Christian Fernandez
Verified Expert in Engineering
DevSecOps Engineer and Developer
Madrid, Spain
Toptal member since May 17, 2021
Chris is a pioneer in ethical hacking and a Linux systems engineer with multiple certifications and 22 years of experience. He is well-known in ethical hacking and open source communities and mentioned in books and documentaries. Chris was adding, securing, and auditing networks, servers, and systems before security engineers and DevSecOps existed. His expertise includes network protocols, low-level programming languages like C and Go, Ruby and Python scripts, and many cloud and systems tools.
Portfolio
Experience
Availability
Preferred Environment
Linux, NMap, OpenVAS, Jenkins, Terraform, Amazon Web Services (AWS), C, Go, OWASP Zed Attack Proxy (ZAP), Ethical Hacking, Vulnerability Identification, DNS, Mail Servers
The most amazing...
...client project was moving their infrastructure from data centers to AWS cloud architecture and securing it with a DevSecOps mindset and focus on security.
Work Experience
IT Security Screening
Toptal (Screeners)
- Performed T1 screening of new IT security and DevSecOps Toptal talent.
- Talked and reviewed with the talent and chatted about their experience and motivation to join Toptal.
- Performed checks in our conversation to determine if they were a good fit for IT security and if their resume matched their experience.
[Managed Delivery] DevSecOps Engineer
AB-InBev - St Louis
- Ensured cybersecurity best practices across the Git repo and AWS infrastructure.
- Focused on ensuring cybersecurity best practices in the source code and secured accounts.
- Set up IAM users, policies, and AWS infrastructure, including Amazon Elastic Container Registry (ECR) and AWS App Runner.
DevSecOps Engineer
White Stone Media
- Used Sandbox/Bootstrap for the DevOps/Terraform procedures.
- Consulted with the team at the start regarding cloud security best practices.
- Built the initial DevOps CI/CD pipeline that later on was expanded.
DevOps | System Administrator
Food & Snack Company
- Migrated a Django and React website from a Kubernetes configuration to a DigitalOcean Droplet within a tight deadline.
- Installed a GNU and Linux server, created user accounts, and configured a web server and libraries for Django and React setup.
- Implemented standard security practices to secure servers and user accounts.
Pen Tester
Ethical Hacking - Security Penetration Testing for online database SAAS
- Performed a gray box security penetration test on different parts of their infrastructure and software.
- Wrote custom tools manually to test against the top 10 OWASP from 2022 with Zap proxy, nmap, Goa and Rust, Bash scripts, and curl. Also, with configurable audit tools like nuclei, prowler, and OpenVAS.
- Ran a small OSINT investigation with data I was given to check into a possible thread that was made.
- Found a workaround for a testing issue. I was not provided a custom Open API or Swagger schema to feed my API testing tools to do a white box test on all their endpoints. Managed to find using Zap Proxy some or most endpoints without brute forcing.
Information Security Specialist
A Popular Retail Store Chain in Ecuador
- Was provided with access to an array of devices to perform digital forensics on them.
- Performed cybersecurity audits on their current mix of cloud and on-premises infrastructure.
- Recommended the necessary changes to their infrastructure based on my findings and audit to avoid any internal data leakage.
DevSecOps Engineer
An Online Gaming Platform
- Suggested and participated in the architecture build for our client.
- Prepared and built all the infrastructure as code with Terraform.
- Secured the infrastructure and access with AWS DevSecOps best practices.
Head of Cybersecurity and Systems
BetterHelp
- Migrated the whole infrastructure from a data center to Amazon AWS.
- Developed a DevSecOps culture with CI/DC in the entire development-to-production chain.
- Created and implemented an array of cybersecurity tools into our CI/CD, enabling us to detect security bugs proactively.
- Added the company to a 24/7 bug bounty program with Bugcrowd. Managed the program and was the spokesperson for BetterHelp, which became very helpful.
- Performed POC exploits and tested vulnerabilities when they were reported to make sure that they were not false positives or malicious actors.
- Wrote many Go tools to test OWASP Top 20 and many other vulnerabilities in code, systems, and servers before going into production.
- Added IDS and real-time monitoring to every device, server, and system in the company. Developed and enforced change management and managed access policies.
- Diagnosed and fixed scaling and reliability issues, identified bottlenecks that prevented more efficient resource utilization at the system level, and set up and maintained continuous integration systems.
- Monitored, managed, and configured a MySQL replication; developed and conducted in-house penetration tests; and coordinated third-party penetration tests.
- Stayed on top of security advisories for systems in our stack and kept systems updated with security patches as they were released. Ensured that employees' development environments and devices did not pose any security risks.
Cloud Infrastructure and Security Engineer
Bugcrowd
- Co-wrote a custom SSO solution that was a proxy for our VPC inside AWS and Okta. It was written in Go.
- Wrote all Bash scripts to create Nagios monitoring and then migrated to AWS CloudWatch and other AWS DevOps tools.
- Hardened custom Docker and AWS EC2 images, using Packer.
Senior Cybersecurity and DevOps Engineer
Fidelis Education
- Set up, secured, configured, and maintained the AWS-based infrastructure for development, staging, and production.
- Solo-developed automated builds, configuration, and deployment scripts for servers, open-source software, and our proprietary software. Ensured that solutions were secure, manageable, scalable, and testable.
- Presented my concepts and ideas and played a crucial role in driving the development of ongoing system monitoring and management activities and evaluating and recommending the tools and technologies to use.
DevOps Engineer
TriNetX Inc.
- Introduced and integrated security as part of performance, design, and source code reviews.
- Set up processes to communicate the status and tracking of work activities via Agile development tools and integrated security into these and other practices.
- Heavily influenced evaluations and recommendations regarding the use of tools and technologies.
- Introduced ongoing system monitoring and management activities.
Senior Cloud and Cybersecurity Engineer
Playfirst Inc
- Maintained and scaled servers, the network, and AWS cloud infrastructure to support high growth rates while serving as the head of architecture and working within the budget.
- Served as the expert in all aspects of deployment, hosting architecture, and critical business systems, including firewalls, IDS, VPN, monitoring, regularly scheduled updates, enterprise monitoring redundancy, and BI systems.
- Led the design and build-out of Playfirst's AWS and cloud strategy and integration with Google, Amazon, and other third-party hosted environments.
- Mentored and trained operations and DevOps resources as needed.
Systems Engineer
Massachusetts General Hospital Center for Systems Biology
- Implemented KVM virtual farms across one of the hospital's data centers for biology research, helping the researchers and developers implement a rapidly changing ecosystem of compute farms using virtualization such as KVM.
- Migrated all nodes from XEN to KVM, operating systems, and virtual images from Red Hat to Ubuntu, and implemented a fast-paced environment strategy.
- Developed Ruby and Bash scripts and installed Rails front ends, Nginx, Apache, and an array of new technologies used for research.
Senior Network and Systems Engineer
VoiceSignal Technologies (Acquired by Nuance)
- Owned the performance, security, and maintenance of two email servers, four file servers, five web servers, three firewalls, eight routers, four databases, and eight internal and remote networks in three offices (Korea, China, and the United States).
- Pioneered an OpenVPN server for 120 users of an 80-node cluster supercomputer. Monitored and analyzed network performance and security with diverse networking tools and shell scripts that I wrote.
- Built firewalls and added custom rules weekly depending on new threats.
- Monitored the internal LAN and users to protect company information, ensure compliance with IT and general policies, and, most importantly, prevented attacks from network intruders.
Experience
Speaker at LibrePlanet 2017
https://www.fsf.org/blogs/community/meet-the-libreplanet-2017-speakers-christian-fernandezHack The Box
http://hackthebox.euI completed the contest and was able to hack all known servers on the list. The points I earned were in the top 100 out of hundreds of thousands of ethical hackers worldwide.
gNewSense | GNU/Linux-libre Distribution Developer
Rubyfu Contributor
https://rubyfu.net/contributors?utm_medium=email#contributorsMentions in Publications
Hack Story is a popular online book and encyclopedia that deals with hacker culture and history, with special attention to Hispanic initiatives, groups, anecdotes, and meeting points. I am mentioned, using some of my hacker nicknames, such as ReK2WilDs and ReK2, in a popular book on hacker culture. We started creating it in the summer of 2008, and we have published around 200 articles. We have 18,000 monthly visits with around 580 per day (https://www.hackstory.net/BBK).
Historia del Hacking en España
I was mentioned many times in this work that offers information on the hacker groups that emerged: how they were organized, their exploits, their myths, the events in which they met, the most curious anecdotes, and the evolution that hacking and its activists have undergone.
https://www.casadellibro.com/libro-historia-del-hacking-en-espana-la-historia-nunca-contada-del-und-rground-hacker-en-espana/9788499649863/11777755.
SourceHut Personal GIT Repository
https://git.sr.ht/~rek2/Education
Certificate in Network Engineering
Boston University - Boston
Certifications
Advanced Penetration Testing
Cybrary
eLearnSecurity Certified Professional Penetration Tester (eCPPT)
eLearnSecurity
Certified Ethical Hacker (CEH v7)
EC-Council
Certified Penetration Tester
Information Assurance Certification Review Board (IACRB)
Skills
Tools
NMap, Terraform, System Security, Hashcat, Nginx, Amazon Virtual Private Cloud (VPC), AWS CodeBuild, GitHub, AWS CloudTrail, Shell, Jenkins, Git, KVM/Qemu, System Security, OpenVPN, Git, AWS, Ansible, Amazon EKS, Graylog, SaltStack, Nagios, AWS, Chef, GitLab CI/CD, VirtualBox, Puppet, Perforce, Amazon Elastic Container Service (ECS), AWS Fargate, AWS AppSync, AWS
Languages
Bash, Python, HTML, C, Go, Ruby, Rust, Bash Script
Frameworks
OpenVAS
Paradigms
Penetration Testing, DevSecOps, DevOps, Automation, Web Application Architecture, Agile Development, Parallel Computing
Platforms
Linux, AWS, Amazon EC2, Ubuntu, Docker, DigitalOcean, Kubernetes, AWS Lambda, Xen, Windows Server 2000, AWS Elastic Beanstalk, Blockchain, SharePoint Development
Industry Expertise
Cybersecurity, System Security
Storage
PostgreSQL, Amazon S3, MySQL, Elasticsearch, Azure, SQL Server, Microsoft Exchange Server, MongoDB, Database
Other
Ethical Hacking, Cloud Engineering, Ethical Hacking, Systems, TCP/IP, Security, CI/CD Pipelines, SecOps, IT Security, Monitoring, Scalability, Systems Monitoring, Site Reliability, Amazon Route 53, Vulnerability Identification, System Security, Cloud Security, Certified Information Systems Security Professional, Security Engineering, Security Architecture, OWASP Top 10, Threat Modeling, Deployment, Shell Scripting, System Security, AWS RDS, DNS, Mail Servers, SMTP, Migration Engineering, Server Migration, IMAP, Audits, Networking, Application Security, Linux Administration, Infrastructure as Code (IaC), Ubuntu Server, AWS Cloud Security, App Infrastructure, Linux System Administration, Offensive Security, AWS DevOps, AWS Secrets Manager, Containers, Architecture, Traffic Monitoring, Cloudflare, Gaming Platforms, SIEM, GitHub Actions, Data Loss Prevention (DLP), CISSP, API Gateways, Network Protocols, Routing, Access Control, Cisco, Hacking, System Security, Cisco Routers, OpenPBS, Domain Controllers, Node Clusters, Access Lists, Open Source Development, Networks, CORS, OSCP, System Administration, Amazon Kinesis, ECS, Active Directory (AD), Digital Forensics, Forensics, Antivirus Software, Malware Analysis, Malware Removal, Intrusion Prevention Systems (IPS)
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring