What It’s Like to Build a Cybersecurity Career at Cox Enterprises

What Cybersecurity Teams Do at Cox Enterprises

Erich Hansen doesn’t view cybersecurity as a job. 

For him, it’s a craft. As senior manager of application security at Cox Enterprises’ automotive business division, Hansen leads initiatives that embed security into every stage of the software delivery lifecycle, focusing on disciplines like software composition analysis and static application security testing to ensure vulnerabilities are identified and remediated early on. 

“Ultimately, my goal is to make security an enabler of trust and business outcomes, helping our customers and colleagues move faster, safely and with confidence,” he said.

At Cox, cybersecurity is a true team effort. That’s why Tomás Montilla, director of integrated cybersecurity architecture, and his team, which sit in the organization’s automotive division, actively break down silos by working side-by-side with engineering, product and operations teams throughout each project’s lifecycle.

“We believe the best security outcomes happen when architects engage early, share context openly and work alongside teams to build secure solutions rather than simply auditing them after the fact,” he said.

 

“We believe the best security outcomes happen when architects engage early, share context openly and work alongside teams to build secure solutions rather than simply auditing them after the fact.”

 

As Montilla’s team guides engineers on the cybersecurity implications of their architecture decisions and supports them in implementing the right controls, they stay focused on a shared goal: delivering products that make a meaningful impact. 

“Our motto is to ensure security is a catalyst — not a barrier — for building trusted, high-impact and forward-thinking solutions,” he said.

How Cox Enterprises’ Cybersecurity Teams Proactively Combat Fraud

When Montilla joined Cox 10 years ago, he was drawn to the opportunity to grow. And over the years, he has done just that, taking on various roles across several of the organization’s business divisions, while gaining constant support from leaders along the way. 

This ambition drives the work Montilla leads today, including the recent launch of a new solution for Cox Automotive. According to Montilla, his team supported the development of an identity-proofing capability for the company’s Central Dispatch application to combat fraudulent accounts and protect against malicious activity. 

“This was critical because Central Dispatch connects automotive transporters and dealers in a marketplace environment where fraudulent actors can cause significant financial harm and erode customer trust,” he said. 

Before launch, Montilla conducted a comprehensive penetration test to identify and remediate any critical or high-risk vulnerabilities. Strengthening the system early meant the team could introduce it to production with confidence, protecting both the integrity of the company’s fraud-prevention capabilities and customer data. 

The biggest challenge Montilla and his team encountered throughout the process was balancing comprehensive security testing with tight launch timelines. Identity-proofing solutions involve complex integration points, such as authentication flows and data validation logic, and each presents potential vulnerabilities that require thorough analysis. 

“To address this, I prioritized testing based on risk assessment, focusing penetration efforts on the highest-risk attack vectors first: authentication bypass scenarios, injection vulnerabilities in identity verification workflows, and potential data exposure through API endpoints,” Montilla said. “We then worked directly with the engineers to notify them of findings as they were identified, and to validate fixes quickly.”

This experience reinforced the importance of involving security early in project lifecycles. The application team’s decision to bring in security during the design phase helped ensure a seamless assessment, marking a major win for everyone involved.

“Successfully completing the assessment within the time constraints of the project and doing so in a manner that we felt provided value to the team was the key accomplishment of that exercise,” Montilla said. ”It led to strengthening of the relationship with the Central Dispatch stakeholders and also earned us trust through transparency and pragmatism.”

 

 

How Cox Enterprises’ Cybersecurity Teams Reduce Risk at Scale and Meet Compliance Requirements

Cox Enterprises’ cybersecurity teams are always finding new ways to reduce risk, which recently inspired Hansen’s team to build a penetration testing factory. 

This initiative standardized how his team schedules and executes penetration tests across applications while maintaining alignment with Payment Card Industry Data Security Standard (PCI DSS) and other compliance requirements. By introducing a consistent process with clear reporting and remediation workflows, Hansen’s team accelerated testing cycles, improved coverage and delivered actionable insights to stakeholders more quickly. 

“This work was critical for reducing risk at scale and ensuring regulatory compliance while supporting rapid product delivery,” he said.

As Hansen’s team developed the solution, they identified opportunities to better align intake processes, prioritization and ownership across teams. They addressed these by implementing a centralized intake system, clarifying prioritization criteria and ownership, in addition to automating templates with dashboards to improve visibility and accountability.

“This project not only strengthened compliance but also improved efficiency and collaboration across the organization,” Hansen said.

The greatest win for Hansen was transforming penetration testing into a predictable, scalable process. Eliminating chaos and delays allowed his team to provide leadership with real-time risk visibility, meet compliance deadlines and position the organization to support higher testing volumes without compromising quality. 

Beyond his team's success, he said that collaborating with a wide range of application teams gave him “a deeper understanding of the business and strengthened relationships across the organization.”

 

How Cox Enterprises Supports Career Growth in Cybersecurity Roles

“Pair that with a culture that encourages experimentation — especially in AI security — and you get an environment where you can advance your skills, earn credentials, and make a real impact,” he said.

As Hansen’s team grows, he said, they’re seeking individuals who are eager to embrace the latest technologies and trends, such as AI security and advanced cloud solutions, as this will give them the skills they need to shape the future of cybersecurity.

“It’s a team where you can learn, innovate and thrive,” he said.

 

“It’s a team where you can learn, innovate and thrive.”

 

On Montilla’s team, everyone has an equal chance to stretch their skills, partly due to the frequent collaboration that defines their work. 

“On our team, you won’t be isolated in an ivory tower issuing mandates,” he said.“You’ll be embedded with engineering and product teams as a trusted partner, solving problems collaboratively.”

Those interested in joining Montilla’s team should have a team player mindset and be able to translate security concerns into practical solutions, all in an effort to make life easier for their colleagues and customers. 

“We value architects who can balance rigorous security standards with pragmatic business needs, communicate transparently across organizational boundaries, and contribute to collective team knowledge rather than hoarding expertise,” he said.

At Cox Enterprises, the cybersecurity culture is generative rather than functional: a workplace where ideas flow freely, collaboration comes naturally, innovation is celebrated and trust grounds every project. 

“When trust and growth intersect, teams become creative, resilient and capable of delivering meaningful impact,” Hansen said.

 

Frequently Asked Questions