About

Professional Summary

Accomplished DevSecOps and Cloud Security Architect with 15+ years of progressive experience designing and securing enterprise-grade infrastructure, from bare-metal data centers to modern AWS cloud environments. Expert in architecting and automating PCI DSS 4.0 compliant Cardholder Data Environments (CDE) for fintech, e-commerce, and payment processing, supporting millions of daily transactions with 99.95% uptime and a zero-breach track record.

Proven ability to evolve from Systems Administration to strategic architecture, leading the implementation of security-first, scalable solutions. Brings deep expertise in Kubernetes security, Infrastructure as Code (IaC), and CI/CD automation to embed compliance and security throughout the development lifecycle. A strategic leader focused on emerging technologies—including AI/ML-driven security, quantum-resistant cryptography, and confidential computing—to build resilient, self-healing systems that enable business agility without compromising fortress-level data protection.

Core Competencies

Strategic Security & Compliance Leadership

  • PCI DSS Level 1-4.0 Compliance Architecture & Implementation
  • Cardholder Data Environment (CDE) Design & Scope Reduction
  • SOC 2 & ISO 27001 Frameworks
  • GRC (Governance, Risk, and Compliance) Program Management
  • Security Policy Development
  • Risk Assessment & Management
  • Third-Party Risk Management
  • Security Awareness Training
  • Regulatory Advocacy & Audit Management

Cloud Security Architecture (AWS Specialization)

  • AWS Multi-Account Strategy & Landing Zone Design
  • Control Tower & Organizations Governance
  • Zero Trust Architecture
  • IAM & Identity Center (SSO)
  • Network Segmentation (VPC, TGW, PrivateLink)
  • Data Protection (KMS, CloudHSM, Macie)
  • Security Services (GuardDuty, Security Hub, Config, WAF, Shield)
  • Well-Architected Framework Reviews
  • Cloud Cost Optimization & FinOps

DevSecOps & Application Security

  • Secure SDLC & Shift-Left Security
  • CI/CD Security Pipeline Integration (SAST, DAST, SCA, IaC Scanning)
  • Policy as Code (OPA, Sentinel)
  • Secrets Management (HashiCorp Vault, AWS Secrets Manager)
  • Infrastructure as Code Security (Terraform, OpenTofu)
  • Container & Kubernetes Security (EKS, Pod Security, Admission Control)
  • API Security | Threat Modeling

Threat Detection, Incident Response & SOC Operations

  • SIEM Deployment & Management (Wazuh, Security Onion, Splunk)
  • Security Orchestration, Automation, and Response (SOAR)
  • Threat Hunting & Intelligence
  • MITRE ATT&CK Framework
  • Digital Forensics
  • Red/Blue Team Exercises
  • Incident Response Planning & Execution
  • 24/7 SOC Management
  • MTTD & MTTR Optimization

Infrastructure & Network Security

  • Hybrid & Multi-Cloud Security
  • Bare Metal & Data Center Security
  • Network Security Architecture (Firewalls, IDS/IPS, Micro-segmentation)
  • Secure Remote Access (ZTA, VPN)
  • DDoS Mitigation
  • Hardware Security Module (HSM) Management
  • Wireless Security | DNS Security

Technology & Platform Expertise

  • Kubernetes Security (EKS, GKE, Rancher)
  • Container Runtimes & Image Security
  • Service Mesh (Istio)
  • Database Security (Aurora, RDS, MongoDB)
  • Secrets Management
  • Observability & Monitoring (Prometheus, Grafana, ELK)
  • Backup & Disaster Recovery

Career Highlights

Security Excellence

  • PCI DSS Level 1 Compliance: Zero audit findings across all 12 requirements
  • 85% Incident Reduction: Through comprehensive SIEM deployment and monitoring
  • Zero Breach Track Record: 15+ years of secure operations

Business Impact

  • 45% AWS Cost Reduction: From $180K to $99K monthly through FinOps optimization
  • 99.95% Uptime: For critical payment processing systems
  • 60% CDE Scope Reduction: Via tokenization and network segmentation

Technical Leadership

  • Infrastructure Scale: Managed platforms supporting 1M+ daily transactions
  • Team Leadership: Managed security operations and DevSecOps teams
  • Mentorship: Trained and mentored junior security engineers
  • Strategic Planning: Developed 3-year security roadmaps aligned with business goals

Education & Certifications

Education: Belarusian National Technical University | Faculty of Energy Construction Engineer - Construction Engineering / Heat and Gas Supply, Ventilation and Air Protection | 2000 - 2005

Certifications:

  • HashiCorp Certified: Terraform Associate
  • HashiCorp Certified: Vault Operations Professional
  • AWS Security Specialty (Udemy)
  • AWS Solutions Architect Professional (Udemy)
  • AWS DevOps Engineer Professional (Udemy)
  • AWS Advanced Networking Specialty (Udemy)

Languages & Location

Languages: English (Professional), Russian (Native), Hebrew (Basic) Location: Israel / Georgia | Open to Remote Authorization: Authorized to work in Israel. Open to relocation/remote opportunities.