Anatoli Dudarenkau

Anatoli Dudarenkau is a senior DevSecOps and cybersecurity engineer with more than eight years of experience delivering secure, scalable, production-ready systems across fintech, healthcare, critical infrastructure, and enterprise IT. With strong expertise in offensive security and secure cloud architecture, he has helped organizations protect digital assets, automate security workflows, and integrate DevSecOps practices into their software development lifecycles.

Certified in OSCP, OSWE, AWS, and Azure, Anatoli combines formal cybersecurity training with deep, hands-on experience. His background includes penetration testing of web and network systems, designing secure CI and CD pipelines, performing threat modeling and code reviews, and implementing compliance-aligned DevSecOps strategies across AWS, Azure, and GCP environments.

Proficient in Python, Bash, and Terraform, Anatoli has worked with a wide range of security tools including OWASP ZAP, Burp Suite, Fortify, and Checkmarx, and has led security engineering efforts on mission-critical platforms. He’s also experienced with modern monitoring and automation tools such as Datadog, Jenkins, SIEM systems, and Bitbucket Pipelines.

Throughout his career, Anatoli has contributed to high-impact projects, including:

• A cloud-native DevSecOps solution for Intapp that added automated security controls to Azure DevOps pipelines, raised deployment compliance to 100 percent, and improved developer velocity by 20 percent through automated scanning.
• A digital banking platform used by neobanks and fintechs, where he built a comprehensive security roadmap, audited cloud infrastructure, and strengthened incident response capabilities.
• A healthcare platform serving more than 13 million Canadians, where he added security controls across CI and CD, designed threat models, and ensured compliance across more than 30 distributed services in AWS and GCP.
• Internal security audits for power plants, banks, and media companies that exposed critical weaknesses in OT and IT systems, including Active Directory compromise paths, insecure PLC configurations, and privilege escalation vectors.
• Dozens of targeted penetration tests, uncovering critical vulnerabilities such as XSS, CSRF, SQL injection, insecure token handling, and session forgery in enterprise applications.

His professional focus spans cybersecurity engineering from low-level network security and secure coding practices to cloud infrastructure hardening and DevSecOps automation. He’s also known for producing clear, practical security documentation and fostering collaboration between development and security teams.

• Security and penetration testing: OWASP ZAP, Burp Suite, OWASP MSTG, Fortify, Checkmarx, Nmap, OpenVAS, SIEM tools, Active Directory exploitation, SSRF, XSS, SQLi, CSRF
• Programming and scripting: Python, Bash, PHP, Golang
• Cloud and infrastructure security: AWS (Security Specialty), Azure (Security Engineer, Architect), GCP, Terraform, Docker, Kubernetes, Azure DevOps, Bitbucket Pipelines
• CI/CD and DevSecOps: Jenkins, Azure DevOps, Git, GitHub, Bitbucket, automated security scanning, policy-as-code, compliance automation
• Web and app servers: Nginx, Apache, IIS
• Databases: MySQL, PostgreSQL, MS SQL Server, MongoDB