Cover Photo

Antoine Ansari

SecDevops Engineer

This is my portfolio hosted on github pages.

About me

My name is Antoine Ansari I am a french cybersecurity engineer living in Paris.

I currently work as a secDevOps at Padok. My primary focuses are on cloud, kubernetes and CI/CD security. I also sometimes do pentesting.

Welcome to my portfolio.

My job history

I work as a SecDevOps at Padok, I deal with cybersecurity missions in Cloud and DevOps environments. I have an engineering degree in cybersecurity after a work-study at BNP Paribas. It's been 4 years I work in cybersecurity now and I really enjoy it ! 🥳

My expertise and certifications

Kubernetes

Kubernetes may be my favorite technology. I've had the opportunity to manage large clients' Kubernetes clusters in previous projects. It's a powerful tool with numerous security challenges, from RBAC management to container security. Recently, I implemented network policies on an existing cluster for production.

GCP I've worked on GCP projects, though it's the cloud provider I've used the least. To enhance my knowledge of securing this provider, I obtained the Cloud Security Engineer certification (click on the text to check it).
AWS

I greatly enjoy working with AWS and have completed many projects using this cloud provider. I've secured several client infrastructures using AWS WAF and Security Hub. Setting up IAM can be more complex than on other cloud providers, in my opinion. AWS is also the cloud provider I use for my personal projects.

Azure

While Azure is my least favorite cloud provider, it's the one in which I have the most expertise. I've encountered several issues and bugs with this provider and I feel Microsoft's response to them is not always adequate, considering their market share. One positive aspect of Azure is the managed identities, which greatly simplify setting up applications without credentials.

Git

In various missions, I've worked on multiple Git integrations, primarily focusing on securing CI/CD pipelines for clients. My preferred integration for self-hosted runners is GitLab. I've also worked with GitHub, Bitbucket, and Azure DevOps. I've found Bitbucket's CI/CD functionality to be lacking, with many unresolved issues lingering for years.

Linux

I use Linux on both my work PC and main PC. Despite its critics, I enjoy scripting in Bash. My preferred distribution is Ubuntu with Mate desktop environment 🐧 (not arch linux btw).

Burp

I frequently do pentesting missions, mostly black box and grey box. In my spare time, I enjoy participating in CTFs or exploring challenges on platforms like Root-Me. While my ranking may not be high, I'm actively working on improving my skills (1725 points right now).

Teaching

I also enjoy teaching. Through my work, I've had the opportunity to teach basic DevOps and Kubernetes security to postgraduate students at two French engineering schools. Each class was a one-day masterclass, one focusing on DevOps and the other on Kubernetes security. For the latter, I collaborated with a colleague to create a CTF challenge centered around Kubernetes security.

Talks

I've given several talks at meetups, with the latest being at the OWASP France chapter meetup. I spoke about the key aspects of implementing network policies in a Kubernetes cluster, drawing mainly from my experience on one of my projects. Additionally, I led a workshop on attacking a Kubernetes cluster.