|
42 | 42 | { |
43 | 43 | "▼ Runtime Security": [ |
44 | 44 | "▼ Managed Sysdig and deployed it using the Sysdig Operator via Helm. Additionally, I leveraged ArgoCD to automate continuous delivery and ensure seamless synchronization of the application across multiple clusters.", |
45 | | - "▼ Monitored runtime events, investigating any that appeared abnormal, such as a user accessing an etc container as root, to identify potential security threats or policy violations.", |
| 45 | + "▼ Monitored runtime events, investigating any that appeared abnormal, such as a user accessing an etcd container as root, to identify potential security threats or policy violations.", |
46 | 46 | "▼ Fine-tuned the runtime rules within the Sysdig SaaS platform, carefully balancing custom rulesets with the pre-configured managed rulesets to optimize security and minimize false positives." |
47 | 47 | ] |
48 | 48 | }, |
|
61 | 61 | "▼ Continuously performed threat model analysis as my understanding of the infrastructure and environment grew, which revealed additional potential threat vectors.", |
62 | 62 | "▼ Collaborated with the SRE team to schedule periodic CIS benchmark tests for Kubernetes environments using kube-bench.", |
63 | 63 | "▼ Identified gaps in Pod Security Standards, presented the associated risks to leadership, and proposed remediation strategies, which led to greater visibility of the potential threats. One such risk for misconfigured Pod Security Standards is host mounting to the Kubernetes nodes. An engineer that can deploy and exec into a pod could host mount to any Kubernetes node and chroot to the mount as root.", |
64 | | - "▼ Identified improper usage and storage of the CA private key, which is used to sign certificates for root access to all Kubernetes nodes.", |
| 64 | + "▼ Identified improper usage and storage of the CA private key, which is used to sign certificates for root access to all Kubernetes nodes.", |
65 | 65 | "▼ Collaborated with the Red Team to schedule and coordinate periodic penetration tests on the infrastructure, ensuring regular security assessments to identify vulnerabilities and strengthen defenses." |
66 | 66 | ] |
67 | 67 | } |
|
88 | 88 | "overview": { |
89 | 89 | "summary": "In the Infosec organization, I focused on data science initiatives and leveraged automation to strengthen security measures. I contributed to enhancing Equinix's security posture while improving operational efficiency across global infrastructure through data-driven insights and best practices.", |
90 | 90 | "contributions": { |
91 | | - "✅ Infosec Data Science Initiatives": [ |
92 | | - "▼ Coordinated the build of a dedicated Infosec Kubernetes cluster in Equinix Metal with 6 m3.large.x86 servers.", |
93 | | - "▼ Designed a data lake strategy and created a generic data ingest K8s deployment to collect security feeds and logs using rsyslog and Fluentbit.", |
94 | | - "▼ Utilized Argo Workflows DAGs to manage the ML pipeline steps for processing security data." |
| 91 | + "✅ Software Development": [ |
| 92 | + { |
| 93 | + "▼ Security Architecture Review (Go, Angular, PostgreSQL)": [ |
| 94 | + "▼ Designed and developed a full-stack application to automate Security Architecture Reviews, significantly reducing the bottleneck of manual reviews and shortening review times from 3 months to just 30 minutes in some cases.", |
| 95 | + "▼ Developed the web app using Angular, Typescript, Bootstrap 4, and SCSS, with a responsive design based on the <a href='https://github.com/akveo/ngx-admin' class='text-sky-500'>ngx-admin</a> template. Unit tests were written using Jasmine and Karma.", |
| 96 | + "▼ Integrated PingID using OIDC for Single Sign-On (SSO). The web app included an authentication module that dynamically displayed user options based on roles (e.g., admin, reviewer). The app server validated the user's OIDC token and provided a JWT token for future authentication and authorization (Authn/z) during REST API calls.", |
| 97 | + "▼ The backend server was written in Go, leveraging the <a href='https://github.com/ardanlabs/service/tree/master' class='text-sky-500'>Service</a> framework. To ensure clean separation of program boundaries, the code was structured into API, business, and storage packages. Since this was an internal app with a low user volume, the focus was on code correctness, integrity, and maintainability.", |
| 98 | + "▼ Data was stored in a PostgreSQL database with a simple schema to track relationships between users and reviews.", |
| 99 | + "▼ Hosted the app in Kubernetes, deployed with ArgoCD and Helm charts." |
| 100 | + ] |
| 101 | + } |
| 102 | + ], |
| 103 | + "✅ Data Science": [ |
| 104 | + { |
| 105 | + "▼ ML Engineering": [ |
| 106 | + "▼ Coordinated the creation of a dedicated Infosec Kubernetes cluster on Equinix Metal to capture events specific to Equinix's unique environment, addressing gaps that off-the-shelf products did not cover.", |
| 107 | + "▼ Designed a data lake strategy to ingest and store data from various security streams, partitioned in S3 buckets for future processing and training.", |
| 108 | + "▼ Created a generic data ingestion deployment in Kubernetes to collect security feeds and logs using rsyslog and Fluentbit. Since Fluentbit's syslog module doesn't support TLS encryption, rsyslog was used to ingest the streams, and Fluentbit was responsible for uploading batched stream data to Minio S3 buckets, denormalized based on features like application, region, and IP address.", |
| 109 | + "▼ Due to the absence of a Helm chart for Kubeflow, the team used Argo Workflows DAGs to manage machine learning (ML) pipeline steps for processing security data." |
| 110 | + ] |
| 111 | + } |
95 | 112 | ], |
96 | | - "✅ Security Automation & Best Practices": [ |
97 | | - "▼ Automated the collection of global PAN firewall logs during a ransomware attack in 2020 to support the Red Team.", |
98 | | - "▼ Advised IT teams on security best practices, such as key rotation and access control to minimize security risks." |
| 113 | + "✅ Security": [ |
| 114 | + { |
| 115 | + "▼ 2020 Ransomware Attack": [ |
| 116 | + "▼ Played a key role in remediating Equinix’s 2020 ransomware attack by collaborating with Red Teams to assess infrastructure and security posture across environments.", |
| 117 | + "▼ Automated the collection of global PAN firewall logs during the ransomware attack to support the Red Team's investigation.", |
| 118 | + "▼ Advised IT teams on security best practices, including key rotation and access control measures, to minimize security risks during the incident.", |
| 119 | + "▼ Procured encrypted data from affected hosts as requested by the Red Team." |
| 120 | + ] |
| 121 | + }, |
| 122 | + { |
| 123 | + "▼ Threat Modeling": [ |
| 124 | + "▼ Assessed the firmware security risks for Equinix Metal servers and evaluated vendor solutions to protect firmware integrity." |
| 125 | + ] |
| 126 | + } |
99 | 127 | ] |
100 | 128 | }, |
101 | 129 | "skills": "Kubernetes · Helm Charts · ArgoCD · Python · Go · MLOps" |
|
0 commit comments