Wanna chat? Schedule time with me
Zoltan Toma
| Email: | |
| LinkedIn: | https://www.linkedin.com/in/toma-zoltan/ |
| Personal Site: | https://zoltantoma.com |
Personal statement
As a passionate Security Software Engineer with a decade’s experience, my mission is to make the digital world safer. Leveraging open-source technologies, I specialize in developing innovative cybersecurity solutions and promoting cybersecurity awareness. My approach combines technical expertise with a commitment to community education, aiming to empower others with the knowledge to protect themselves online. I’m looking for opportunities where I can apply my skills in Go, cloud security, and DevSecOps to not only address current security challenges but also to inspire and lead in the creation of safer digital environments for everyone.
Experience
Jun 2023 - Jan 2024, Platform Engineer, Hays (Contractor)
Help to create governance around Dynatrace usage and improved monitoring and cost-tracking capabilities.
Tech: Azure, AWS, Go (Golang), ADO, GitHub Enterprise, Dynatrace, Vagrant
- Participate in the Dynatrace extended support meetings and shared product improvement ideas
- Created the Dynatrace Account inventory OSS project to help others remove duplicated access rights from users
- Investigate how to use LaunchDarkly to enable teams to use Dynatrace features
- Onboard Dynatrace Runtime Vulnerability Analytics into the organization
- Helped other team members to figure out some Security concepts around Access Control
- Participated in the Dynatrace community and Dynatrace PUB community events
Jan 2023 - till now, Founder, GoSecNinja OÜ
I’ve turned my hobbies into a side hustle. This Estonian company enables me to help organizations solve their issues remotely with consultation or with a contract. Through it, I can increase cyber security awareness in individuals and companies. Later, I plan to create an SPaaS (Security Platform as a Service) or contribute to creating one.
Tech: GitHub, Multi-Cloud, Hugo, Go(Golang), Docker, Kubernetes, PrivateGPT, YouTube,
- I’m creating my personal knowledge base with PrivateGPT
- Created two YouTube channels GoSecNinja (On hold) and Curious Minds Collective, where I try to share my experience.
- Participated in multiple brainstorming or One-on-Ones to solve or advise security and scalability tips to small and medium-sized businesses.
Dec 2022 - Apr 2023, Security Architect, Blue Colibri App
Help the organization improve its security program. Advise on new technologies that could help identify security gaps and mitigate them.
Tech: Azure, PHP, GitLab, Google Workspace, Hugo, Eramba, Vanta, Docker
- Reviewed pipelines against DevSecOps principals.
- Introduced internal IT training for developers and geeks where they could share and talk about best practices.
- Organized multiple training sessions about DocOps and DevSecOps.
- Reviewed Security documentation against ISO 27001 and NIST 800-53 frameworks.
Mar 2022 - Dec 2022, Senior DevOps Engineer/Developer, EPAM Systems
I’m part of a team that tries to achieve a single pane of glass for our clients' observability. We collected infrastructure, logs, and application performance metrics through open-source technologies.
Tech: AWS, Terraform, Ansible, Telegraf, RabbitMQ, ClickHouse, Grafana, Go(Golang)
- Implement DocOps pipeline with GitLab and Hugo
- Implement SSO for the private documentation site with Oauth2 Proxy
- Research various options to introduce mTLS encryption between the internally used components
2016-Oct 2021, - Lead Security Software Developer/Team Lead, BitNinja.io
BitNinja is an easy-to-use server security tool that can be installed on your server within a couple of minutes and requires virtually no maintenance. It is a mixture of an on-premise and cloud-based solution. It is an agent that sits on your infrastructure and sends the attack information to the central server, which is in the cloud. In addition, it has a new technology called defense network. Every BitNinja-protected server learns from each attack and shares the learned information with the central server and other BitNinja-enabled servers. Hence, the shield gets stronger and stronger with every single attack.
Tech: AWS, Serverloft, Linode, BitBucket, Jira, PHP, Jenkins, Kubernetes, OpenAPI, WordPress, CPanel, Vagrant, SaltStack, Ansible, ReactPHP, Docker, Rancher, Nginx, HAProxy, Omnibus, AWS
- Acted as security threat manager to identify possible attack vectors against shared hosting servers, including searching and implementing (PoC) new security risk mitigation tools and creating intrusion detection rules for the log analyzer and WAF, which had a fully transparent proxy featuring layer 7 firewall with ModSecurity and Captcha service.
- Investigate PHP-based malware, how it was delivered to the servers, its effects, and why it was passed through the countermeasures.
- Organized training sessions about new technologies brought to the company and found attack patterns for the team and the tech support.
- Implement security management scripts in the PHP-based multi-process Linux daemon application called BitNinja Linux Agent.
- Contribute to the micro-services that were backends to the Agent, such as defining incident types, storing them in MongoDB, and broadcasting with RabbitMQ.
- Use the public Swagger API to interact with the services.
- Acted as DevOps Engineer to deliver stable Linux packages for CentOS, CloudLinux, Debian, and Ubuntu.
- Maintained the public deb and rpm package repositories hosted on AWS
- Created a CI/CD pipeline with Jenkins that transformed from a dedicated server to a multi-container builder stack in Rancher, which later transformed into a docker slave builder featuring omnibus packaging
- Maintain the public documentation page generated by Sphinx delivered by Docker
- Created a development environment that helps users spin up fully virtualized environments for Agent dev in CentOS, Debian, Ubuntu, CloudLinux, Kali with Vagrant, SaltStack, or Ansible. The minimalist version is available on GitHub
- Created a new C4 model of the Agent stack with PlantUML on Confluence, which helps others understand how the Agent interacts with the cloud-based micro-services and protects the servers.
- Helped to create a dedicated BitNinja Linux Agent team
- Consulted with stakeholders and other team leaders
- Assigned team tasks and review code changes
2015-2016, Full-stack Developer, Web-Server Ltd.
I’ve participated in various activities in a shared hosting provider company. I worked with system admins and provided on-call support. We started a server protection project called BitNinja to protect our infrastructure against continued cyber-attacks. Later, it grew into a start-up.
Tech: On-prem servers, Git, Docker-swarm, PHP
- Maintain the admin website of the BitNinja project in Yii
- Create the Incident Flow feature that propagates IP-based security incidents to the site users via Memcached/AJAX.
2013-2015, Indie game developer, Self-employed
With like-minded creators, we tried to develop multiple mobile-based games.
Tech: GitHub, Unity3D, PhoneGap, Trello, Facebook, Redmine
- Develop Unity3D / PhoneGap applications that work on Android, IOS, PC, and as a Facebook application
- Create and manage WordPress and Yii websites that served as a backend for the projects
- Manage project and team responsibilities and tasks in Kanban-style Trello boards
Public Speech
- Jun 2018, Debreceni IT Security (DIS) Meetup - Preventive vs. Reactive defense
- Apr 2018, Informatics Professional Days (University of Debrecen) - Burglars don’t come through the window! - Server safety, prevention, and frequent mistakes developer bugs
- Mar 2018, Debreceni IT Security (DIS) Meetup - ModSecurity
Internship
2012-2013, Junior PHP developer, Web-Server Ltd.
- Migrate websites to WordPress
- Add new features to a PHP-Yii-based billing application
- Implement a PHPUnit skeleton generator Yii