Haitham Gad
Verified Expert in Engineering
AWS Developer
San Diego, CA, United States
Toptal member since July 15, 2022
Haitham is a technical leader with over 15 years of experience building products and services for several enterprises. Before starting his AWS consultancy, he spent over five years at AWS, where he helped build Amazon GuardDuty, AWS's intelligent threat detection and security monitoring service. Haitham's work was instrumental in accelerating GuardDuty's adoption by thousands of AWS customers like Snap, HBO Max, Siemens, Volkswagen, and Southwest Airlines.
Portfolio
Experience
Availability
Preferred Environment
Python, Node.js, Amazon Web Services (AWS), Serverless Architecture, Cloud Security
The most amazing...
...thing I've built is Amazon GuardDuty, AWS's intelligent cloud threat detection service, which was quickly adopted by the majority of big-name AWS customers.
Work Experience
Independent AWS Consultant
Rehashly
- Ran an AWS cloud consultancy to help clients build resilient, secure, and cost-optimized solutions on AWS.
- Helped a client build their SOC program by analyzing their system, filling gaps in logging and monitoring, writing incident response runbooks, and training the development team on secure coding and AWS security best practices.
- Bootstrapped the organization's AWS cloud infrastructure by building an AWS Control Tower landing zone and connecting their Google Workspace identities to AWS SSO. Also helped them establish security best practices.
- Performed forensic investigation for a security incident where a client lost access to some production S3 buckets. Gave the client detailed advice on how they should proceed from there to mitigate the incident and make sure it doesn't happen again.
- Assisted a client in the medical field to build a HIPAA-compliant network and data security infrastructure and set up a process for continuously monitoring and remediating compliance-related security controls.
Software Development Engineer
Amazon Web Services (AWS)
- Built, launched, and helped grow Amazon GuardDuty into an indispensable tool for security operations teams looking to secure their businesses' AWS workloads. GuardDuty is AWS's intelligent threat detection and security monitoring service.
- Worked closely with leadership on planning feature roadmaps, prioritizing customer requests, scoping, estimating, and tracking projects, and addressing high-urgency escalations.
- Helped architect and build several high-throughput scalable back-end microservices with strict reliability and security requirements, each processing billions of events daily.
- Built some of GuardDuty's high-value security detections end-to-end, from ideation, working with a cross-functional team of product managers, applied scientists, and security engineers, prototyping, testing, operationalization, and launch.
- Led the design and implementation of GuardDuty's multi-account functionality, simplifying GuardDuty's usability across member accounts of an AWS organization. This feature was instrumental in accelerating GuardDuty's adoption by many AWS customers.
- Pioneered the technical design and evolution of GuardDuty's control plane architecture, including external APIs, multi-language SDKs, and CloudFormation resources. Set processes and standards for API launch readiness.
- Provided technical leadership and mentoring for multiple generations of engineers over my tenure with AWS.
Lead Software Engineer
Cadence Design Systems
- Developed module generators, layout-only object generators such as dummies, guard rings, and polyfills, and place and route tools for the Cadence Virtuoso GXL physical layout suite.
- Built a system for the assisted routing of physical layout devices, which accelerates the effort of routing components while allowing physical layout engineers to customize specific routing parameters.
- Led module generator qualification efforts on TSMC's advanced node process design kits (PDKs), for example, TSMC 16nm and 10nm, which gave customers better confidence in adopting them.
Software Development Engineer
Mentor Graphics (Acquired by Siemens)
- Built compilers and automations to help the custom IC design group accelerate PDK development for the foundries' advanced technology nodes, for example, TSMC 16nm.
- Contributed to reducing the mentor's release cycle, from 7-8 weeks down to 4-5 days, for advanced node PDKs of key foundries like TSMC and GlobalFoundries.
- Represented Mentor Graphics in the OpenPDK Coalition, an open coalition aiming to define a set of open standards to allow an OpenPDK to be created once and then translated into specific EDA vendor tools and specific foundry formats.
- Trained Mentor Graphics' PDK development team on using new PDK automation systems and building foundry partnerships.
Experience
Threat Intelligence Ingestion Service
I developed control-plane APIs to define new ingestors when new threat intelligence feeds become available. I also developed configurable ingestion components that allow for initiating ingestion requests with various parameters and authentication options, transforming responses, and dispatching results to different destinations.
I built data-plane APIs to invoke ingestors on a schedule or as a response to some events, such as SNS notifications. I then used the control-plane APIs to define ingestors for various in-house, third-party, and open source threat-intelligence feeds required by GuardDuty.
AppSec Review Acceleration Program
• Reduced the AppSec review process timeline for new features from months to weeks.
• Uncovered and mitigated several weaknesses in the service's security posture.
• Worked with proactive security teams to mitigate very subtle and intricate attack vectors, including resource-level authorization, confused deputy protection, and cross-account access control.
I provided continuous education to the GuardDuty team on authoring effective threat models, securing their infrastructure, and writing secure code. I also continuously educated the AppSec team on the security measures that govern GuardDuty's infrastructure components, AWS account settings, and DevSecOps practices.
Governance, Risk, and Compliance Program
I partnered with the GRC team to understand the auditor requirements for different compliances and identify the gaps in GuardDuty's infrastructure and process security that needed to be filled to achieve each compliance. I then led a group of engineers to implement mitigations for the identified gaps.
Within the program, I helped GuardDuty achieve several compliances, including GDPR, SOC 2, Payment Card Industry Data Security Standard (PCI DSS), HIPAA, and Federal Risk and Authorization Management Program (FedRAMP).
I also built solutions and processes to ensure GuardDuty is continuously adhering to all its existing security compliances.
GuardDuty's Operations Platform
Education
Bachelor's Degree in Electrical Engineering and Computer Science
Cairo University - Cairo, Egypt
Certifications
AWS Certified Security Specialist
Amazon Web Services
Machine Learning
Coursera
Compilers
Coursera
Skills
Libraries/APIs
Node.js, OpenAPI, REST APIs, React
Tools
AWS CloudFormation, AWS IAM, AWS CloudTrail, Amazon Simple Queue Service (SQS), Amazon Simple Notification Service (SNS), Amazon Elastic Container Service (ECS), AWS Fargate, Amazon Virtual Private Cloud (VPC), Amazon CloudWatch, Amazon Elastic MapReduce (EMR), Boto 3, Git, Postman, Amazon CloudFront CDN, AWS Glue, Gradle, Terraform
Languages
Python, TypeScript, Java, C++, JavaScript, Lisp, HTML, Scala, Ruby, CSS, SQL, GraphQL, Go, Python 3
Frameworks
Swagger, Jinja, Apache Spark, Dagger 2, OAuth 2, JSON Web Tokens (JWT), Next.js, Spark, Flask
Paradigms
REST, Microservices, Serverless Architecture, Functional Programming, DevOps, DevSecOps, Requirements Analysis, Desktop App Development, Agile, ETL Implementation & Design, ETL, HIPAA Compliance, Compiler Design
Platforms
AWS Lambda, Amazon EC2, Amazon Web Services (AWS), Linux, Docker, Google Cloud Platform (GCP)
Storage
Amazon S3 (AWS S3), Amazon DynamoDB, Elasticsearch, Databases, JSON, NoSQL, MongoDB, PostgreSQL, MySQL
Other
Amazon GuardDuty, AWS Cloud Architecture, Amazon Route 53, AWS, Amazon API, Program Management, Technical Program Management, Application Security, Web Security, Cloud Security, AWS Organizations, GRC, Compliance, Web App Security, Serverless, APIs, Amazon Kinesis, Threat Modeling, Secure Coding, API Design, Software as a Service (SaaS), Infrastructure as Code (IaC), Back-end Development, Back-end, AWS DevOps, Architecture, Technical Leadership, Identity & Access Management (IAM), Software Design, API Integration, Legacy Software, Legacy Code, Integration, CI/CD Pipelines, Cloud Platforms, Engineering, IT Security, Prototyping, Data Modeling, Security, PCI DSS, PCI Compliance, GDPR, SOC Compliance, SOC 2, FedRAMP, Security Testing, Security Audits, Compilers, Full-stack, Full-stack Development, Leadership, Technical Project Management, Machine Learning
How to Work with Toptal
Toptal matches you directly with global industry experts from our network in hours—not weeks or months.
Share your needs
Choose your talent
Start your risk-free talent trial
Top talent is in high demand.
Start hiring