Experience

Cossack Labs

• United Kingdom
• Data Security Software Products
• 1 - 100 Employee

• Head of Security Engineering

  • May 2023 - Present

  Protecting software innovations is a full circle: assessing risks and modelling threats, designing secure architectures, building defenses, reviewing and improving already built applications, securing operations and responding to incidents. In my case, with a good bias for fundamental security controls and cryptography.

• Head of Customer Solutions / Security Software engineer

  • Oct 2019 - May 2023

  Manager with hands-on experience. Applied cryptography. Data security software. Security: • Defined risk & threats of software solutions, delivered, managed and implemented security solutions. • Define the echelonized security controls, match system designs with actual risk profile and carry out both business and technical risk analysis, guide the implementation, define acceptance criteria and operational guidelines. • Lead security reviews and audits of customer’s solutions… Show more Manager with hands-on experience. Applied cryptography. Data security software. Security: • Defined risk & threats of software solutions, delivered, managed and implemented security solutions. • Define the echelonized security controls, match system designs with actual risk profile and carry out both business and technical risk analysis, guide the implementation, define acceptance criteria and operational guidelines. • Lead security reviews and audits of customer’s solutions before integrating security tools and improving security. • Lead SSDLC process with development teams, improved product security across various systems. • Performed risk & threats modelling, designed appropriate security controls that fit risk profile and regulations landscape. • Designed end-to-end encryption schemes, DRM-like schemes, encryption protocols across mobile, web, backend. • Lead application security team. Business: • Co-defining business strategy: departments, load, customers, integrations. • Shaping marketing process. • NDA Engineering: • Lead product development for cryptographic and security software. • Increased number of supported languages by Themis cryptographic library to 14. • Lead integrations of Acra to customers' ecosystems. Software design, covering security risks, performance vs security optimizations, covering security risks. Work with teams of 10-20 ppl on customer's side. Public: • Conducted public talks, seminars, workshops about data security, encryption, user fraud monitoring, etc. • Performed security engineering and cryptographic trainings (including international).

• Product Engineer / Security Software engineer

  • May 2017 - Oct 2019

  Applied cryptography. Data security software. Security: • Designed and built end-to-end encryption protocols, fully- and partially encrypted data flows, integrated data security layer across huge distributed applications. • Lead security reviews and audits of customer’s solutions before integrating security tools. Mobile, web. • Lead SSDLC process for improving security of customer's solutions. • Managed customers' product teams of 2..15… Show more Applied cryptography. Data security software. Security: • Designed and built end-to-end encryption protocols, fully- and partially encrypted data flows, integrated data security layer across huge distributed applications. • Lead security reviews and audits of customer’s solutions before integrating security tools. Mobile, web. • Lead SSDLC process for improving security of customer's solutions. • Managed customers' product teams of 2..15 ppl. Engineering: • Managed development of cryptographic software for multiple platforms. Maintained codebase, participated in defining product strategy. • Cossack Labs security software: implemented new security features across multiple platforms (mobile, backend, desktop) in Cossack Labs security products. • Stabilized the codebase of Cossack Labs products (automated tests, cross-platform testing, CICD, product release cycle). Go, python. • Maintained and improved Themis cryptographic library, added support of several more platforms. Applied cryptography. • Multiple languages: Swift, Kotlin, python, Go, JS, C. Mobile, server, web. Business: • Stabilized product development cycle (predictable stable releases) which improved sales. • Established and lead new direction: security engineering services and custom solutions. • Established and lead new direction: secure software development trainings. • Nurtured business partnership network: security engineering partnerts, software integrators. Public: • Conducted public talks at local and international conferences on security software engineering, conducted educational workshops for developers about securing their apps (web & mobile). • Conducted security talk for Apple software engineers (Apple Park office, Cupertino, USA). • Technical moderator, PC member and security track lead across multiple conferencess.



Freelance, self-employed

• Consultant / Mobile Security Software engineer

  • May 2017 - Jan 2018

  Consulted companies about building their products for mobile platforms: from technical risks to product costs. Project-based contracts. • Conducted business analysis and technical validation of existing ideas in terms of system complexity, value for users and security. LEAN canvas, competitors research, user personas, user story mapping. Technical validation of product ideas in terms of system complexity / value for users. • Conducted security code audits of mobile applications… Show more Consulted companies about building their products for mobile platforms: from technical risks to product costs. Project-based contracts. • Conducted business analysis and technical validation of existing ideas in terms of system complexity, value for users and security. LEAN canvas, competitors research, user personas, user story mapping. Technical validation of product ideas in terms of system complexity / value for users. • Conducted security code audits of mobile applications. Enabled and lead SSDLC process for development teams focusing on security that doesn't ruin user value. • Conducted technical reviews of mobile-server architectures, optimized solutions for security and performance. Software architect role. • Worked with small startups and government companies. Contract-based. Ukraine, UK, UAE. Show less



Self-employed

• Mobile apps engineer / Cryptography OSS maintainer | Volunteer

  • May 2015 - May 2017

  OSS contributor, volunteer at Cossack Labs (haven't been paid, brought value). • Built, improved and maintained an open-source cryptographic library Themis for mobile platforms (Objective-C and Swift wrappers). • Implemented cryptographic code, set up testing & automation processes, enriched user experience for developers unfamiliar with cryptography.



Stanfy

• United States
• IT Services and IT Consulting
• 1 - 100 Employee

• Senior Software Engineer / Full-stack Developer

  • Apr 2015 - May 2017

  Lead engineer. • Lead product development during the whole life cycle: gathering business values, defining technical requirements, prototyping, developing and long-term supporting. • Managed projects teams across multiple countries (Ukraine, UK). • Improved quality of applications and decreased development cost by automating testing, quality assurance, CICD. • Improved application security and evangelized product security work across customers and within development… Show more Lead engineer. • Lead product development during the whole life cycle: gathering business values, defining technical requirements, prototyping, developing and long-term supporting. • Managed projects teams across multiple countries (Ukraine, UK). • Improved quality of applications and decreased development cost by automating testing, quality assurance, CICD. • Improved application security and evangelized product security work across customers and within development teams. • Conducted security reviews of mobile applications. • Delivered several public talks at the local and international conferences about mobile application development, security of mobile applications.

• Software Engineer / iOS Developer

  • Jul 2011 - Apr 2015

  Software engineer, team lead. • Built and implemented multiple mobile applications as an iOS engineer for Europe and US customers for e-commerce, medicine, photo/video sharing. Worked with third-party hardware, created REST API backends using BaaS. • Lead mobile development team (12 members) working on a large multi-platform application (iOS/Android/web).