runtime Code Analysis (IAST) to track vulnerabilities in running applications

Cloud Security Posture Management (CSPM) to continuously monitor cloud hosts for misconfigurations.

Cloud Infrastructure Entitlement Management (CIEM) to identify and address identity risks in our IAM configurations.

Google Cloud IDS

(Intrusion Detection System)

Our production networks in Google Cloud use Google IDS to monitor and detect network based threats such as malware, spyware, and command-and-control attacks.

Organization Security

Vendor Security

Mastery Coding uses the Vanta Vendor Risk Management service to track and assess an internal risk rating for each vendor which informs the approval decision.

The risk rating is assessed based on the following quesitons:

How much access does the vendor have to customer and organization data?
How much does the vendor integrate with production environments?
How much impact would an outage on the vendor have on production systems?

Secure Remote Access

All IT and administrative staff with access to IT resources are required to use a NordLayer Gateway to access internal cloud networks and non-production environments.

Security Education

Mastery Coding provides critical security training to all employees as part of the onboarding process and conducts yearly refresher training on important security concepts.

All new engineers must also complete training on secure coding principles and practices.

Secure Remote Access

All employee accounts are managed through Google Workspace where security features like 2FA are enforced and suspicious logins alert the security team.

Employees are granted access to applications based on their role and automatically deprovisioned upon termination of their employment contract. Further access requires approval in accordance with our access management policies.

Security and Privacy at Mastery Coding

Governance

Data Protection

Data at Rest

Data in Transit

Secret Management

Product Security

Application Vulnerability Scanning

Google Cloud IDS

(Intrusion Detection System)

Organization Security

Vendor Security

Secure Remote Access

Security Education

Secure Remote Access

Data Privacy