Kubernetes & Cloud
Security Engineer

CKA  ·  CKS  ·  AWS SAP-C02  ·  DevSecOps

Cluster Hardening Platform Engineering Supply Chain Security IaC · Terraform Tel Aviv
About Me

A bit about myself

25+ years in IT — from networks and Windows infrastructure to Kubernetes security and cloud engineering. CKA and CKS certified, AWS Solutions Architect Professional, with deep hands-on experience in cluster hardening, DevSecOps pipelines, supply chain security, and offensive security. I build infrastructure that does not get pwned. Based in Tel Aviv.

Infrastructure & Security

Platform Engineering

3-node kubeadm cluster  ·  Calico CNI  ·  containerd  ·  k8s v1.35

$ kubectl get pods -n production

web-7d9f8b-xk2p   1/1   Running

api-6c8df9-m3nw   1/1   Running

HPA  min:2  max:10  cpu:42%

PDB  minAvailable: 1
KubernetesHelmHPAPDB

K8s Production Patterns

Production-grade manifests — default-deny NetworkPolicy, least-privilege RBAC, zero-downtime RollingUpdate, HPA with scale-down stabilization, PDB, and a full Helm chart.

GitHub 
$ kubectl get networkpolicies -A

default    default-deny-all

default    allow-dns-egress

production allow-ingress-nginx

PSA: restricted · audit: on
CKSNetworkPolicyRBACseccomp

K8s Security Hardening

Zero-trust network segmentation, least-privilege RBAC, Pod Security Admission, API server audit policy, and custom seccomp profiles — all on a physical kubeadm cluster.

GitHub 
$ kubectl get prometheusrule -n monitoring

homelab-custom-alerts   Active

NodeMemoryPressureHigh

EtcdHighCommitDuration

PodCrashLooping
PrometheusGrafanaAlertmanager

K8s Observability Stack

kube-prometheus-stack tuned for a RAM-constrained homelab — custom PrometheusRule CRDs for node, etcd, and pod-lifecycle alerts. Alertmanager routing with push notifications.

GitHub 
$ argocd app list

app-of-apps        Synced  Healthy

production-workloads Synced  Healthy

monitoring-stack   Synced  Healthy

selfHeal: on  prune: on
ArgoCDGitOpsApp of Apps

GitOps — ArgoCD Homelab

Full GitOps setup using App of Apps. AppProject with source/destination restrictions, per-application selfHeal policies, ArgoCD RBAC mapped to identity provider groups.

GitHub 
$ terraform plan -out=eks.tfplan

+ aws_eks_cluster.main

  endpoint_public_access  = false

  kms_key_id = alias/eks-key

  http_tokens = "required" # IMDSv2
TerraformAWS EKSIRSAKMS

Terraform AWS EKS Secure

Modular Terraform for a hardened EKS cluster — private API endpoint, KMS secrets encryption, IMDSv2 enforced, IRSA for pod-level IAM, S3 + DynamoDB remote state.

GitHub 
$ ./etcd/backup.sh

Snapshot saved: etcd-20260519.db

Verified: hash OK  size: 4.2MB

$ ./rbac-audit/find-clusteradmin.sh

2 bindings found — review needed
FalcoetcdRunbooksCKS

K8s Incident Response

Operational runbooks for a live cluster — etcd backup/restore, certificate expiry checks, node isolation scripts, Falco alert triage playbook, and RBAC overprivilege auditing.

GitHub 
$ ip link show vxlan.calico

vxlan.calico: mtu 1450 UP

# Cilium tested — OOM killed host

# reverted to Calico VXLAN

podCIDR: 10.244.0.0/16
CalicoCNICoreDNSeBPF

K8s Networking Deep Dive

Calico VXLAN config, multi-tier NetworkPolicies, CoreDNS customization, ingress-nginx on bare metal. Honest post-mortem on a Cilium migration attempt that OOMed the control plane.

GitHub

Frontend & Apps

Applications

cryptoSt8 v2
React 19 Vite CoinGecko API

cryptoSt8 v2

Real-time crypto market dashboard. Live Fear & Greed index, coin detail modals with 30-day charts, top movers, trending coins. Zero CSS frameworks, pure dark mode.

Live Demo GitHub
Bybit Trading Dashboard
React TypeScript Bybit API

Bybit Trading Dashboard

Real-time cryptocurrency trading interface. Multi-order management, live portfolio tracking, authenticated session handling, and order book visualization via Bybit REST API.

GitHub
Jacob Skate Co.
React 18 TypeScript E-Commerce

Jacob Skate Co.

Full e-commerce storefront in React 18 and TypeScript. Full-viewport hero carousel, product grid, cart management, dark/light theme — 30+ components, zero UI library dependencies.

GitHub
Macro Tracker
React Supabase Auth

Macro Tracker

Personal nutrition tracker with magic-link auth, per-user Supabase sync, macro rings, cut deficit calculator, custom food entries, CSV export, and auto daily backup.

Live Demo GitHub
Iron Dome
React Supabase PWA

Iron Dome

Gym session tracker with real-time Supabase sync, rest timer with push notifications, execution mode tracking (strict/controlled/momentum), CSV + JPEG session export.

Live Demo GitHub
SAP-C02 Study Tracker
AWS SAP-C02Gap AnalysisVanilla JS

SAP-C02 Study Tracker

Per-lesson gap analysis for Adrian Cantrill's AWS Pro course. Flags post-2021 service changes with OUTDATED / GAP / EXTRA tags. Supplements sorted inline so you study the delta at exactly the right time.

GitHub

Verified Credentials

Certifications

CKA Certified Kubernetes Administrator
Cloud Native Computing Foundation View on Credly →
🔒 CKS Certified Kubernetes Security Specialist
Cloud Native Computing Foundation View on Credly →
AWS SAP-C02 Solutions Architect Professional
Amazon Web Services
MCSE · MCP+I Microsoft Certified Systems Engineer: Windows Server
Microsoft Certified Professional + Internet
Microsoft · 2000 View credentials on Microsoft Learn →
🌐 MS Network Design Designing, Deploying and Managing Enterprise Network Solutions
Microsoft · 2006 View credentials on Microsoft Learn →
🖥 MS IIS Implementing and Supporting Microsoft Internet Information Server
Microsoft · 2000 View credentials on Microsoft Learn →
🐧 Linux Administration Linux Server & Desktop Administration — system services, networking, storage, and user management
Kubernetes Docker Terraform Helm AWS Linux Administration Falco OPA / Gatekeeper Kyverno Cosign Trivy etcd Cilium React TypeScript Python Shell GitHub Actions DevSecOps CISSP (studied) Imperva SecureSphere Penetration Testing Network Security TCP/IP Active Directory Windows Server Solaris / Unix High Availability SQL Server PostgreSQL NoSQL

Get In Touch

Contact

Location

Tel Aviv, Israel

Email

rektdevvv@gmail.com