Christian Fernandez, Developer in Madrid, Spain
Christian is available for hire
Hire Christian

Christian Fernandez

Verified Expert  in Engineering

DevSecOps Engineer and Developer

Location
Madrid, Spain
Toptal Member Since
May 17, 2021

Chris is a pioneer in ethical hacking and a Linux systems engineer with multiple certifications and 22 years of experience. He is well-known in ethical hacking and open source communities and mentioned in books and documentaries. Chris was adding, securing, and auditing networks, servers, and systems before security engineers and DevSecOps existed. His expertise includes network protocols, low-level programming languages like C and Go, Ruby and Python scripts, and many cloud and systems tools.

SecuritySecurity Policies & ProceduresDNSSMTPMigrationScalabilityWeb SecurityCloudCloud SecuritySecurity ArchitectureAmazon RDSApplication SecurityCertified Ethical Hacker (CEH)Infrastructure as Code (IaC)LinuxXen HypervisorMicrosoft Exchange Server (EWS)Cisco RoutersNmapOSCPDigital ForensicsIMAPNessusGraylogPenetration Testing

Portfolio

Toptal (Screeners)
IT Security, Offensive Security, Cybersecurity, DevSecOps, DevOps, Linux...
White Stone Media
Amazon Web Services (AWS), SecOps, Terraform, IT Security...
Food & Snack Company
System Administration, DevSecOps, Deployment, Shell Scripting, Amazon RDS...

Experience

Ethical Hacking - 20 yearsCybersecurity - 20 yearsLinux - 20 yearsPenetration Testing - 20 yearsDevSecOps - 10 yearsCloud - 10 yearsDevOps - 10 yearsCertified Ethical Hacker (CEH) - 7 years

Availability

Part-time

Preferred Environment

Linux, NMap, OpenVAS, Jenkins, Terraform, Amazon Web Services (AWS), C, Go, OWASP Zed Attack Proxy (ZAP), Ethical Hacking, Vulnerability Identification, DNS, Mail Servers

The most amazing...

...client project was moving their infrastructure from data centers to AWS cloud architecture and securing it with a DevSecOps mindset and focus on security.

Work Experience

IT Security Screening

2022 - PRESENT
Toptal (Screeners)
  • Performed T1 screening of new IT security and DevSecOps Toptal talent.
  • Talked and reviewed with the talent and chatted about their experience and motivation to join Toptal.
  • Performed checks in our conversation to determine if they were a good fit for IT security and if their resume matched their experience.
Technologies: IT Security, Offensive Security, Cybersecurity, DevSecOps, DevOps, Linux, Systems, OWASP Top 10, Threat Modeling, Shell Scripting, Security Policies & Procedures, Data Loss Prevention (DLP), Audits, CISSP, Application Security

DevSecOps Engineer

2023 - 2023
White Stone Media
  • Used Sandbox/Bootstrap for the DevOps/Terraform procedures.
  • Consulted with the team at the start regarding cloud security best practices.
  • Built the initial DevOps CI/CD pipeline that later on was expanded.
Technologies: Amazon Web Services (AWS), SecOps, Terraform, IT Security, Data Loss Prevention (DLP), Audits, CISSP, GitHub, API Gateways, Application Security, Infrastructure as Code (IaC), Ubuntu Server, Ubuntu

DevOps | System Administrator

2023 - 2023
Food & Snack Company
  • Migrated a Django and React website from a Kubernetes configuration to a DigitalOcean Droplet within a tight deadline.
  • Installed a GNU and Linux server, created user accounts, and configured a web server and libraries for Django and React setup.
  • Implemented standard security practices to secure servers and user accounts.
Technologies: System Administration, DevSecOps, Deployment, Shell Scripting, Amazon RDS, DevOps, GitHub, API Gateways, Linux Administration, Infrastructure as Code (IaC), Ubuntu Server, Ubuntu

Pen Tester

2023 - 2023
Ethical Hacking - Security Penetration Testing for online database SAAS
  • Performed a gray box security penetration test on different parts of their infrastructure and software.
  • Wrote custom tools manually to test against the top 10 OWASP from 2022 with Zap proxy, nmap, Goa and Rust, Bash scripts, and curl. Also, with configurable audit tools like nuclei, prowler, and OpenVAS.
  • Ran a small OSINT investigation with data I was given to check into a possible thread that was made.
  • Found a workaround for a testing issue. I was not provided a custom Open API or Swagger schema to feed my API testing tools to do a white box test on all their endpoints. Managed to find using Zap Proxy some or most endpoints without brute forcing.
Technologies: Penetration Testing, Database Security, Amazon Web Services (AWS), OSCP, Certified Ethical Hacker (CEH), DevSecOps, Security Engineering, Cybersecurity, Security, IT Security, Security Architecture, OWASP Top 10, Threat Modeling, Shell Scripting, Security Policies & Procedures, Audits, CISSP, GitHub, Application Security, Linux Administration

Information Security Specialist

2022 - 2022
A Popular Retail Store Chain in Ecuador
  • Was provided with access to an array of devices to perform digital forensics on them.
  • Performed cybersecurity audits on their current mix of cloud and on-premises infrastructure.
  • Recommended the necessary changes to their infrastructure based on my findings and audit to avoid any internal data leakage.
Technologies: Security, IT Security, Cybersecurity, SharePoint 365, Active Directory (AD), Penetration Testing, Digital Forensics, Forensics, Data Loss Prevention (DLP), Audits, CISSP, GitHub, Application Security, Linux Administration

DevSecOps Engineer

2022 - 2022
An Online Gaming Platform
  • Suggested and participated in the architecture build for our client.
  • Prepared and built all the infrastructure as code with Terraform.
  • Secured the infrastructure and access with AWS DevSecOps best practices.
Technologies: Amazon Web Services (AWS), Amazon Kinesis, AWS AppSync, DevSecOps, AWS CodeBuild, AWS CodeDeploy, Go, Amazon Elastic Container Service (Amazon ECS), ECS, Amazon EKS, DigitalOcean, Terraform, DevOps, Data Loss Prevention (DLP), Audits, CISSP, GitHub, API Gateways, Linux Administration, Infrastructure as Code (IaC), Ubuntu Server, Ubuntu

Head of Cybersecurity and Systems

2017 - 2019
BetterHelp
  • Migrated the whole infrastructure from a data center to Amazon AWS.
  • Developed a DevSecOps culture with CI/DC in the entire development-to-production chain.
  • Created and implemented an array of cybersecurity tools into our CI/CD, enabling us to detect security bugs proactively.
  • Added the company to a 24/7 bug bounty program with Bugcrowd. Managed the program and was the spokesperson for BetterHelp, which became very helpful.
  • Performed POC exploits and tested vulnerabilities when they were reported to make sure that they were not false positives or malicious actors.
  • Wrote many Go tools to test OWASP Top 20 and many other vulnerabilities in code, systems, and servers before going into production.
  • Added IDS and real-time monitoring to every device, server, and system in the company. Developed and enforced change management and managed access policies.
  • Diagnosed and fixed scaling and reliability issues, identified bottlenecks that prevented more efficient resource utilization at the system level, and set up and maintained continuous integration systems.
  • Monitored, managed, and configured a MySQL replication; developed and conducted in-house penetration tests; and coordinated third-party penetration tests.
  • Stayed on top of security advisories for systems in our stack and kept systems updated with security patches as they were released. Ensured that employees' development environments and devices did not pose any security risks.
Technologies: Cybersecurity, Cloud, Linux, Ethical Hacking, Access Control, DevSecOps, DevOps, Amazon Web Services (AWS), Amazon Elastic Container Registry (ECR), Containers, Amazon Virtual Private Cloud (VPC), Architecture, IT Security, Kubernetes, Ansible, Amazon Elastic Container Service (Amazon ECS), AWS Fargate, Monitoring, Scalability, Systems Monitoring, Traffic Monitoring, PostgreSQL, Web Application Architecture, Site Reliability Engineering (SRE), Amazon EC2, Amazon S3 (AWS S3), Amazon Route 53, CORS, Amazon EKS, NGINX, SecOps, SIEM, Vulnerability Identification, Web Security, Cloud Security, Network Security, Certified Information Systems Security Professional, AWS Lambda, GitHub Actions, Security Engineering, Security, Security Architecture, OWASP Top 10, Threat Modeling, Deployment, Shell Scripting, Security Policies & Procedures, AWS CodeBuild, Amazon RDS, Terraform, Data Loss Prevention (DLP), Migration, Audits, CISSP, GitHub, API Gateways, Application Security, Linux Administration, Infrastructure as Code (IaC), Ubuntu Server, Ubuntu, Elasticsearch

Cloud Infrastructure and Security Engineer

2016 - 2017
Bugcrowd
  • Co-wrote a custom SSO solution that was a proxy for our VPC inside AWS and Okta. It was written in Go.
  • Wrote all Bash scripts to create Nagios monitoring and then migrated to AWS CloudWatch and other AWS DevOps tools.
  • Hardened custom Docker and AWS EC2 images, using Packer.
Technologies: Linux, TCP/IP, SaltStack, Docker, Security, Ethical Hacking, Bash, Go, Ruby, Terraform, Git, Nagios, Amazon CloudWatch, CI/CD Pipelines, Amazon Web Services (AWS), Amazon Elastic Container Registry (ECR), Containers, Amazon Virtual Private Cloud (VPC), Architecture, IT Security, Amazon Elastic Container Service (Amazon ECS), AWS Fargate, Scalability, DevOps, Systems Monitoring, Traffic Monitoring, AWS AppSync, PostgreSQL, Web Application Architecture, Python, Site Reliability Engineering (SRE), Amazon EC2, Amazon S3 (AWS S3), Amazon Route 53, CORS, Cloudflare, Amazon EKS, MongoDB, NGINX, SecOps, SIEM, Vulnerability Identification, Web Security, Cloud Security, Network Security, Certified Information Systems Security Professional, AWS Lambda, GitHub Actions, DevSecOps, Security Engineering, Cybersecurity, Security Architecture, OWASP Top 10, Threat Modeling, Deployment, Shell Scripting, Security Policies & Procedures, AWS CodeBuild, Amazon RDS, Data Loss Prevention (DLP), Server Migration, Audits, CISSP, GitHub, Application Security, Linux Administration, Infrastructure as Code (IaC), Ubuntu Server, Ubuntu

Senior Cybersecurity and DevOps Engineer

2015 - 2016
Fidelis Education
  • Set up, secured, configured, and maintained the AWS-based infrastructure for development, staging, and production.
  • Solo-developed automated builds, configuration, and deployment scripts for servers, open-source software, and our proprietary software. Ensured that solutions were secure, manageable, scalable, and testable.
  • Presented my concepts and ideas and played a crucial role in driving the development of ongoing system monitoring and management activities and evaluating and recommending the tools and technologies to use.
Technologies: Linux, Nagios, OpenVAS, Chef, Ruby, Jenkins, GitLab CI/CD, Git, Bash, NMap, OWASP Zed Attack Proxy (ZAP), Amazon Web Services (AWS), Amazon Elastic Container Registry (ECR), Containers, Amazon Virtual Private Cloud (VPC), Architecture, IT Security, Ansible, Amazon Elastic Container Service (Amazon ECS), AWS Fargate, Monitoring, Scalability, DevOps, Systems Monitoring, Traffic Monitoring, PostgreSQL, Web Application Architecture, Python, Site Reliability Engineering (SRE), Amazon EC2, Amazon S3 (AWS S3), Amazon Route 53, CORS, Amazon EKS, MongoDB, MySQL, NGINX, SecOps, SIEM, Graylog, Security, Vulnerability Identification, Web Security, Cloud Security, Network Security, Certified Information Systems Security Professional, DevSecOps, Security Engineering, Cybersecurity, Security Architecture, OWASP Top 10, Threat Modeling, Deployment, Shell Scripting, Security Policies & Procedures, AWS CodeBuild, Amazon RDS, Terraform, Mail Servers, SMTP, Migration, Server Migration, IMAP, CISSP, GitHub, Networking, Application Security, Linux Administration, Infrastructure as Code (IaC), Ubuntu Server, Ubuntu, Elasticsearch

DevOps Engineer

2014 - 2015
TriNetX Inc.
  • Introduced and integrated security as part of performance, design, and source code reviews.
  • Set up processes to communicate the status and tracking of work activities via Agile development tools and integrated security into these and other practices.
  • Heavily influenced evaluations and recommendations regarding the use of tools and technologies.
  • Introduced ongoing system monitoring and management activities.
Technologies: Jenkins, OpenVAS, Nagios, Ruby, C, Bash, Hacking, Penetration Testing, Amazon Web Services (AWS), Amazon Elastic Container Registry (ECR), Containers, Architecture, Ansible, Amazon Elastic Container Service (Amazon ECS), AWS Elastic Beanstalk, Monitoring, Scalability, DevOps, Systems Monitoring, Traffic Monitoring, PostgreSQL, Site Reliability Engineering (SRE), Amazon EC2, Amazon S3 (AWS S3), Amazon Route 53, CORS, MongoDB, MySQL, NGINX, SecOps, Web Security, Cloud Security, AWS Lambda, DevSecOps, Deployment, Shell Scripting, AWS CodeBuild, Amazon RDS, DNS, Mail Servers, SMTP, Migration, Server Migration, IMAP, Networking, Linux Administration, Ubuntu Server, Ubuntu, Elasticsearch

Senior Cloud and Cybersecurity Engineer

2011 - 2013
Playfirst Inc
  • Maintained and scaled servers, the network, and AWS cloud infrastructure to support high growth rates while serving as the head of architecture and working within the budget.
  • Served as the expert in all aspects of deployment, hosting architecture, and critical business systems, including firewalls, IDS, VPN, monitoring, regularly scheduled updates, enterprise monitoring redundancy, and BI systems.
  • Led the design and build-out of Playfirst's AWS and cloud strategy and integration with Google, Amazon, and other third-party hosted environments.
  • Mentored and trained operations and DevOps resources as needed.
Technologies: Ethical Hacking, Cloud, Agile, Ruby, Linux, Firewalls, Nagios, Cisco Routers, Jenkins, Chef, Amazon Web Services (AWS), Architecture, IT Security, AWS Elastic Beanstalk, Monitoring, Scalability, DevOps, Systems Monitoring, Traffic Monitoring, PostgreSQL, Web Application Architecture, Site Reliability Engineering (SRE), Amazon EC2, Amazon S3 (AWS S3), Amazon Route 53, HTML, CORS, MySQL, Gaming Platforms, NGINX, SecOps, Graylog, Security, Vulnerability Identification, Web Security, Cloud Security, Network Security, Certified Information Systems Security Professional, DevSecOps, Security Engineering, Cybersecurity, Security Architecture, Threat Modeling, Deployment, Shell Scripting, Security Policies & Procedures, AWS CodeBuild, Amazon RDS, Mail Servers, SMTP, Migration, Server Migration, IMAP, Audits, CISSP, Networking, Application Security, Linux Administration, Ubuntu Server, Ubuntu

Systems Engineer

2009 - 2011
Massachusetts General Hospital Center for Systems Biology
  • Implemented KVM virtual farms across one of the hospital's data centers for biology research, helping the researchers and developers implement a rapidly changing ecosystem of compute farms using virtualization such as KVM.
  • Migrated all nodes from XEN to KVM, operating systems, and virtual images from Red Hat to Ubuntu, and implemented a fast-paced environment strategy.
  • Developed Ruby and Bash scripts and installed Rails front ends, Nginx, Apache, and an array of new technologies used for research.
Technologies: KVM/Qemu, Linux, Xen, VirtualBox, Jenkins, Ruby, C, Puppet, Architecture, Monitoring, Scalability, Systems Monitoring, Traffic Monitoring, Site Reliability Engineering (SRE), HTML, MySQL, DevSecOps, Deployment, Shell Scripting, DNS, Mail Servers, SMTP, Migration, Server Migration, IMAP, Networking, Linux Administration, Ubuntu

Senior Network and Systems Engineer

2002 - 2007
VoiceSignal Technologies (Acquired by Nuance)
  • Owned the performance, security, and maintenance of two email servers, four file servers, five web servers, three firewalls, eight routers, four databases, and eight internal and remote networks in three offices (Korea, China, and the United States).
  • Pioneered an OpenVPN server for 120 users of an 80-node cluster supercomputer. Monitored and analyzed network performance and security with diverse networking tools and shell scripts that I wrote.
  • Built firewalls and added custom rules weekly depending on new threats.
  • Monitored the internal LAN and users to protect company information, ensure compliance with IT and general policies, and, most importantly, prevented attacks from network intruders.
Technologies: Linux, Azure Active Directory, OpenPBS, C, Bash, Ruby, Nagios, Windows Server 2000, Domain Controllers, Microsoft SQL Server, Microsoft Exchange Server, Nessus, NMap, Hashcat, Perforce, Node Clusters, Parallel Computing, OpenVPN, Architecture, Monitoring, Scalability, Systems Monitoring, Traffic Monitoring, Web Application Architecture, Site Reliability Engineering (SRE), HTML, Graylog, Network Security, Deployment, Shell Scripting, DNS, Mail Servers, SMTP, Migration, Server Migration, IMAP, Networking, Linux Administration

Speaker at LibrePlanet 2017

https://www.fsf.org/blogs/community/meet-the-libreplanet-2017-speakers-christian-fernandez
Delivered a presentation at LibrePlanet 2017 on penetration testing. The session was entitled, "Pentesting loves free software," and I explained how pentesting can be carried out using entirely free tools.

Hack The Box

http://hackthebox.eu
An ongoing capture the flag (CTF) contest that involved hacking vulnerable-by-design servers that recreated different scenarios with well-known software services that occurred recently in worldwide companies. The servers had different punctuation, depending on the challenges and types of vulnerabilities.

I completed the contest and was able to hack all known servers on the list. The points I earned were in the top 100 out of hundreds of thousands of ethical hackers worldwide.

gNewSense | GNU/Linux-libre Distribution Developer

gNewSense was one of the first libre distributions of GNU/Linux, which I worked on from 2005 to 2007, focusing on migrating the whole KDE environment to it. I was cited (as rek2) for making a significant contribution.

Rubyfu Contributor

https://rubyfu.net/contributors?utm_medium=email#contributors
I contributed to Rubyfu, a book with examples of how to hack and implement cybersecurity with Ruby. It's a great collection of ideas, tricks, and skills that could be useful for hackers and a unique extraction reference, summarizing a lot of research and experience to help you achieve your w00t in the shortest and smartest way. Rubyfu is where you'll find plug-n-hack code. It's a book to use, not only to read—it's where Ruby goes evil.

Mentions in Publications

Hack Story
Hack Story is a popular online book and encyclopedia that deals with hacker culture and history, with special attention to Hispanic initiatives, groups, anecdotes, and meeting points. I am mentioned, using some of my hacker nicknames, such as ReK2WilDs and ReK2, in a popular book on hacker culture. We started creating it in the summer of 2008, and we have published around 200 articles. We have 18,000 monthly visits with around 580 per day (https://www.hackstory.net/BBK).

Historia del Hacking en España
I was mentioned many times in this work that offers information on the hacker groups that emerged: how they were organized, their exploits, their myths, the events in which they met, the most curious anecdotes, and the evolution that hacking and its activists have undergone.
https://www.casadellibro.com/libro-historia-del-hacking-en-espana-la-historia-nunca-contada-del-und-rground-hacker-en-espana/9788499649863/11777755.

SourceHut Personal GIT Repository

https://git.sr.ht/~rek2/
Developed a personal Git repository that hosts projects related to hacking, cybersecurity, satellites, Capture The Flag (CTF) competitions, penetration testing, DevSecOps, operational security (OpSec), privacy, and various other topics.
2001 - 2002

Certificate in Network Engineering

Boston University - Boston

FEBRUARY 2017 - PRESENT

Advanced Penetration Testing

Cybrary

SEPTEMBER 2016 - PRESENT

eLearnSecurity Certified Professional Penetration Tester (eCPPT)

eLearnSecurity

AUGUST 2014 - PRESENT

Certified Ethical Hacker (CEH v7)

EC-Council

JULY 2012 - PRESENT

Certified Penetration Tester

Information Assurance Certification Review Board (IACRB)

Languages

Bash, Python, HTML, C, Go, Ruby, Rust, Bash Script

Frameworks

OpenVAS

Tools

NMap, Terraform, OWASP Zed Attack Proxy (ZAP), Hashcat, NGINX, Amazon Virtual Private Cloud (VPC), AWS CodeBuild, GitHub, Jenkins, Git, KVM/Qemu, Nessus, OpenVPN, GitLab, Amazon Elastic Container Registry (ECR), Ansible, Amazon EKS, Graylog, SaltStack, Nagios, Amazon CloudWatch, Chef, GitLab CI/CD, VirtualBox, Puppet, Perforce, Amazon Elastic Container Service (Amazon ECS), AWS Fargate, AWS AppSync, AWS CodeDeploy

Paradigms

Penetration Testing, DevSecOps, DevOps, Web Application Architecture, Agile, Parallel Computing

Platforms

Linux, Amazon Web Services (AWS), Amazon EC2, Ubuntu, Docker, DigitalOcean, Kubernetes, AWS Lambda, Xen, Windows Server 2000, AWS Elastic Beanstalk, Blockchain, SharePoint 365

Industry Expertise

Cybersecurity, Network Security

Other

Ethical Hacking, Cloud, Certified Ethical Hacker (CEH), Systems, TCP/IP, Security, CI/CD Pipelines, SecOps, IT Security, Monitoring, Scalability, Systems Monitoring, Site Reliability Engineering (SRE), Amazon Route 53, Vulnerability Identification, Web Security, Cloud Security, Certified Information Systems Security Professional, Security Engineering, Security Architecture, OWASP Top 10, Threat Modeling, Deployment, Shell Scripting, Security Policies & Procedures, Amazon RDS, DNS, Mail Servers, SMTP, Migration, Server Migration, IMAP, Audits, Networking, Application Security, Linux Administration, Infrastructure as Code (IaC), Ubuntu Server, Offensive Security, AWS DevOps, AWS Secrets Manager, Containers, Architecture, Traffic Monitoring, Cloudflare, Gaming Platforms, SIEM, GitHub Actions, Data Loss Prevention (DLP), CISSP, API Gateways, Network Protocols, Routing, Access Control, Cisco, Hacking, Firewalls, Cisco Routers, OpenPBS, Domain Controllers, Node Clusters, Access Lists, Open Source, Networks, CORS, OSCP, System Administration, Amazon Kinesis, ECS, Active Directory (AD), Digital Forensics, Forensics

Storage

PostgreSQL, Amazon S3 (AWS S3), MySQL, Elasticsearch, Azure Active Directory, Microsoft SQL Server, Microsoft Exchange Server, MongoDB, Database Security

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring