Top Senior Python Developer in Málaga, Spain: Gergely Kalman

Employment

Consultant and Blockchain Developer
2018 - 2019
NDA (via Toptal)
- Refactored a large legacy codebase.
- Helped guide business and architecture decisions.
- Designed and implemented a distributed architecture.
- Fixed lots of security bugs.
- Uncovered business-level vulnerabilities.
Technologies: Python, Django, Blockchain, Crypto
Senior Consultant
2018 - 2018
Universal Music Group
- Refactored a Python tool.
Technologies: GCP, Python
Co-founder, CTO, CEO
2014 - 2018
Buffered.com
- Singlehandedly designed and implemented the MVP.
- Designed the network and APIs as well as desktop clients.
- Ran the development team through the company's lifetime.
- Ran the company as managing director (CEO).
Technologies: OpenVPN, Django, Python, wxPython, Kivy, Linux
Software Engineer, Interviewer
2011 - 2014
Toptal, LLC
- Implemented several simple websites for personal projects using Django and Jinja2.
- Implemented OpenVPN based desktop software using wxPython, OpenVPN, and OpenSSL.
- Interviewed a large number of candidates and overhauled the interview process.
Technologies: wxPython, OpenVPN, OpenSSL, Django, Jinja2
Head of Media Platform Development
2010 - 2011
DuoDecad, LLC, Media Platform Division
- Worked as the only developer (for the first eight months) on an alternative video streaming platform to Adobe Flash Media Server (primary goal of the media platform division (MPD)).
- Achieved our goal within a year using unofficial documentation of the protocol and manual reversing.
- Designed and implemented livestream distribution and conversion architecture in Python 3.
- Optimized to allow one node to serve more than 100 thousand clients using approximately 10Gbit/s.
- Supported on-the-fly transcoding of incoming audio and video.
- Benchmarked performance and moved heavy-lifting code to C.
- Integrated several Libav libraries into Python for stream conversion.
- Researched and assisted in hardware acquisitions for the project.
- Devised a custom event-driven interface with custom socket handling for Python, including FLV format handlers.
- Detected bugs in Adobe formats and in Libav format.
- Administered MPD's machines (about 80).
- Tuned machines for maximum network performance.
- Lectured on IT security, MPD's project, and Python programming.
- Iterated until peak performance of the cluster was almost 100Gb. With 30 machines, it would have been capable of completely taking over the existing streaming cluster (100+ nodes).
Technologies: Libav Libraries, Python3, C, Linux, Bonding, RTMP, FLV, AMF
IT Security Specialist
2008 - 2010
DuoDecad, LLC, IT Security Division
- Performed software audits, penetration tests, and stress tests.
- Implemented failover architecture for the main website.
- Assisted our partner company in acquiring Payment Card Industry Data Security Standard (PCI-DSS) compliance.
- Devised company policies for PCI-DSS, developed architecture, and held educational sessions as part of IT security staff.
- Benchmarked Linux kernel's behavior when presented with high volumes of DDoS traffic. Tuned and patched the kernel to achieve maximum resilience.
- Worked as a member of the incident response team.
- Developed a network analyzer in C which created real-time statistics of incoming HTTP requests and pinpointed attackers.
- Ported old OpenSSH fork modifications to the latest version.
Technologies: Linux, Iptables, Keepalived, LVS, C, NetBoot
IT Operator
2008 - 2008
DuoDecad, LLC, IT Security Division
- Helped with administration of several hundred Linux machines.
- Led support for kernel and network-related issues.
- Wrote small scripts in bash for administrative purposes.
Technologies: Linux

Experience

PCI-DSS Consultant (Other amazing things)
Consultation and architectural help provided for Lalibco, which processed more than $500,000 daily for an Alexa top 50 website. Several bugs and security holes were uncovered in their systems. I prepared it for the PCI-DSS audit, which it passed successfully.
Online Payment Architect, PCI-DSS Consultant (Other amazing things)
Helped design Escalion's (Lalib successor) system architecture from networking to services to policies and procedures. Advised on secure software practices and developed policies and procedures to keep cardholder data secure. Escalion passed PCI-DSS test and took over Lalib's transactions, which were around $500,000 each day.
Real Estate Scraper (Development)
I wrote my own scraper for the largest Hungarian real estate website to get amazing deals.
Buffered.com (Development)
https://buffered.com
I have created my own VPN startup called buffered.com, which I ran as CTO for three years and CEO for one year.
10 Most Common Web Security Vulnerabilities (Publication)
https://www.toptal.com/security/10-most-common-web-security-vulnerabilities
For all too many companies, it's not until after a breach has occurred that security becomes a priority. An effective approach to IT security must, by definition, be proactive and defensive. This post focuses on 10 common and significant web-related IT security pitfalls to be aware of, including recommendations on how they can be avoided.
Fixing the “Heartbleed” OpenSSL Bug: A Tutorial for Sys Admins (Publication)
https://www.toptal.com/freelance/the-heartbleed-openssl-bug-what-you-need-to-know
A potentially critical problem, nicknamed "Heartbleed", has surfaced in the widely-used OpenSSL cryptographic library. The vulnerability is particularly dangerous in that potentially critical data can be leaked and the attack leaves no trace. As a user, chances are that sites you frequent regularly are affected and your data may have been compromised. As a developer or sys admin, sites or servers you're responsible for are likely to have been affected. Here are the key facts you need to know about this dangerous bug and how to mitigate your vulnerability.
With a Filter Bypass and Some Hexadecimal, Hacked Credit Card Numbers Are Still, Still Google-able (Publication)
https://www.toptal.com/web/with-a-filter-bypass-credit-card-numbers-are-still-still-google-able
In 2007, Bennett Haselton revealed a minor hack with major implications: querying ranges of numbers on Google would return pages of sensitive information, including Credit Card numbers, Social Security numbers, and more. While Haselton's hack was addressed and patched, I was able to tweak his original technique to bypass Google's filter and return the same old dangerous results.
How I Made Porn 20x More Efficient with Python Video Streaming (Publication)
https://www.toptal.com/python/how-i-made-porn-20x-more-efficient-with-python
Porn is a big industry. There aren’t many sites on the Internet that can rival the traffic of its biggest players. And juggling this immense traffic is tough. To make things even harder, much of the content served from porn sites is made up of low latency live streams rather than simple static video content. But for all of the challenges involved, rarely have I read about the developers who take them on. So I decided to write about my own experience on the job.

Skills

Languages
C, Python, Bash, C++, PHP, Assembler x86
Frameworks
Django, Scrapy, Jinja, Qt Quick, Qt
Libraries/APIs
Libav, PyQt
Tools
OpenVPN, iptables, Scraping Hub, Git, Ansible, Packer
Paradigms
Object-oriented Programming (OOP), Imperative Programming, Event-driven Programming, DevOps
Platforms
Linux, Docker, AWS EC2, Amazon Web Services (AWS), Raspberry Pi, Blockchain, Proxmox, Windows, MacOS
Storage
Memcached, Redis, MySQL
Other
Ethernet, TCP, UDP, ICMP, RTMP, SSH, Security, Code Auditing, Software Architecture, Scraping, Cybersecurity, System Administration, SaaS, WordPress Plugins

Senior Python Developer in Málaga, Spain

Portfolio

Experience

Availability

Preferred Environment

The most amazing...

Employment

Consultant and Blockchain Developer

Senior Consultant

Co-founder, CTO, CEO

Software Engineer, Interviewer

Head of Media Platform Development

IT Security Specialist

IT Operator

Experience

Skills

Languages

Frameworks

Libraries/APIs

Tools

Paradigms

Platforms

Storage

Other

Education