A welcome post
π Nice to meet you! My name is Dmitrii.
Here I write about my practical experience in cybersecurity / DevSecOps. Results of solving business use cases, hands-on labs and own research findings are the main content that I expect to put here.
Few words about myself. I had my πΊ first computer in 1992, that was a ZX Spectrum. Two years later, in 1994, I got a PC based on i486 processor. It always was way too interesting to learn how PC works, and especially its software part. During school years Iβve often troubleshooted and fixed different Microsoft Windows software-related issues.
Since 2006 for the next 12 years I worked as π¨βπ» software developer in test (SDET). The peak of the career was a contractor position at Googleβs headquarters in Mountain View, CA. In SDET role Iβve practiced software development lifecycle with quality-first and automation-first approaches.
In 2018 Iβve made a transition to π‘ cybersecurity. It was my area of interest for the recent years. Also, the field of study of my specialist degree and PhD thesis was information security. I went a path from being the only SecOps engineer in the company to building a dedicated security team.
Even though I always worked at defensive side, I believe knowing how system can be hacked is a must. Defensive and offensive security should come together.
A list of few π planned topics:
- AWS: built-in security controls, automation of real-world routines, along with simulation of attacks (privilege escalation, resource enumeration, injection, SSRF, WAF bypass, etc.);
- Kubernetes: common misconfigurations, comprehensive security approach, attack simulations (e.g. bad pod);
- DevSecOps: a required skillset, based on interview experience.
P.S. Iβd be happy if you find my content useful in any way. And even more happy receiving any feedback, discussing, collaborating or networking. Feel free to leave me a message in comments or at LinkedIn.