alex

kaskasoli

readme

Senior Security Engineer with an offensive security background, picked up a part-time degree in Statistics and Data Science during the pandemic.

In my last two roles as a Security Engineer and Head of Security and DevOps I drove the design and development of AWS organizations, hardened k8s clusters and cloud environments, evangelized GitOps practices across the engineering pool, and set up logging and monitoring stacks.

Back in my pentesting days, I conducted security assessments on a range of tech stacks and participated in offensive engagements against large organizations. I'm a big fan of leveraging CI/CD pipelines and DevOps tooling for lateral movement and privilege escalation. I'm less a fan of Active Directory and Windows environments but will make sense of a Bloodhound graph to execute an AD attack path.

During downtime I enjoy traveling and reading extensively: history, hard SciFi and, increasingly, sobering tech books.

blog

My blog https://alex.kaskaso.li/ showcases some personal work, conference talks and open-source projects. This includes a critical vulnerability in Kubernetes' Minikube, some thoughts on CI/CD security that were cited on Google's k8s podcast, a custom k8s controller, a framework for conducting DNS rebinding attacks as well as an interesting attack on AWS cloud environments using headless browsers (nominated for PortSwigger's "best web hacks of 2018").

skills

Cloud

Experienced with AWS and some Azure. Designed multi-account architecture with security in mind. Implemented centralized logging for a large AWS org.

Coding

Affinity with Python, some projects in Golang and Node.js. Dabbled around C and Assembly when working on basic memory corruption vulnerabilities.

CI/CD

GitOps evangelist. Spoke about CI/CD pipelines and security at a couple of local conferences and meetups.

Kubernetes

Experience running and securing k8s. Wrote a custom controller and support tooling for AWS-backed secrets management.

DevOps

Automating infrastructure and operations with Terraform and Ansible.

Security

Years of experience security testing a wide range of application stacks and infrastructure.

experience

Kaluza

Tech Lead Security Engineer at Kaluza, working on custom k8s secrets management for the new platform, centralized infrastructure logging for a large AWS org, automating security controls, identifying attack paths across the cloud environments and advising engineers on closing gaps.
2 years
London, UK

TrueLayer

Senior Cloud Security Engineer promoted to Head of DevOps and Security, working closely with engineering teams and upper management to scale infrastructure, enhance DevOps practices, mitigate security risks and meet regulatory compliance.
1.5 years
London, UK

MWR InfoSecurity

Security Consultant at MWR InfoSecurity, working on infrastructure and application security and simulated attacks ("red team"). Worked with clients across a range of industries from finance to critical infrastructure.
4 years
London, UK

certificates

OSCP, OSCE, CRT, CCT
MicroMasters Statistics and Data Science (MITx, in progress)
BSc Ethical Hacking & Countermeasures (University of Abertay)

contact

alex@kaskaso.li