CV - Filippo Buletto | Senior Cloud Security Architect & DevSecOps Lead

Professional Profile

Senior Cloud Security Architect & DevSecOps Lead with 10+ years of experience specializing in cloud security architecture, zero-trust implementations, and DevSecOps leadership for large-scale, distributed systems. Currently at InfoCert, I lead the design and deployment of secure, scalable monitoring infrastructures (Grafana LGTM stack) and security policies for 100+ Kubernetes clusters and 500+ VMs, ensuring compliance with GDPR, ISO 27001, and eIDAS regulations.
Proven track record in team leadership, driving the adoption of Secure SDLC, automated security testing (SAST/SCA), and zero-trust architectures in remote-first environments. Certified Kubernetes Application Developer (CKAD) with hands-on expertise in AWS EKS, Kong Mesh, and observability tools (Prometheus, Loki, Tempo). Passionate about open-source contributions and self-hosted secure solutions.

Work Experience

Senior Cloud Security Architect & DevSecOps Lead

InfoCert | Remote, Italy

Apr 2021 - Present

Team: Platform Services | Contract: Full-time, permanent

Mission: Lead the adoption of Secure Software Development Lifecycle (S-SDLC) and DevSecOps practices, while designing scalable observability and security infrastructures for distributed teams.

Grafana LGTM Stack Deployment & SAAS Migration

Led a cross-functional team of 5 engineers to design, deploy, and optimize a self-managed Grafana LGTM stack (Loki, Grafana, Tempo, Mimir) on AWS EKS, replacing a costly third-party SAAS solution. Key achievements:

Scaled the infrastructure to support 1,000+ pods and 80+ nodes, leveraging KEDA and Cluster Autoscaler for dynamic resource allocation.
Managed security and compliance for 100+ Kubernetes clusters and 500+ VMs, ensuring all data was stored in Italian AWS regions to meet GDPR and ISO 27001 requirements.
Reduced monitoring costs by 40% while improving observability and incident response times through automated alerting and dashboards.
Mentored team members on Kubernetes security best practices, including mTLS, network policies, and pod security standards.
Technologies: AWS EKS, Grafana LGTM (Loki, Tempo, Mimir), KEDA, Cluster Autoscaler, Prometheus.

Application Security Policy for S-SDLC

Architected and implemented an enterprise-wide Application Security Policy, integrating security controls into every phase of the Secure SDLC (S-SDLC). Key outcomes:

Reduced vulnerability remediation costs by 30% by shifting security left and automating SAST/SCA scans (Veracode, Sysdig Secure).
Standardized security practices across 10+ development teams, ensuring compliance with OWASP Top 10 and ISO 27001.
Collaborated with stakeholders to embed security into CI/CD pipelines, reducing deployment risks and improving time-to-market for secure applications.
Technologies: Veracode SAST/SCA, Sysdig Secure, QRadar SIEM, Kong API Gateway.

Zero-Trust Architecture with mTLS & Service Mesh

Deployed a zero-trust posture for microservices using mutual TLS (mTLS) and Kong Mesh, improving resilience and observability while reducing internal security incidents by 25%. Key contributions:

Led the implementation of service mesh policies to enforce least-privilege access across 50+ microservices.
Automated certificate rotation and identity verification using Kong Mesh and Vault.
Mentored engineering teams on zero-trust principles and secure coding practices.
Technologies: Kong Mesh, mTLS, Vault, Kubernetes Network Policies.

API Security in AWS Cloud

Specialized in API security (OWASP Top 10), contributing to a robust infrastructure with Kong API Gateway (north-south traffic) and Service Mesh (east-west traffic). Key achievements:

Reduced API vulnerabilities by 35% through automated security testing and OWASP Top 10 compliance checks.
Designed and implemented a centralized API security framework for 20+ internal and external APIs.
Collaborated with product teams to embed security into API design and development workflows.
Certification: Certified Kubernetes Application Developer (CKAD).

Software Architect

InfoCert | Padua, Italy

Feb 2013 - Apr 2021

Goals: Design and development of high-reliability web services for the SME market, with a focus on identity management and regulatory compliance.

Description: Specialized in designing and developing high-reliability and high-availability web services using Java EE technology. I deepened my expertise in object-oriented and functional programming with Java 8 and studied the internals of the JVM. I actively promoted the adoption of design patterns and SOLID principles to ensure robust and maintainable code.
Each project involved distributed clustering to guarantee high reliability, addressing challenges such as replication, eventual consistency, asynchronous processing, fault tolerance, and circuit breaker patterns.
I evaluated the adoption of cloud-ready architectures, including microservices, Docker, Kubernetes, and Eclipse MicroProfile, to modernize the infrastructure.
I have in-depth knowledge of desktop operating systems (Windows, macOS) and Linux server systems, and I am proficient in interfacing with both relational (SQL) and non-relational databases.
Contributed to defining company standards for Continuous Integration, development environments, code reviews, version control, static code analysis, and JVM/middleware updates. I also documented processes to ensure compliance with ISO 9000, ISO 20000, and ISO 27001.
Specialized in application security, contributing to the definition of company guidelines, identifying security vulnerabilities, and verifying the effectiveness of security measures as part of the dedicated security team.

SPID (Public Digital Identity System) Identity Provider

Led the design and development of Italy’s first SPID-compliant identity provider, fully aligned with AgID SAML2 regulations and federated with InfoCert’s Secure Access Controller. Key contributions:

Pioneered cross-border digital identity management by integrating the solution with the eIDAS Authority, enabling secure authentication for 1M+ users.
Collaborated with regulatory bodies (AgID) to ensure compliance with Italian and EU identity standards.
Technologies: Java 8, Java EE 6, LDAP, Infinispan, JBoss EAP 6.

InfoCert Secure Access Controller (OpenID Connect 1.0)

Developed a custom identity provider implementing OpenID Connect 1.0 (ISO/IEC 29115), with a focus on identity management and secure authentication. Key achievements:

Designed a scalable identity management system using LDAP, JWT, and distributed in-memory stores.
Improved authentication reliability by 20% through optimized token validation and session management.
Technologies: OpenID Connect 1.0, LDAP, JWT, Infinispan, Prometheus, Grafana.

SOAP-to-REST Migration (LegalCert REST)

Led the transition from SOAP to REST for InfoCert’s certification authority integration, improving usability and reducing response times by 20%. Key contributions:

Redesigned API endpoints to align with RESTful best practices, improving developer experience and adoption.
Collaborated with legal and compliance teams to ensure the new APIs met regulatory requirements for digital signatures.
Technologies: Java 6, Java EE 5, JBoss EAP 5, PKI (PKCS#10, PKCS#7).

IT Consultant

Reply Technology | Milan, Italy

May 2012 - Jan 2013

Contract: Full-time, fixed-term (targeting permanent employment and level advancement).

B2B Process Automation for Euronics

Designed and developed a business process management application using Java 6, Oracle Service Bus, and Oracle Weblogic 11g SOA, interfacing with Microsoft SQL Server and Oracle databases. The project aimed to automate data processing and export critical business information at pre-established intervals. Key achievements:

Optimized data flows using XQuery, XML, and XSLT, reducing processing times by 15% and improving operational efficiency.
Collaborated with external companies to integrate the application with their frontend-backend systems, ensuring seamless interoperability.
Automated reporting processes, enabling the client to receive critical business data in a timely and structured manner.
Technologies: Java 6, Oracle Service Bus, Oracle Weblogic 11g SOA, XQuery, XML, XSLT, Microsoft SQL Server, Tomcat.

Backend Development and Application Support for Reply Group

Supported a Senior Consultant in managing Reply Group’s sites, while developing new backend functionalities and providing application maintenance (AM) and change request (CR) support. Key contributions:

Led the autonomous development of the backend structure for a new group site release, collaborating with colleagues from multiple business units to ensure platform stability.
Provided ongoing AM and CR support, leveraging expertise gained during the project to resolve issues and enhance application performance.
Technologies: Java 6, MySQL, Tomcat, Struts, Hibernate, JavaScript, Apache Virtual Server, Java Servlet.

Training and Application Maintenance for Mediaset

Internship focused on on-the-job training within the application maintenance team, where I developed Java and Oracle PL/SQL applications and gained hands-on experience in a collaborative business environment. Key outcomes:

Achieved autonomy in managing AM requests, contributing to the maintenance of critical business applications.
Participated in the development of a new Java application using the Spring Framework and JavaScript libraries.
Technologies: Java 6, Spring Framework, Oracle 11g, JavaScript.

Technical Skills

🔒 Cybersecurity & DevSecOps

Secure SDLC

OWASP Top 10

Veracode SAST/SCA

Sysdig Secure

Kong API Gateway

Zero-Trust

mTLS

SAML2 - OpenID Connect

ISO 27001

GDPR Compliance

☁️ Cloud & Containerization

AWS (EKS, Lambda)

Kubernetes (CKAD)

Docker/Podman

Kong Service Mesh

Prometheus + Grafana

Loki/Tempo/Mimir

KEDA

Cluster Autoscaler

Terraform

💻 Software Development

Java

Jakarta EE

Quarkus Framework

Bash Scripting

Maven

Git

🗃️ Databases

PostgreSQL

Oracle DB

MongoDB

MySQL

LDAP

🛠️ Tools & OS

Linux (Server)

macOS/Windows

Eclipse/VS Code

JBoss EAP

Personal Projects & Open-Source

🔗 DropLink | Website | GitHub

Open-source tool (MIT License) designed to securely sync files/directories outside Dropbox’s folder, bypassing official API limitations. Key highlights:

10K+ global downloads, demonstrating expertise in secure file handling and user-friendly design.
Implemented robust permission controls to ensure data privacy and integrity.
Collaborated with open-source community to refine features and address security concerns.

🤝 Not So JUG | Website

Co-founder of a Java User Group to share knowledge on Java, cloud, and security with a community of 100+ professionals.

📊 Prometheus Health Checks | GitHub

Open-source library (MIT) to integrate custom health checks into Prometheus JVM Client, improving observability and monitoring for Java applications.

🌍 Self-Hosted Secure Web Services

Managed a personal server hosting self-built web apps (alternative to SaaS), with a focus on DNS (UDP/HTTPS), secure deployment, and QoS.

Certifications & Training

Certified Kubernetes Application Developer (CKAD) | Cloud Native Computing Foundation (CNCF) (Verify)

Jul 2020 - Aug 2023

DevSecOps Essentials | Linux Academy

Mastered DevSecOps principles, including CI/CD security, infrastructure as code, and automated compliance.

Jun 2020

Service Mesh with Istio | Linux Academy

Gained expertise in Istio for securing, connecting, and monitoring microservices.

Apr 2020

Kubernetes for Developers (LFD259) | The Linux Foundation

Developed skills in deploying, scaling, and managing containerized applications on Kubernetes.

Jul 2020

Education

MSc in Computer Engineering

University of Padua, Italy

2009 - 2011 | Grade: 103/110

Thesis: "Engineering the Startup Creation Process: From Idea to Business Model."

Relevant Courses:

2nd Year: Artificial Intelligence, Temporal Reasoning, Distributed Systems, Information Retrieval, Strategic Management of Organizations, Information Economics.
1st Year: Parallel Calculation, Numerical Processing of Signals, Three-dimensional Data Processing, Big Data, Theoretical Computing, Operational Research, Realtime Systems.

BSc in Computer Engineering

University of Padua, Italy

2006 - 2009 | Grade: 102/110

Thesis: Development of a simplified simulator for the Mindstorm NXT educational robot. Modified and enhanced the assembly command interpreter (HEX, C++) and integrated new functions into the simulator's UI (Java).

Relevant Courses:

3rd Year: Software Engineering, Information Systems, Operating Systems, Data Bases, Computer Networks, Data and Algorithms, Economics, Information History.
2nd Year: Signals and Systems, Foundations of Electronics, Foundations of Automation, Fundamentals of Communication, Electrotechnics, Computer Architecture, Data and Algorithms.
1st Year: Mathematics, Physics, Foundations of Computer Science, Circuits and Logical Systems.

Industrial Technical Diploma (IT)

ITIS F. Viola, Rovigo, Italy

2001 - 2006 | Grade: 91/100

Certification: European Computer Driving Licence (ECDL).

Additional Information

Languages: Italian (native), English (C1 - fluent in technical and business contexts).

Leadership & Collaboration:

Former Chief Scout (group leader), developing skills in team coordination, mentoring, and conflict resolution.
Co-founder of Not So JUG, fostering a community of 100+ professionals to share knowledge on Java, cloud, and security.

Interests: Photography, traveling, scuba diving (autonomous diver certification), road cycling.

Awards: 1st and 2nd place in Institute Computer Science Olympics (2004/2005, 2005/2006).

I authorize the processing of personal data in this CV under Art. 13 of Italian Legislative Decree 196/2003 and Art. 13 of EU Regulation 2016/679 (GDPR).