Обо мне

Team-oriented leader with a successful track record and over 15 years experience of helping business build quality, fast and secure projects. All my experience has driven me to define problems and design solutions for those problems.

I`ve worn many hats in my career: black, white, developer, engineer, architect and manager. As a result, i have unique ability to communicate clearly and effectively to both technical and business audiences, manage multidisciplinary projects and to solve complex technical challenges.

Leadership: 8 years of technical management (co-located, remote, and offshore) experience in software development/support/maintenance (traditional & SaaS), recruiting, planning, performance management, project management/SM, mentoring/coaching, production hardware/software support and maintenance, internal and external customer relationship management.

Programming Languages: Linux system & kernel programming, C, Python, Ruby, Bash, JavaScript, Lua, Perl, x86 assembly

Security: Wireless/hardware hacking, SDR, web/network penetration tests, security audits/forensics. Viruses and malware reverse engineering. Anti-cheating technologies. PKI, SSL, identity management, firewalls, AAA, Client Certificates, OCSP, Application security processes, concepts and SDLC.

Markup: HTML, CSS, Bootstrap, Angular JS, jQuery, Mootools

Environment/Stack: OS(Linux, *BSD, Windows), LAMP, Comms(MQ,TIBCO,CORBA), Web(SOAP, RESTful)

Networking: OSI model, TCP/UDP/IP, C10k_problem, highload software development, packet sniffing and dissecting, 802.11x/802.11/blueZ stacks

Server technologies: *nix(SSH, DNS, DHCP, Firewall, NAT, Mail), virtualization(Docker, LXC, OpenVZ), web(Nginx, Apache, Squid)

Relational/non-relational databases: PostgreSQL, MySQL/MariaDB, SQLite, Tarantool, MongoDB

Design/Process: CICD, Agile, Scrum(Master & Product Owner), traditional waterfall, iterative.

Профессиональные навыки
Опыт работы
Август 2014 — по настоящее время (4 года и 5 месяцев)
Head of Application Security
Обязанности и достижения
- Application Security Development Lifecycle processes building; - Security Audit as a service; - Build and educate Security QA teams in several projects; - Infrastructure security projects(WAF, HIDS, NIDS, external network scanning, security updates monitoring); - Incident response process and infrastructure; - Anticheat competence center(cheat analytics, reverse engineering and protection evangelism);
Июнь 2013 — Июль 2014 (1 год и 2 месяца)
Director of Information Security
Обязанности и достижения
- Delivering non standard security audits and security testing approach to non standard development processes - Security features project management and architecture development - More than 500 security vulnerabilities found in company products during year - Exploitation detection, prevention and mitigation techniques is launched on regular phasis - Dealing with top managers from one side and blackhats from other - Build software security testing and audit process from zero - PR, Marketing and security evangelism - Launched own, the coolest bug-bounty program based on full-disclosure policy
Август 2012 — Июнь 2013 (11 месяцев)
Chief Information Security Officer
Обязанности и достижения
IT Security building from zero to hero. - Software security testing and audit process - Network infrastructure, datacenters and office security - IT security policies - Security projects management Keywords: policy, compliance, penetration testing, ids, firewalls, PM
Октябрь 2010 — Июль 2012 (1 год и 10 месяцев)
Security consultant/Expert
Обязанности и достижения
- Security incidents investigation; - Researching and hacking botnets; - Searching for web vulnerabilities in company products; - Source code audit process automatization; - OTP keys infrastructure research and implementation; - DDoS monitoring/emulation infrastructure research and implementation; Keywords: ddos protection, source code audit, botnets, web security
Сентябрь 2008 — Октябрь 2010 (2 года и 2 месяца)
Project Architect / Manager Analyst
Обязанности и достижения
- Partitional project management; - JS/Flash/PDF malware sandbox architecture research and half development; - Safe browsing system architecture research, analytics and a piece of development; - Virus analytics; - Research and analyze web malware, its spread techniques, internal structures and detection possibility; - Compare our system to the competition; Keywords: PM, malware, exploits, obfuscation, security, virtualization, highload
Ноябрь 2006 — Сентябрь 2008 (1 год и 11 месяцев)
Highload software developer
Обязанности и достижения
- Distributed web-statistics system research, development and administration; - Research in databases optimisations and high load systems development; - Load testing; - Searching for security vulnerabilities in company products(more than 10 security advisories). Keywords: Debian Linux, Apache, Lighttpd, PHP+FastCGI, Memcached, MySQL(M-M M-S Replication), ANSI C
Март 2005 — Март 2006 (1 год и 1 месяц)
PEM QA Engineer, QA Internal Development
Обязанности и достижения
- Quality assurance and security audit of company hosting automation products(PEM, Plesk, Confixx, SiteBuilder); - QA process automation and security audit software development; - Security audit and penetration testing of large company customers; - Searching for security vulnerabilities in company products(more than 30 security advisories) Keywords: Parallels, Virtuozzo, PEM, Plesk, QA, Bash, PHP, MySQL, Qmail. Linux, RedHat, Fedora, ANSI C, Nessus patch
Высшее образование
Январь 2002 — Январь 2008
Информатики и вычислительной техники (ИВТ)
Специализация и достижения
- Инициатор разработки, организатор и ведущий разработчик студенческих веб-ресурсов СибГУТИ. - Верстальщик и журналист в студенческой газете. - Разработка и руководство первым в сибири шардом Ultima Online - Разработка и руководство одним из первых в мире шардов WoW - 3 городские награды за вышеперечисленные проекты. Дипломы: "Исследование методов защиты от распределенных сетевых атак", "Гибридный P2P ботнет"
Рекомендательные письма
iOS all the things! • знакомый

Знает толк в безопасности

Письмо написано 25 апреля 2010 в 06:09
Ищу гармонию... • знакомый

Выводит вирусы на чистую воду

Письмо написано 26 июня 2009 в 17:35