/Professional Profile

+10 years’ experience in cloud management (IaaS infrastructure). Hands-on working as a technical consultant, performing cloud best-practicesCAFcloud security configs, workload migration, automation and orchestration, infrastructure as a code, cloud monitoring and cloud troubleshooting at AWS & GCP, ensuring best practices and high-quality cloud architecture that meet enterprise requirements.

+5 years’ proven architecture abilities in cloud security & data protectionSecurity-by-design approach in cloud, performing cloud assessment and AWSGCP  and  AZURE  . Relevant knowledge in cloud security hardening for multi-cloud environments. Proficiency in cloud monitoring and threat detectionIAM and incident response. Recent experience implementing CSPMCWPP and CASB.

Cybersecurity management experience leading SOC implementation. Specialist in cloud risk management. Focused on SIEM implementation, reaching high understanding in cloud observabilityapplication monitoring and operational intelligence. Strong background in security metrics, KPIs and incident response. Relevant knowledge in log analysis & event correlation.

Expert in network and workload protection, implementing EPP, NGFW and IPS/IDS. Lead taskforce to perform countermeasures (malware analysis, XSS scanning, botnet isolation) and develop fast mitigation against DDoS , Rootkits, Zero-Day exploits,  and Data-Leaks. Labs & PoCs for pre-sales teams, performing live-demos in ATPZTNA and SASE.

Experience implementing DevSecOps, specially in software security test(sast/dast). Deep understanding in malicius code exploits suppression, AppSec compliance and Serverless Security. Provide security recommendations and security enhancements for devs teams regarding container securityautomation remediation and hardening APIs.

Recent experience leading  red-team management focused in public-clouds, identifying threats and APT mitigationCVE threats published. Conducts penetration test to evaluate cloud cloud attack vectors, identify cloud vulnerabilities and collaborate to identify security violationResponsible to lead complex automated large-scale vulnerability scanning

/Technical Background

Tools & Software:

OS: Windows Server 2012~2022, SUSE/SLES; RedHat/RHEL; Ubuntu; Kali;
Firewalls: Fortinet; CheckPoint; PFSense; SonicWall, Cloudflare;
Endpoints Protection: TrendMicro; Sophos; Tanium;
SIEM & Observability: Splunk, Elastic, New Relic, DataDog, Wazuh & Zabbix.
Automation: Terraform, Ansible;
Collaboration: GitHub, Slack, O365, G-Workspaces, MS-Project, Zendesk;
Ethical Hacking: Nessus, PACU, NMAP, Wireshark, Shodan;
DevSecOps: Veracode, Sonarqube, Jenkins, Kubernetes, Docker, Snyk;
Cloud Posture: Lacework, Orca



Expo & Conferences:
AWS Re:Invent 2017/18, Splunk Conf 22, RoadSec 2022, SAP SAPPHIRE 2019

Organization Membership:
OWASP, Linux foundation, ISACA, AWS global certification

Extracurricular activities:
Cloud, Cybersec & PenTest Instructor (Udemy)

Language Skills:
English (Fluent)
Spanish (Basic)
Portuguese (Advanced/Native)


Disclaimer: Working for US market only remotely under 1099 contracts as an independent technology consultant (C2C) through an established technology company (LLC) since 2018.

Douglas Bernardini at Splunk Conference 2022 - Douglas Bernardini - Cyber Security Specialist and Cloud Computing Expert
Douglas Bernardini at Roadsec 2022 - Douglas Bernardini - Cyber Security Specialist and Cloud Computing Expert
Douglas Bernardini at his headquarter - Douglas Bernardini - Cyber Security Specialist and Cloud Computing Expert