Christian Fernandez, Developer in Madrid, Spain
Christian is available for hire
Hire Christian

Christian Fernandez

Verified Expert  in Engineering

Bio

Chris is a pioneer in ethical hacking and a Linux systems engineer with multiple certifications and 22 years of experience. He is well-known in ethical hacking and open source communities and mentioned in books and documentaries. Chris was adding, securing, and auditing networks, servers, and systems before security engineers and DevSecOps existed. His expertise includes network protocols, low-level programming languages like C and Go, Ruby and Python scripts, and many cloud and systems tools.

Portfolio

Toptal (Screeners)
IT Security, Offensive Security, Cybersecurity, DevSecOps, DevOps, Linux...
AB-InBev - St Louis
Antivirus Software, Malware Analysis, Malware Removal, IT Security, Security...
White Stone Media
AWS, SecOps, Terraform, IT Security, Data Loss Prevention (DLP), Audits, CISSP...

Experience

Availability

Full-time

Preferred Environment

Linux, NMap, OpenVAS, Jenkins, Terraform, Amazon Web Services (AWS), C, Go, OWASP Zed Attack Proxy (ZAP), Ethical Hacking, Vulnerability Identification, DNS, Mail Servers

The most amazing...

...client project was moving their infrastructure from data centers to AWS cloud architecture and securing it with a DevSecOps mindset and focus on security.

Work Experience

IT Security Screening

2022 - PRESENT
Toptal (Screeners)
  • Performed T1 screening of new IT security and DevSecOps Toptal talent.
  • Talked and reviewed with the talent and chatted about their experience and motivation to join Toptal.
  • Performed checks in our conversation to determine if they were a good fit for IT security and if their resume matched their experience.
Technologies: IT Security, Offensive Security, Cybersecurity, DevSecOps, DevOps, Linux, Systems, OWASP Top 10, Threat Modeling, Shell Scripting, System Security, Data Loss Prevention (DLP), Audits, CISSP, Application Security, AWS Cloud Security, AWS CloudTrail, Shell, Linux System Administration

[Managed Delivery] DevSecOps Engineer

2024 - 2024
AB-InBev - St Louis
  • Ensured cybersecurity best practices across the Git repo and AWS infrastructure.
  • Focused on ensuring cybersecurity best practices in the source code and secured accounts.
  • Set up IAM users, policies, and AWS infrastructure, including Amazon Elastic Container Registry (ECR) and AWS App Runner.
Technologies: Antivirus Software, Malware Analysis, Malware Removal, IT Security, Security, System Security, DevOps, DevSecOps, Intrusion Prevention Systems (IPS), AWS Cloud Security, AWS CloudTrail, Automation, App Infrastructure, Shell, Linux System Administration

DevSecOps Engineer

2023 - 2023
White Stone Media
  • Used Sandbox/Bootstrap for the DevOps/Terraform procedures.
  • Consulted with the team at the start regarding cloud security best practices.
  • Built the initial DevOps CI/CD pipeline that later on was expanded.
Technologies: AWS, SecOps, Terraform, IT Security, Data Loss Prevention (DLP), Audits, CISSP, GitHub, API Gateways, Application Security, Infrastructure as Code (IaC), Ubuntu Server, Ubuntu, AWS Cloud Security, AWS CloudTrail, Automation, App Infrastructure, Shell, Linux System Administration

DevOps | System Administrator

2023 - 2023
Food & Snack Company
  • Migrated a Django and React website from a Kubernetes configuration to a DigitalOcean Droplet within a tight deadline.
  • Installed a GNU and Linux server, created user accounts, and configured a web server and libraries for Django and React setup.
  • Implemented standard security practices to secure servers and user accounts.
Technologies: System Administration, DevSecOps, Deployment, Shell Scripting, AWS RDS, DevOps, GitHub, API Gateways, Linux Administration, Infrastructure as Code (IaC), Ubuntu Server, Ubuntu, Automation, App Infrastructure, Shell, Linux System Administration

Pen Tester

2023 - 2023
Ethical Hacking - Security Penetration Testing for online database SAAS
  • Performed a gray box security penetration test on different parts of their infrastructure and software.
  • Wrote custom tools manually to test against the top 10 OWASP from 2022 with Zap proxy, nmap, Goa and Rust, Bash scripts, and curl. Also, with configurable audit tools like nuclei, prowler, and OpenVAS.
  • Ran a small OSINT investigation with data I was given to check into a possible thread that was made.
  • Found a workaround for a testing issue. I was not provided a custom Open API or Swagger schema to feed my API testing tools to do a white box test on all their endpoints. Managed to find using Zap Proxy some or most endpoints without brute forcing.
Technologies: Penetration Testing, Database, AWS, OSCP, Ethical Hacking, DevSecOps, Security Engineering, Cybersecurity, Security, IT Security, Security Architecture, OWASP Top 10, Threat Modeling, Shell Scripting, System Security, Audits, CISSP, GitHub, Application Security, Linux Administration, AWS Cloud Security, AWS CloudTrail, App Infrastructure, Shell, Linux System Administration

Information Security Specialist

2022 - 2022
A Popular Retail Store Chain in Ecuador
  • Was provided with access to an array of devices to perform digital forensics on them.
  • Performed cybersecurity audits on their current mix of cloud and on-premises infrastructure.
  • Recommended the necessary changes to their infrastructure based on my findings and audit to avoid any internal data leakage.
Technologies: Security, IT Security, Cybersecurity, SharePoint Development, Active Directory (AD), Penetration Testing, Digital Forensics, Forensics, Data Loss Prevention (DLP), Audits, CISSP, GitHub, Application Security, Linux Administration, AWS Cloud Security, AWS CloudTrail, Automation, App Infrastructure, Shell, Linux System Administration

DevSecOps Engineer

2022 - 2022
An Online Gaming Platform
  • Suggested and participated in the architecture build for our client.
  • Prepared and built all the infrastructure as code with Terraform.
  • Secured the infrastructure and access with AWS DevSecOps best practices.
Technologies: AWS, Amazon Kinesis, AWS AppSync, DevSecOps, AWS CodeBuild, AWS, Go, Amazon Elastic Container Service (ECS), ECS, Amazon EKS, DigitalOcean, Terraform, DevOps, Data Loss Prevention (DLP), Audits, CISSP, GitHub, API Gateways, Linux Administration, Infrastructure as Code (IaC), Ubuntu Server, Ubuntu, AWS Cloud Security, AWS CloudTrail, Automation, App Infrastructure, Shell, Linux System Administration

Head of Cybersecurity and Systems

2017 - 2019
BetterHelp
  • Migrated the whole infrastructure from a data center to Amazon AWS.
  • Developed a DevSecOps culture with CI/DC in the entire development-to-production chain.
  • Created and implemented an array of cybersecurity tools into our CI/CD, enabling us to detect security bugs proactively.
  • Added the company to a 24/7 bug bounty program with Bugcrowd. Managed the program and was the spokesperson for BetterHelp, which became very helpful.
  • Performed POC exploits and tested vulnerabilities when they were reported to make sure that they were not false positives or malicious actors.
  • Wrote many Go tools to test OWASP Top 20 and many other vulnerabilities in code, systems, and servers before going into production.
  • Added IDS and real-time monitoring to every device, server, and system in the company. Developed and enforced change management and managed access policies.
  • Diagnosed and fixed scaling and reliability issues, identified bottlenecks that prevented more efficient resource utilization at the system level, and set up and maintained continuous integration systems.
  • Monitored, managed, and configured a MySQL replication; developed and conducted in-house penetration tests; and coordinated third-party penetration tests.
  • Stayed on top of security advisories for systems in our stack and kept systems updated with security patches as they were released. Ensured that employees' development environments and devices did not pose any security risks.
Technologies: Cybersecurity, Cloud Engineering, Linux, Ethical Hacking, Access Control, DevSecOps, DevOps, AWS, AWS, Containers, Amazon Virtual Private Cloud (VPC), Architecture, IT Security, Kubernetes, Ansible, Amazon Elastic Container Service (ECS), AWS Fargate, Monitoring, Scalability, Systems Monitoring, Traffic Monitoring, PostgreSQL, Web Application Architecture, Site Reliability, Amazon EC2, Amazon S3, Amazon Route 53, CORS, Amazon EKS, Nginx, SecOps, SIEM, Vulnerability Identification, System Security, Cloud Security, System Security, Certified Information Systems Security Professional, AWS Lambda, GitHub Actions, Security Engineering, Security, Security Architecture, OWASP Top 10, Threat Modeling, Deployment, Shell Scripting, System Security, AWS CodeBuild, AWS RDS, Terraform, Data Loss Prevention (DLP), Migration Engineering, Audits, CISSP, GitHub, API Gateways, Application Security, Linux Administration, Infrastructure as Code (IaC), Ubuntu Server, Ubuntu, Elasticsearch, AWS Cloud Security, AWS CloudTrail, Automation, App Infrastructure, Shell, Linux System Administration

Cloud Infrastructure and Security Engineer

2016 - 2017
Bugcrowd
  • Co-wrote a custom SSO solution that was a proxy for our VPC inside AWS and Okta. It was written in Go.
  • Wrote all Bash scripts to create Nagios monitoring and then migrated to AWS CloudWatch and other AWS DevOps tools.
  • Hardened custom Docker and AWS EC2 images, using Packer.
Technologies: Linux, TCP/IP, SaltStack, Docker, Security, Ethical Hacking, Bash, Go, Ruby, Terraform, Git, Nagios, AWS, CI/CD Pipelines, AWS, AWS, Containers, Amazon Virtual Private Cloud (VPC), Architecture, IT Security, Amazon Elastic Container Service (ECS), AWS Fargate, Scalability, DevOps, Systems Monitoring, Traffic Monitoring, AWS AppSync, PostgreSQL, Web Application Architecture, Python, Site Reliability, Amazon EC2, Amazon S3, Amazon Route 53, CORS, Cloudflare, Amazon EKS, MongoDB, Nginx, SecOps, SIEM, Vulnerability Identification, System Security, Cloud Security, System Security, Certified Information Systems Security Professional, AWS Lambda, GitHub Actions, DevSecOps, Security Engineering, Cybersecurity, Security Architecture, OWASP Top 10, Threat Modeling, Deployment, Shell Scripting, System Security, AWS CodeBuild, AWS RDS, Data Loss Prevention (DLP), Server Migration, Audits, CISSP, GitHub, Application Security, Linux Administration, Infrastructure as Code (IaC), Ubuntu Server, Ubuntu, AWS CloudTrail, Automation, App Infrastructure, Shell, Linux System Administration

Senior Cybersecurity and DevOps Engineer

2015 - 2016
Fidelis Education
  • Set up, secured, configured, and maintained the AWS-based infrastructure for development, staging, and production.
  • Solo-developed automated builds, configuration, and deployment scripts for servers, open-source software, and our proprietary software. Ensured that solutions were secure, manageable, scalable, and testable.
  • Presented my concepts and ideas and played a crucial role in driving the development of ongoing system monitoring and management activities and evaluating and recommending the tools and technologies to use.
Technologies: Linux, Nagios, OpenVAS, Chef, Ruby, Jenkins, GitLab CI/CD, Git, Bash, NMap, System Security, AWS, AWS, Containers, Amazon Virtual Private Cloud (VPC), Architecture, IT Security, Ansible, Amazon Elastic Container Service (ECS), AWS Fargate, Monitoring, Scalability, DevOps, Systems Monitoring, Traffic Monitoring, PostgreSQL, Web Application Architecture, Python, Site Reliability, Amazon EC2, Amazon S3, Amazon Route 53, CORS, Amazon EKS, MongoDB, MySQL, Nginx, SecOps, SIEM, Graylog, Security, Vulnerability Identification, System Security, Cloud Security, System Security, Certified Information Systems Security Professional, DevSecOps, Security Engineering, Cybersecurity, Security Architecture, OWASP Top 10, Threat Modeling, Deployment, Shell Scripting, System Security, AWS CodeBuild, AWS RDS, Terraform, Mail Servers, SMTP, Migration Engineering, Server Migration, IMAP, CISSP, GitHub, Networking, Application Security, Linux Administration, Infrastructure as Code (IaC), Ubuntu Server, Ubuntu, Elasticsearch, Automation, App Infrastructure, Shell, Linux System Administration

DevOps Engineer

2014 - 2015
TriNetX Inc.
  • Introduced and integrated security as part of performance, design, and source code reviews.
  • Set up processes to communicate the status and tracking of work activities via Agile development tools and integrated security into these and other practices.
  • Heavily influenced evaluations and recommendations regarding the use of tools and technologies.
  • Introduced ongoing system monitoring and management activities.
Technologies: Jenkins, OpenVAS, Nagios, Ruby, C, Bash, Hacking, Penetration Testing, AWS, AWS, Containers, Architecture, Ansible, Amazon Elastic Container Service (ECS), AWS Elastic Beanstalk, Monitoring, Scalability, DevOps, Systems Monitoring, Traffic Monitoring, PostgreSQL, Site Reliability, Amazon EC2, Amazon S3, Amazon Route 53, CORS, MongoDB, MySQL, Nginx, SecOps, System Security, Cloud Security, AWS Lambda, DevSecOps, Deployment, Shell Scripting, AWS CodeBuild, AWS RDS, DNS, Mail Servers, SMTP, Migration Engineering, Server Migration, IMAP, Networking, Linux Administration, Ubuntu Server, Ubuntu, Elasticsearch, Automation, App Infrastructure, Shell, Linux System Administration

Senior Cloud and Cybersecurity Engineer

2011 - 2013
Playfirst Inc
  • Maintained and scaled servers, the network, and AWS cloud infrastructure to support high growth rates while serving as the head of architecture and working within the budget.
  • Served as the expert in all aspects of deployment, hosting architecture, and critical business systems, including firewalls, IDS, VPN, monitoring, regularly scheduled updates, enterprise monitoring redundancy, and BI systems.
  • Led the design and build-out of Playfirst's AWS and cloud strategy and integration with Google, Amazon, and other third-party hosted environments.
  • Mentored and trained operations and DevOps resources as needed.
Technologies: Ethical Hacking, Cloud Engineering, Agile Development, Ruby, Linux, System Security, Nagios, Cisco Routers, Jenkins, Chef, AWS, Architecture, IT Security, AWS Elastic Beanstalk, Monitoring, Scalability, DevOps, Systems Monitoring, Traffic Monitoring, PostgreSQL, Web Application Architecture, Site Reliability, Amazon EC2, Amazon S3, Amazon Route 53, HTML, CORS, MySQL, Gaming Platforms, Nginx, SecOps, Graylog, Security, Vulnerability Identification, System Security, Cloud Security, System Security, Certified Information Systems Security Professional, DevSecOps, Security Engineering, Cybersecurity, Security Architecture, Threat Modeling, Deployment, Shell Scripting, System Security, AWS CodeBuild, AWS RDS, Mail Servers, SMTP, Migration Engineering, Server Migration, IMAP, Audits, CISSP, Networking, Application Security, Linux Administration, Ubuntu Server, Ubuntu, Automation, App Infrastructure, Shell, Linux System Administration

Systems Engineer

2009 - 2011
Massachusetts General Hospital Center for Systems Biology
  • Implemented KVM virtual farms across one of the hospital's data centers for biology research, helping the researchers and developers implement a rapidly changing ecosystem of compute farms using virtualization such as KVM.
  • Migrated all nodes from XEN to KVM, operating systems, and virtual images from Red Hat to Ubuntu, and implemented a fast-paced environment strategy.
  • Developed Ruby and Bash scripts and installed Rails front ends, Nginx, Apache, and an array of new technologies used for research.
Technologies: KVM/Qemu, Linux, Xen, VirtualBox, Jenkins, Ruby, C, Puppet, Architecture, Monitoring, Scalability, Systems Monitoring, Traffic Monitoring, Site Reliability, HTML, MySQL, DevSecOps, Deployment, Shell Scripting, DNS, Mail Servers, SMTP, Migration Engineering, Server Migration, IMAP, Networking, Linux Administration, Ubuntu, Automation, App Infrastructure, Shell, Linux System Administration

Senior Network and Systems Engineer

2002 - 2007
VoiceSignal Technologies (Acquired by Nuance)
  • Owned the performance, security, and maintenance of two email servers, four file servers, five web servers, three firewalls, eight routers, four databases, and eight internal and remote networks in three offices (Korea, China, and the United States).
  • Pioneered an OpenVPN server for 120 users of an 80-node cluster supercomputer. Monitored and analyzed network performance and security with diverse networking tools and shell scripts that I wrote.
  • Built firewalls and added custom rules weekly depending on new threats.
  • Monitored the internal LAN and users to protect company information, ensure compliance with IT and general policies, and, most importantly, prevented attacks from network intruders.
Technologies: Linux, Azure, OpenPBS, C, Bash, Ruby, Nagios, Windows Server 2000, Domain Controllers, SQL Server, Microsoft Exchange Server, System Security, NMap, Hashcat, Perforce, Node Clusters, Parallel Computing, OpenVPN, Architecture, Monitoring, Scalability, Systems Monitoring, Traffic Monitoring, Web Application Architecture, Site Reliability, HTML, Graylog, System Security, Deployment, Shell Scripting, DNS, Mail Servers, SMTP, Migration Engineering, Server Migration, IMAP, Networking, Linux Administration, Automation, App Infrastructure, Shell, Linux System Administration

Speaker at LibrePlanet 2017

https://www.fsf.org/blogs/community/meet-the-libreplanet-2017-speakers-christian-fernandez
Delivered a presentation at LibrePlanet 2017 on penetration testing. The session was entitled, "Pentesting loves free software," and I explained how pentesting can be carried out using entirely free tools.

Hack The Box

http://hackthebox.eu
An ongoing capture the flag (CTF) contest that involved hacking vulnerable-by-design servers that recreated different scenarios with well-known software services that occurred recently in worldwide companies. The servers had different punctuation, depending on the challenges and types of vulnerabilities.

I completed the contest and was able to hack all known servers on the list. The points I earned were in the top 100 out of hundreds of thousands of ethical hackers worldwide.

gNewSense | GNU/Linux-libre Distribution Developer

gNewSense was one of the first libre distributions of GNU/Linux, which I worked on from 2005 to 2007, focusing on migrating the whole KDE environment to it. I was cited (as rek2) for making a significant contribution.

Rubyfu Contributor

https://rubyfu.net/contributors?utm_medium=email#contributors
I contributed to Rubyfu, a book with examples of how to hack and implement cybersecurity with Ruby. It's a great collection of ideas, tricks, and skills that could be useful for hackers and a unique extraction reference, summarizing a lot of research and experience to help you achieve your w00t in the shortest and smartest way. Rubyfu is where you'll find plug-n-hack code. It's a book to use, not only to read—it's where Ruby goes evil.

Mentions in Publications

Hack Story
Hack Story is a popular online book and encyclopedia that deals with hacker culture and history, with special attention to Hispanic initiatives, groups, anecdotes, and meeting points. I am mentioned, using some of my hacker nicknames, such as ReK2WilDs and ReK2, in a popular book on hacker culture. We started creating it in the summer of 2008, and we have published around 200 articles. We have 18,000 monthly visits with around 580 per day (https://www.hackstory.net/BBK).

Historia del Hacking en España
I was mentioned many times in this work that offers information on the hacker groups that emerged: how they were organized, their exploits, their myths, the events in which they met, the most curious anecdotes, and the evolution that hacking and its activists have undergone.
https://www.casadellibro.com/libro-historia-del-hacking-en-espana-la-historia-nunca-contada-del-und-rground-hacker-en-espana/9788499649863/11777755.

SourceHut Personal GIT Repository

https://git.sr.ht/~rek2/
Developed a personal Git repository that hosts projects related to hacking, cybersecurity, satellites, Capture The Flag (CTF) competitions, penetration testing, DevSecOps, operational security (OpSec), privacy, and various other topics.
2001 - 2002

Certificate in Network Engineering

Boston University - Boston

FEBRUARY 2017 - PRESENT

Advanced Penetration Testing

Cybrary

SEPTEMBER 2016 - PRESENT

eLearnSecurity Certified Professional Penetration Tester (eCPPT)

eLearnSecurity

AUGUST 2014 - PRESENT

Certified Ethical Hacker (CEH v7)

EC-Council

JULY 2012 - PRESENT

Certified Penetration Tester

Information Assurance Certification Review Board (IACRB)

Tools

NMap, Terraform, System Security, Hashcat, Nginx, Amazon Virtual Private Cloud (VPC), AWS CodeBuild, GitHub, AWS CloudTrail, Shell, Jenkins, Git, KVM/Qemu, System Security, OpenVPN, Git, AWS, Ansible, Amazon EKS, Graylog, SaltStack, Nagios, AWS, Chef, GitLab CI/CD, VirtualBox, Puppet, Perforce, Amazon Elastic Container Service (ECS), AWS Fargate, AWS AppSync, AWS

Languages

Bash, Python, HTML, C, Go, Ruby, Rust, Bash Script

Frameworks

OpenVAS

Paradigms

Penetration Testing, DevSecOps, DevOps, Automation, Web Application Architecture, Agile Development, Parallel Computing

Platforms

Linux, AWS, Amazon EC2, Ubuntu, Docker, DigitalOcean, Kubernetes, AWS Lambda, Xen, Windows Server 2000, AWS Elastic Beanstalk, Blockchain, SharePoint Development

Industry Expertise

Cybersecurity, System Security

Storage

PostgreSQL, Amazon S3, MySQL, Elasticsearch, Azure, SQL Server, Microsoft Exchange Server, MongoDB, Database

Other

Ethical Hacking, Cloud Engineering, Ethical Hacking, Systems, TCP/IP, Security, CI/CD Pipelines, SecOps, IT Security, Monitoring, Scalability, Systems Monitoring, Site Reliability, Amazon Route 53, Vulnerability Identification, System Security, Cloud Security, Certified Information Systems Security Professional, Security Engineering, Security Architecture, OWASP Top 10, Threat Modeling, Deployment, Shell Scripting, System Security, AWS RDS, DNS, Mail Servers, SMTP, Migration Engineering, Server Migration, IMAP, Audits, Networking, Application Security, Linux Administration, Infrastructure as Code (IaC), Ubuntu Server, AWS Cloud Security, App Infrastructure, Linux System Administration, Offensive Security, AWS DevOps, AWS Secrets Manager, Containers, Architecture, Traffic Monitoring, Cloudflare, Gaming Platforms, SIEM, GitHub Actions, Data Loss Prevention (DLP), CISSP, API Gateways, Network Protocols, Routing, Access Control, Cisco, Hacking, System Security, Cisco Routers, OpenPBS, Domain Controllers, Node Clusters, Access Lists, Open Source Development, Networks, CORS, OSCP, System Administration, Amazon Kinesis, ECS, Active Directory (AD), Digital Forensics, Forensics, Antivirus Software, Malware Analysis, Malware Removal, Intrusion Prevention Systems (IPS)

Collaboration That Works

How to Work with Toptal

Toptal matches you directly with global industry experts from our network in hours—not weeks or months.

1

Share your needs

Discuss your requirements and refine your scope in a call with a Toptal domain expert.
2

Choose your talent

Get a short list of expertly matched talent within 24 hours to review, interview, and choose from.
3

Start your risk-free talent trial

Work with your chosen talent on a trial basis for up to two weeks. Pay only if you decide to hire them.

Top talent is in high demand.

Start hiring