Cimpress operates VistaPrint, a 25-year-old e-commerce platform that's built mass customization infrastructure at scale - billions of business cards printed, plus signage, apparel, and web services for small businesses. The threat model is straightforward: customer payment data, design files, and the production pipeline itself. The attack surface spans custom design tools, multi-cloud environments (AWS, Azure, GCP), and a remote-first engineering org working asynchronously across time zones.
The security posture runs on standard enterprise tooling - SIEM, NGFWs, IDS/IPS, and EDR - backed by multi-cloud deployments. Teams use PagerDuty for incident response and Slack for coordination. Engineers have autonomy over tooling choices and roadmaps, which means security architecture needs to scale across decentralized decision-making without becoming a bottleneck. The production feedback loop is measured in days, not quarters, so security controls have to integrate without slowing deployment velocity.
The operational reality: distributed teams shipping custom design software and e-commerce features while managing physical production infrastructure. Security work here means defending customer data flows, securing design tool integrations (Adobe, Figma, Blender), and maintaining posture across three major cloud providers. It's infrastructure protection at the intersection of digital commerce and physical manufacturing, with the added complexity of remote-first async collaboration as the default operating model.