Kenichi Shibata
Location: Redhill, England, UK
Email: [email protected]
Website: kenichi.shibata.co.uk
GitHub: github.com/kenichi-shibata
LinkedIn: linkedin.com/in/kenichishibata31
Professional Summary
An innovative DevSecOps leader with over a decade of experience architecting and optimizing cloud infrastructure and security solutions. I excel at driving integration of cutting-edge practices into software development lifecycles to enhance security, reduce costs, and boost efficiency. My expertise has been recognized through speaking engagements at major events like AWS Summit, QCon, and Cloud Expo Europe. As the author of “Cloud Native Monitoring” and “Cloud Native Observability” (O’Reilly Media), and a regular contributor to technical publications, I’m passionate about sharing knowledge. I’m seeking an opportunity to leverage my extensive cloud security, DevOps, and authorship background to drive success for a forward-thinking organization.
Work Experience
Lead DevSecOps, esure Group, Reigate, UK (2022 - Present)
- Founded and directed a team of 5 DevSecOps engineers, integrating security measures into the Software Development Life Cycle (SDLC) at esure focusing on AWS cloud
- Crafted the strategic vision and roadmap for the DevSecOps function
- Managed the transition from Prisma Cloud to Wiz, improving our cloud security capabilities
- Integrated multiple security tools, including CrowdStrike, Active Directory, Qualys, Wiz, and Prisma, into a unified security operations view via API Integration
- Developed a centralized DevSecOps system that consolidated security data, enabling executive prioritization using API Integration with Grafana
- Engineered a DevSecOps pipeline with scanning capabilities such as SCA, SBOM, SAST, and DSPM on AWS systems
- Authored an internal best practice guideline in Python 3.10, promoting secure coding practices
- Implemented a Grafana-based alerting system, focusing on critical P1 incidents
- Created ‘Yikes!’, a tool for vulnerability and misconfiguration management, prioritizing issues based on exploitability using the MITRE attack framework
- Led the ‘joiners, movers, leavers’ automation team, focusing on risk mitigation in Permission groups
- Collaborated with the DevOps team to address key Cloud vulnerabilities and misconfigurations
- Developed an internal system for Access Recertification using React JS and Python Fast API
- Created a system to detect end of life (EOL) systems in our cloud and on-premise estate via API Integration
- Achieved a reduction of P1 security incidents from 3 per month to 0-1 per month
- Published “How we secured Kubernetes using the Kubernetes Threat Matrix” on engineering-esure.com
Cloud Security Architect, esure Group, Reigate, UK (2021-04 - 2022-01)
- Secured AWS Cloud, EKS and Kubernetes Workloads via CSPM and CWPP tools
- Designing HLD for end to end Cloud Security
- Built PoC and working with Cloud security vendors
- Setting principles and patterns for secure designs with Databricks Data platform
- Curated secure standards and patterns in cloud architectures (for EDA architectures)
- Designed Aggregator to Insurance journey with security zero trust architecture
- Collaborated with DevOps to setup the DevSecOps function
- Led multiple devsecops engineers
- Scanned security weaknesses in Kubernetes and AWS Cloud
- Built a roadmap for cloud using these scanned weaknesses for both security and scalability
- Led an RFP for a CNAPP Provider to move away from Prisma Palo Alto that led to 12 participant lunch and learns which were further reduced to 1 MVP
- Implemented Wiz CNAPP (CSPM and CWPP) platform in Esure
- Built a security telemetry system and dashboard to provide executives with 10000 ft view of our Cloud Estate Security
- SME for AWS Cloud Cost Optimisation
Cloud Solution Architect, comparethemarket.com, London, UK (2019-12 - 2021-04)
- Architected key areas of the cloud infrastructure.
- Redesigned exisiting cloud systems following industry standards
- Monitoring for Metrics and Logging
- Deployment Pipeline
- Kubernetes Cluster
- Operating Model
- Technical Leadership with multiple teams consuming cloud services
- Consultancy for cloud technology and solution using risk based and reward based approach
- Built a cloud infrastructure roadmap and vision for the new generation tech strategy
- Became the SME for the Cloud Infrastructure on Architecture and C-Level
- Cooperated with all levels Architecture to set standards and architectural principles around URLs for SEO and Performance
- Helped security build the guidelines around security testing and building architecture to automate and set policies in the cloud
- SME for AWS Cloud
- Decreased cost of AWS Cloud by est 10 percent working with EDP Savings Plans RI and liasing with AWS Enterprise TAM
- Developed and championed enterprise grade PaaS defining solutions for the next generation tech strategy
- Developed Roadmap for Enterprise Grade Kubernetes as part of enterprise grade paas with focus on
- End to end observability
- Cost Optimization
- Smart Deployments
- Cluster as Cattle
- Load Testing
- Self service Platform via Portal and Documentation
- Internal Product via Innersourcing
- Built and designed network with third party partners via CDN, AWS VPC Peering, Privatelink
- PoC with third party data analytics provider with focus on security and network partition tolerance
- Led improvements within the RCA Process and coordinated with AWS Enterprise Team for Support and Billing discounts
- Supported BI and Analytics by building high level designs using Apache Airflow, Apache Kafka (Connect)
- Architected Data Analytics platform with Databricks
Application (Platform) Architect, comparethemarket.com, London, UK (2019-01 - 2019-12)
- Evangelize DevOps Culture and Shift Left Security.
- Trained and Mentored Platform and Cloud Engineers for AWS Kubernetes and Terraform.
- Conducted an extensive review of existing platforms which became the basis of an 18 month long roadmap.
- Coordinated with the rest of architecture community and helped fill in the gaps of the existing architecture practices.
- Triaged and assesed vulnerabilities VM and container level. Identified key risks and threats to the existing workflows.
- Led integrating Dev and Platform workflows on a high level.
- Conducted Kubernetes Workshops internally and encouraged paired knowledge sharing internally and with product teams.
- Run multiple PoCs with Vendors and Open Source tools within Cloud Native Landscape.
- Led inclusive ways of working with the Manager of the DevOps Team
- Architected for DevOps Team, Detectorist (Observability) Team, DBA Team
- Championed Documentation and Demo mindset approach to sharing knowledge through docusaurus portal.
- Led the Platform Architecture with the Platform Steering Committee in making effective decision in a Cloud Native fashion.
- Helped architect Data platform solutions on AWS.
Software Engineer, Infrastructure and Operations, Condé Nast International, London, UK (2018-01 - 2019-01)
- Built Kubernetes Platform for Developers and Help Evangelizing it.
- Infrastructure role and Evangelizing DevOps culture
- Wrote code in Infrastructure as Code(IaC) for all infrastructure operations involving AWS, Fastly, Kubernetes, Datadog, Pagerduty all using Terraform
- Built relationship with engineering teams across all teams for both Vogue and GQ brands within multiple European and Asian Countries
- Developed a platform built for the developers
- Taught developers how to use to use the kubernetes orchestration and the developer platform evangelized documentation
- Went to scouting and discovery trips in APAC and EMEA regions for deploying the platform while negotiating requirements (engineering, commercial and editorial) across multiple Conde Nast Countries and Brands
- Solved centralization problem with the team, Centralizing infrastructure and shared CMS platform using the multi tenanted approach of web development.
- Built out the operational and support functions with the SRE team using pagerduty and datadog configuration written in terraform
- Deployed Compass Project which allows Conde Nast Brands and Countries to be digital and efficiently centralized decreasing cost and improving customer advertisement taking the best practices of each market and reusing it centrally within Vogue International
- Led the DNS migration to a central AWS Route53 and CDN Migration to FASTLY CDN using Varnish Configuration Language deployed using terraform provider
- Took ownership of communication with individual markets CTOs and CIOs for engineering workstream with the technical lead of migrations team.
- Deployed CICD Pipelines Using CircleCI
- Deployed Everything using Kubernetes and Helm Chart-ized applications in a Continuous Deployment fashion for Staging and manual approval deployment for Production
- Monitored key systems using Datadog and Pagerduty
- Logging using FluentD ingested to a elasticsearch using Kibana as the dashboard
- Dockerized Applications with Developers
Principal DevOps, Simplex Technology Inc, Tokyo, JP (2017-01 - 2017-12)
- Worked closely with Beacon.io for building and maintaining HPC platform for Financial Products
- Successfully introduced Gitlab CE to dev workflow (CICD Pipelines, Source Codes, Pages)
- Managed, negotiated and implemented feedhandlers with Financial Data Brokers
- Developed APIs using Python for interfacing with Numerical Data with High Complexity NumPy and Pandas
- Introduced OpenLDAP as the best practice for authentication and authorization for internal development tools
- Succesfully Managed AWS Cloud automation tools like Packer, Terraform, Boto3,
- Worked with the team effectively and successfully completed PoCs for Japanese megabanks (Mizuho, SMBC - Nikko, Bank of Tokyo Mitsubishi UFJ)
- Effectively implemented Infrastructure and Application layer automation tools using bash and python scripts
- Successfully implemented Golden AMI as best practice when launching new EC2 instances integrated with open ldap in AWS
- Developed Documentation infrastructure using static site generators Hugo and sphinx
- Setup AWS to Data center connection using AWS Direct Connect
- Developed reusable internal python APIs for handling realtime and daily data
- Primary maintainer of AWS infra introduced best practices
- Successfully interviewed and hire senior infrastructure lead and members
Full Stack Engineer/ AWS Architect, Fast Retailing, Tokyo, JP (2015-08 - 2017-01)
- Architected Scaleable and Flexible Systems using MicroService Philosophy
- Successfully rolled out Wishlist API (UNIQLO and GU)
- Global Ecommerce Development Webapp, Rollout, Architecture and cross region distribution (UNIQLO)
- Ecommerce project management and release engineering
- Coordinated Cross functional communication within FR Infrastructure and Development team as one of the lead Architects
- Developed Restful APIs using AWS services and NodeJS with Restify Framework
- Created PoC Image processing using NodeJS (AWS Lambda) and then architected development team after for full blown development with Code Reviews and DevOps role
- Worked with Graphql and React PoC and used it in production with development team
- Managed CMS and Webapp both using reactjs as a base and integration using DevOps Philosophy with CICD Pipelines as best practice
- Architected Infrastructure and Application end to end development of microservices. Started the shift to domain driven development with the lead architect
- Wrote PoC Applications using ReactJS
- Work with Infrastructure as a code (Terraform, DCOS, Mesos, Docker, Ansible) for setting up development environment
Education
Bachelor of Engineering, Computer Science Bicol University, PH
Certifications
- AWS Certified Solutions Architect
Publications and Contributions
Books
- “Cloud Native Monitoring” (O’Reilly Media, April 2022) - Co-authored with Rob Skillington and Martin Mao
- “Cloud Native Observability” (O’Reilly Media, February 2024) - Co-authored with Rob Skillington and Martin Mao
- “Key contributor to Team Topologies” (Sept 2019) - Matthew Skelton and Manuel Pais
Articles
Covering Kubernetes, Cloud, Linux, Security and Git
Speaking Engagements
- AWS Summit London 2023 - Spoke with Wiz on the topic of Cloud Security
- QCon London 2020 - Microservices for Growth at comparethemarket.com
- GitOps Days EMEA 2020 - Security, Compliance and Governance for GitOps
- Blueprint LDN 2021 - Kubernetes Security in a highly regulated environment
- Cloud Expo Europe 2021 - Embracing CloudNative for the digital enterprise
- esure and wiz partnership 2023 - Esure Case Study
Technical Skills
Cloud Platforms
- AWS
- Azure
- Google Cloud
Programming Languages
- Python
- JavaScript (React, Node.js)
- Golang
- Bash
- Terraform
DevSecOps Tools
- Jenkins
- Grafana
- Prisma
- Wiz
- CrowdStrike
- Sonarcloud
- Qualys
Security Practices
- SCA
- SBOM
- SAST
- DSPM
- OWASP guidelines
Containers & Orchestration
- Docker
- Kubernetes
- EKS
Data Visualization and Monitoring
- Grafana
- Datadog
- Elasticsearch
- Kibana
Version Control
- Git
- GitHub
- GitLab
Database Systems
- SQL
- NoSQL (MongoDB)
- Databricks