Cloud and IT Security Expert
NVISO, FRANKFURT - GERMANY
2017 - Consortium of 8 European banks
Member of the Global Audit team in charge to perform the initial security assessment of a global blockchain trading finance solution based on Fabric Hyperledger and deployed in IBM Cloud (previously BlueMix). The scope of the assessment includes security activities such as threat assessment, web application penetration tests, configuration reviews and static source code analysis.
2016 / 2017 - Grohe [Germany]
Threat analysis and complete security assessment of a new AWS Cloud-based Internet of Things platform, including source code reviews, penetration tests and configuration reviews of home appliances, associated mobile appliance and server-less backend services. Intervenes throughout all the phases of the development lifecycle to ensure "security by design".
2014 / 2017 - Port of Vancouver / Jasco Applied Sciences [Canada]
Development of a cloud orchestration platform based on Spring Cloud and Netflix Eureka distributed configuration architecture in order to federate, structure and secure a set of Spring Boot REST micro-services deployed on a OpenStack Cloud infrastructure.
Implementation of complex versioned configurations with service load balancing and routing strategies. Design and support in the implementation of the underlying scalable MongoDB cluster and message-driven infrastructure based on the RabbitMQ broker.
Development of a front-end UI, based on the Backbone and React.js frameworks and aimed at partners and clients to access real-time information related to vessel traffic in the bay of Vancouver. The underlying Spring Boot micro-service infrastructure is supported by a Redis cache cluster.
2016 - Payment processor [Belgium]
Security assessment of a series of REST micro-services deployed in the Azure Cloud exposed through the API Gateway, deployed on virtual machines and backed by Blob storage services. The technical review includes the execution of penetration tests, the verification of OS and network configuration, and the the source code review of critical services.