At Umbraco, we’ve always said we have the friendliest community in the world. But being friendly also means being honest about the challenges we face.
This year, the Security & Privacy Community Team is shifting its focus. We are moving away from abstract policies and into the daylight operations of running Umbraco in the real world. We want to talk about what actually happens when the servers are live, the edge cases that keep you up at night, and the "war stories" that make us better developers.
Why we need you in the trenches
Security shouldn't be a black box or a secret club. It’s a collective effort. For the upcoming term, we are looking for members who are ready to get hands-on with:
- Real-world War Stories: We want to move past "best practices" and talk about "actual practices." What happened when a site was compromised or a feature turned into being a security risk? How was it fixed? By sharing these stories, we turn individual lessons into community knowledge.
- The Good, The Bad, and the Ugly Code: We’ll be sharing and reviewing code snippets—including the ones that didn't work. We want to analyze real vulnerabilities and discuss how to harden our implementations against the creative exploits seen in the wild.
- Operational Security: We’re focusing on what matters to a company’s daily operations. How do we balance high-level security with the need for speed, performance, and a great editor experience?
- Making Problems Visible: In the spirit of Umbraco, we believe that acknowledging a problem is the first step to solving it. We want to explore the edge cases—those strange, specific scenarios that standard documentation doesn’t cover.
Is this for you?
We need a mix of perspectives to ensure our security approach works in the real world. You might be:
- Practical Developers who deal with Umbraco sites every day.
- The CTO or Tech Lead: You bring the business perspective. You understand the cost of downtime, the necessity of smooth patching procedures, and how to communicate security value to stakeholders.
- Sysadmins & DevSecOps who understand the infrastructure side of the coin.
- Curious Minds who aren't afraid to ask "what if?" and share their own experiences.
High Five, You Rock! (H5YR!)
By joining the team, you aren't just "volunteering"—you are helping shape the security culture of the CMS we all love. You’ll have a direct line to the Umbraco HQ security team and a chance to make a lasting impact on the ecosystem.
Ready to step into the daylight?
How we’ll work together
We know you’re busy building great things, so we’ve kept the format lean and impactful.
- Monthly Heartbeat: We meet once a month for 60 minutes. No endless meetings—just a focused hour of sharing and learning.
- The Inside Track: Umbraco HQ will share direct insights into what we are seeing, developing, and prioritizing on the security front.
- Your Side of the Story: This is where the magic happens. We’re looking for you to bring your operational reality to the table. Whether it’s a specific edge case, a "bad" code snippet you encountered, or a hard-won lesson from a site deployment, your stories help harden the ecosystem for everyone.
The Selection Process
To ensure a balanced mix of voices and perspectives, we follow a simple path:
- Review & Diversity: Once applications close, we’ll review all submissions. We’re looking for a diverse team across geography, gender, and roles—from freelance devs to agency CTOs. Every operational perspective adds value.
- A Quick Chat: We’ll invite selected candidates for a short, informal interview to align our goals and chat about your interests.
- Welcome Aboard: Once the team is set, we’ll kick off our first session and start moving into the daylight together.
Ready to join?
We’d love to hear from you.
Application closes on June 19th, 2026, and shortly after, we’ll be welcoming members to the Umbraco Security & Privacy Community Team.
If you have any questions, do not hesitate to reach out to Mathias Tøndering at mta@umbraco.dk
Written by: Mathias Tøndering
Published: May 7th, 2026