Interview: Shopify CISO Andrew Dunbar on Securing an E-Commerce Giant

https://www.infosecurity-magazine.com/interviews/interview-shopify-ciso-andrew/

Publish Date: 2026-06-24 09:45:13

Source Domain: www.infosecurity-magazine.com

Andrew Dunbar, the Chief Information Security Officer (CISO) for Shopify since 2012, has played a crucial role in shaping the company’s cybersecurity strategy as it has grown from a small startup to a multinational e-commerce giant supporting thousands of retailers and globally recognized brands. Dunbar’s emphasis on a ‘engineer first’ approach has helped Shopify integrate cybersecurity practices deeply within its engineering culture. He highlights that artificial intelligence (AI) has democratized access to powerful security tools, allowing teams to use AI to scale compliance, enhance monitoring, and automate security processes. Shopify’s commitment to a zero trust environment, which ensures continuous verification of entities, and leveraging an AI proxy adds robust security measures as AI threats continue to evolve. Dunbar also praises Shopify’s bug bounty program for its diverse security researcher community, which helps identify vulnerabilities that traditional assessments might miss. The biggest success for Shopify in recent years has been the adoption of passkeys, enhancing account security through cryptography. Overall, Dunbar underscores the importance of understanding the broader ecosystem and maintaining vigilance against the novel AI-enabled threats posed by current attackers.

Key Points:
– Shopify places significant importance on an ‘engineer first’ approach to cybersecurity.
– AI has become integral in enhancing cybersecurity, enabling scalable and efficient compliance and monitoring.
– Shopify maintains a zero trust architecture and uses an AI proxy to secure data and operations.
– The bug bounty program benefits from the diverse expertise of thousands of security researchers.
– Managing AI-enabled cyber threats is a top priority for Shopify’s security efforts.