Professional Career
Hi, I’m Lenin Alevski, a security professional with a decade of experience in software and security engineering roles, specializing in building and maintaining distributed systems, application security, and cloud security. I help guide organizations through collaboration with teams leading projects on matters such as security architecture, risk management, network security, identity and access management, security assessments, threat modeling and cloud-native adoption.
EDUCATION
Tecnológico de Monterrey - BS in Computer Science Engineering
WORK EXPERIENCE
Google, LLC. - Security Engineer
November 2022 – present
At Google, I have provided expert security advice and guidance to various engineering teams, conducting in-depth reviews of both internal and external infrastructures. I have designed and implemented robust solutions for performing risk assessments, measuring risks, and conducting threat modeling at scale. I optimized security reviews for different teams by analyzing and identifying common issues, which I then automated to reduce manual efforts and organizational risk. Additionally, I have developed security standards and led efforts to proactively tackle and resolve potential security issues within Google’s core infrastructure.
MinIO, Inc. - Security Software Engineer
October 2019 – November 2022
Security professional specializing in Application and Cloud Security. Responsible for building and maintaining the MinIO Kubernetes Operator, one of the core products to automate the deployment and configuration of MinIO in cloud environments.
- System design and development with Go, Python, NodeJS, and React
- Present detailed, written technical information for internal and external audiences
- Provide guidance for SOC2, ISO27001 as well as other topics like GDPR and NIST privacy frameworks, security assessments, threat modeling, identifying security risks, security architecture and security code reviews
- System and network security, authentication and security protocols, cryptography, and application security
- Follow up of the threat landscape for popular software & services integrated with MinIO
- Customer support: subject matter expert in the information security area
OneLogin, Inc. - Full Stack Engineer
January 2019 – October 2019
Distributed systems Engineer specialized in application security. Member of the provisioning team, and responsible for various aspects of the security of the service such as the mitigation of vulnerabilities reported through the company’s bug bounty program.
- Micro-services design and development and integration and authentication with third party providers
- Backend development and security code reviews
Freeagent CRM - Full Stack Enginee
October 2016 – December 2018
Founding member of the engineering team, primarily working in design and development of platform core features. As a software engineer with experience in the information security industry, I enforce secure coding best practices across all the members of the team through code reviews and security awareness.
- Implementation and configuration of security and monitoring infrastructure with open source tools
- Design and development of product anti-abuse features
- Backend development
- Frontend development
- Mobile development
- Software testing
ORACLE México - Software Developer
March 2016 – October 2016
As a member of the software engineering division, I applied my knowledge of software architecture and information security to perform software development tasks associated with debugging, QA testing, automation, and security testing. Duties include: Shell scripting and automation; backend development; quality assurance; and managing infrastructure.
Websec México - Jr. Information Security Consultant
April 2012 – March 2016
Duties include: Security tools development; security risk assessments; Linux and Windows server hardening; web penetration testing; mobile penetration testing; social engineering testing; basic binary analysis and reverse engineering; security code reviews; and static and dynamic code analysis.
ENGINEERING AND SECURITY SKILLS
- Detection & Monitoring & Observability: OSSEC, Suricata, Wazuh, Grafana, Prometheus
- Programming & Automation: Go, Javascript, Python, Java, PHP, C#, C++, C, Ansible, Terraform, Bash
- Cloud Platforms: Kubernetes, Openshift, VMware ESXi, AWS, GCP, Azure, Docker, Podman
- Methodologies & Frameworks: Microsoft SSDL, OWASP10, ASVS, STRIDE, DevOps, SecDevOps, NIST CSF
- Authentication Technologies and Platforms: Oauth2, OIDC, SAML, JWT, LDAP, Okta, Authentik, Keycloak
- Offensive Security: BurpSuite, Nmap, Responder, Metasploit, Empire, Binwalk, Evilginx, Kali
COMMUNITY CONTRIBUTIONS
- Independent security research and media mentions: CVE-2023-39059, CVE-2022-35919, CVE-2021-41266, Security Researchers Looking at Mastodon as Its Popularity Soars, Cybersecurity Pros Put Mastodon Flaws Under the Microscope, Mastodon vulnerable to multiple system configuration problems, Twitter Alternative Mastodon Has Security Issues
- Kubernetes Security: Hands-On Attack and Defense, open-source workshop given at BsidesSF, HackGDL, and Pacific Hackers security conferences
- Kubernetes Security: Attacking and Defending Modern Infrastructure, talk given at RSAC 2024 and HACKMIAMI XI security conferences
- CNCF Security Technical Advisory Group, security reviewer for cloud-native projects such as KubeEdge
- Kubernetes (IN)Security, talk given at RSAC 2022, OpenInfra Days Mexico 2022, and Texas Cyber Summit 2022 security conferences
- Over 300 published articles on my personal blog (over 10 years) about Cybersecurity and Software Engineering