Madhu Akula

Never Ending Learner!

Security Engineering @ Miro

Madhu Akula is a pragmatic security leader and creator of Kubernetes Goat, an intentionally vulnerable by design Kubernetes Cluster to learn and practice Kubernetes Security. Also published author and cloud native security architect with an extensive experience. Also he is an active member of the international security, devops and cloud native communities (null, DevSecOps, AllDayDevOps, AWS, CNCF, USENIX, etc). Holds industry certifications like OSCP (Offensive Security Certified Professional), CKA (Certified Kubernetes Administrator), etc.

Madhu frequently speaks and runs training sessions at security events and conferences around the world including DEFCON (24, 26, 27 & 29), BlackHat USA (2018, 19 & 21), USENIX LISA (2018, 19 & 21), SANS Cloud Security Summit 2021, O’Reilly Velocity EU 2019, GitHub Satellite 2020, Appsec EU (2018 & 19), All Day DevOps (2016, 17, 18, 19, 20 & 21), DevSecCon (London, Singapore, Boston), DevOpsDays India, c0c0n(2017, 18 & 20), Nullcon (2018, 19 & 21), SACON 2019, Serverless Summit, null and multiple others.

His research has identified vulnerabilities in over 200+ companies and organisations including; Google, Microsoft, LinkedIn, eBay, AT&T, WordPress, NTOP and Adobe, etc and credited with multiple CVE’s, Acknowledgements and rewards. He is co-author of Security Automation with Ansible2 (ISBN-13: 978-1788394512), which is listed as a technical resource by Red Hat Ansible. He is the technical reviewer for Learn Kubernetes Security, Practical Ansible2 books by Packt Pub. Also won 1st prize for building Infrastructure Security Monitoring solution at InMobi flagship hackathon among 100+ engineering teams.

Interests

Engineering Leadership
Cloud Native Security
Cloud & Container Security
DevOps & DevSecOps
Building & Breaking stuff

Education

Information Technology
ANITS, Andhra University
Electronics & Communications Engineering
SVKP Polytechnic College

Experience

Security Engineering

Miro

Oct 2020 – Present Amsterdam, Netherlands

Leading & building the product security engineering for a hyper-growth online collaborative whiteboard platform.

Solving scalable Security Engineering problems
Building & Managing Product Security teams
Working with global teams and creating security culture
Learning and sharing with the community

Advisor

Stealth Startup

Sep 2020 – Present Online

Research & Innovation, Technology Roadmap, Building awesome teams, culture & company

Cloud Native Security

Xebia

Feb 2020 – Sep 2020 Amsterdam, Netherlands

Worked with wide variety of teams, clients and community to learn and share pragmatic security knowledge

Security Architecture, Engineering & Consulting
Cloud, Containers and Kubernetes security
Learning and sharing with the community

Security

Appsecco

May 2016 – Jan 2020 Bangalore, India

Joined as a 2nd member of the company. Read More

Appsecco is a specialist application security company that ‘gets’ web security and can advise you on the best route for your business.

We provide simple solutions to problems and don’t confuse our clients with technicalities.

Every team member shares a passion for providing the best possible security solutions that meet the commercial needs and challenges of the clients and organisations we work for.

No matter where they are based they bring the same strategic and pragmatic thinking to ensure that security, operations and commercial goals are aligned to bring you the best possible results.

Security Engineer II

Walmart

Oct 2014 – May 2016 Bangalore, India

Joined as a 1st member in the Fortune 1 Network Security team in India and worked collaboratively with the USA team and other teams around the globe.

Responsible for the global network security for Walmart eCommerce.
Part of Incident Response team. Worked on Palo Alto, ASA, FWSM firewalls.
Responsible for assessment of automation tools, latest trends to enhance the current security testing practices,update and enhance the standards used in organisation.
Followed Agile-Scrum methodologies for deployment and development activities.
Built an in house automation Attack Monitoring & Proactive Analytics solution for Walmart using ELK stack.
Acknowledged by CISO, VP for my contribution in improving organisation’s security posture by providing Critical Vulnerabilities in applications and also for internal training among engineering teams in InfoSec.
Won best organizational level awards including AOM (Associate Of the Month), Spot Award in entire InfoSec wing

Security Consultant

Payatu

Oct 2013 – Oct 2014 Dharamshala, India

Done Pen testing on complete Network as well as all Internal Web Applications
Installed & Configured Active Directory, Domain controller services and applied Group Policy Management
Installed & Configured Layer 2 & 3 switches and Routers
Installed & Configured Open Source Monitoring Servers, Inventory and Ticketing Systems
Installed & Configured FTP, BACKUP and WEB Servers
Did hardening for Windows, LINUX servers & Networks
Configured SIEM Server for Centralized logging and installed Security Onion for Network Packet Capture and analysis
Trained staff for configuration and maintenance of servers and systems
Researched on Real time Scenarios, Architectures and Tools
Worked with various International clients and completed the project successfully

Internship

Saviour Info Sol Pvt.Ltd

May 2012 – Jun 2012 Hyderabad, India

Created a server with all security tools to monitor and analyze the network.

Information security researcher & Technical trainer - Part Time

SourceNXT

Jan 2012 – Sep 2013 Hyderabad, India

Trained more than 3000 people in the field of Information security, Ethical Hacking and Cyber Security by various workshops and talks.
Done research on latest online potential threats and security tools and frameworks.
Prepared course content for Networking & Security Modules.

Corporate trainer - Part Time

Technosoft Solutions

Jan 2012 – Apr 2013 Visakhapatnam, India

Trained INDIAN NAVY for 10 days Hands on Ethical Hacking & Information Security Boot Camp
Worked with various clients and done corporate training on Network Security & Forensics
Done Penetration Testing for Web Applications
Done Hardening Networks and Servers for small organizations

Volunteering

Community Builder

Amazon Web Services (AWS)

May 2021 – Present Online

The AWS Community Builders program offers technical resources, mentorship, and networking opportunities to AWS enthusiasts and emerging thought leaders who are passionate about sharing knowledge and connecting with the technical community.

Mentor - Cloud Security

null - The Open Security Community

Jan 2021 – Present Online

Mentoring for the Cloud Security Study Group

Program Committee

USENIX LISA

Jan 2021 – Present Online

USENIX LISA is the premier conference for operations professionals, where sysadmins, systems engineers, IT operations professionals, SRE practitioners, developers, IT managers, and academic researchers share real-world knowledge about designing, building, securing, and maintaining the critical systems of our interconnected world.

Mentor

Nullcon

Apr 2020 – Present Online

Resume & Career Clinic has been a great initiative at Nullcon, for the Candidates looking to progress their career in Information Security

Crew Member

Cloud Village - DEF CON

Jun 2019 – Present Las Vegas, USA

Part of DEF CON villages in Las Vegas. An open space to meet folks interested in offensive and defensive aspects of cloud security. I was leading in creating and running the CTF for the conference.

Speakers Bureau Member

CNCF

Nov 2018 – Present World Wide

The CNCF Speakers Bureau helps connect event organizers with speakers who have varied expertise in the cloud native ecosystem. Speakers consist of CNCF ambassadors, meetup organizers, and prominent community members who are willing to speak at events on the topics they are proficient in.

Moderator - DevSecOps track

All Day DevOps

Jan 2016 – Present Online

All Day DevOps is a FREE online community responsible for creating the world’s largest DevOps conference. - https://www.alldaydevops.com

Contributor

DevSecOps

Jan 2016 – Present Online

Security is everyone’s responsibility - http://www.devsecops.org

Chapter Lead

null - The Open Security Community

Mar 2014 – Oct 2014 Dharamshala, India

Kick started null Dharamshala Chapter monthly meetups and other types of meetings like null Humla and Puliya. Responsibilities include organizing monthly events, arranging venues, inviting speakers, etc.

Contributor

Code Vigilant

Jan 2014 – Aug 2015 Online

Code Vigilant project is created out of the need to have a more secure open source software. It is a known fact that a large number of users use opensource software but a very few of them contribute back in terms of identifying and making these opensource software a more secure piece of software.

This project is initiated with an aim of finding flaws in open source software and making sure that we reach one of the following conclusion.

Get the vulnerability fixed and Patch issued.
If author is not reachable then make sure the public information is available and spread the details that issues exist with opensource software and discourage its usage.

Crew Member

Nullcon

Oct 2013 – Oct 2014 India

https://nullcon.net