- Sr. DevSecOps Engineer at SWIFT · Brussels
- 19+ years across Banking, ERPs, Real-time & Social platforms
- Builder of the Techstream Frameworks — an enterprise DevSecOps framework ecosystem covering the full software delivery lifecycle
- Into mountains, chess, music, Sci-Fi and anything that ships at scale
- Ask me about architecture, DX, CI/CD, DevSecOps, supply chain security
| Role | Company | Impact | |
|---|---|---|---|
| 🟢 | Sr. DevSecOps Engineer · Consultant | SWIFT · Brussels · Jan 2025–now | CI/CD blueprints · Release orchestration · Observability coaching |
| ⚪ | Senior Java Consultant · Freelance | Swissquote · Geneva · Jul–Dec 2024 | Oracle migration at billions-of-records scale · Denormalization & partitioning |
| ⚪ | Sr. Software Engineer · Consultant | SWIFT · Brussels · Jul 2019–Jun 2024 | Monolith → microservices · JSF → Angular · Coveo AI Search · Docker champion |
| ⚪ | Lead Software & DevOps Engineer | MyCujoo (Eleven) · Lisbon · Jun 2018–Jun 2019 | Real-time Vert.x + Kafka on K8s/GCP · Team leadership & culture |
🚀 CI/CD standardization → measurable KPI improvements across multiple squads at SWIFT
💾 DB migration at scale → billions of financial records, zero data loss, Swissquote
🏗️ Monolith → microservices → led full Identity Management decomposition, SWIFT
⚡ Real-time backend → Vert.x + Kafka on Kubernetes/GCP, sub-100ms latency, MyCujoo
🔒 DevSecOps posture → shift-left security, image hardening, supply chain controls
📦 Supply chain security → SLSA, SBOM (CycloneDX/SPDX), Cosign/Sigstore, Rekor
📐 Compliance automation → SOC 2 · ISO 27001 · PCI-DSS · NIST 800-53 · CIS Benchmarks
A collection of 11 production-ready, enterprise-grade DevSecOps frameworks — open-sourced under Apache 2.0 — covering the entire software delivery lifecycle.
┌─────────────────────────────────────────────────────────────────────────┐
│ TECHSTREAM FRAMEWORK ECOSYSTEM │
├──────────────────────────┬──────────────────────────────────────────────┤
│ FOUNDATION │ DevSecOps Framework · Methodology · TDMM │
│ │ (5-level maturity model, 8 domains) │
├──────────────────────────┼──────────────────────────────────────────────┤
│ PIPELINE & DELIVERY │ Secure CI/CD Reference Architecture │
│ │ Secure Pipeline Templates (GH/GL/Jenkins) │
│ │ Release Orchestration Framework │
├──────────────────────────┼──────────────────────────────────────────────┤
│ DOMAIN SECURITY │ Software Supply Chain Security (SLSA/SBOM) │
│ │ Cloud Security DevSecOps (AWS/Azure/GCP) │
├──────────────────────────┼──────────────────────────────────────────────┤
│ COMPLIANCE & GOVERNANCE │ Compliance Automation (OPA/Kyverno/Rego) │
│ │ SOC 2 · ISO 27001 · PCI-DSS · NIST 800-53 │
├──────────────────────────┼──────────────────────────────────────────────┤
│ CROSS-CUTTING │ Forensics & Incident Response │
│ │ AI & Agentic Systems Security │
└──────────────────────────┴──────────────────────────────────────────────┘
Expand framework highlights
| Framework | What it solves | Standards |
|---|---|---|
| DevSecOps Maturity Model (TDMM) | 5-level maturity assessment across 8 security domains, 45-item scorecard | CMMI · OWASP SAMM · BSIMM |
| Secure CI/CD Reference Architecture | STRIDE threat model for pipelines, supply chain attacks, privilege escalation | NIST SSDF · SLSA · SOC 2 |
| Secure Pipeline Templates | Drop-in GitHub Actions / GitLab CI / Jenkins / Azure Pipelines with SAST, SCA, secrets scan, signing | OWASP · CIS · SLSA L2 |
| Software Supply Chain Security | SLSA L1–L4, SBOM lifecycle, VEX workflows, Sigstore/Rekor, open-source assessment | SLSA · EO 14028 · EU CRA |
| Compliance Automation | Policy-as-Code (OPA/Rego, Kyverno), automated evidence collection, drift detection | SOC 2 · ISO 27001 · PCI-DSS v4 · GDPR |
| Cloud Security DevSecOps | Multi-cloud security controls: IAM, CSPM, IaC scanning, K8s hardening, incident runbooks | CIS · Pod Security Standards |
| Release Orchestration | Approval workflows, progressive delivery (canary/blue-green), GitOps, DORA instrumentation | ITIL · SOX · DORA |
| Forensics & IR Framework | Evidence architecture across 6 domains: CI/CD, cloud, supply chain, identity, AI agents | — |
| AI & Agentic Systems Security | Prompt injection defense, agent authorization, model supply chain, agentic CI/CD | STRIDE · OWASP LLM Top 10 |
🇧🇷 Versão em Português
Sr. DevSecOps & Software Engineer · Tech Lead · Cloud‑Native · Platform Engineering Experiência: 19+ anos (desde 2007) · Banking · ERPs · Tempo real · Apps sociais
Agora — Sr. DevSecOps Engineer (Consultor) — SWIFT · Jan 2025–Atual · Bruxelas, BE CI/CD blueprints, orquestração de releases, DevSecOps, observabilidade, coaching & automação.
Antes:
- Senior Java Consultant (Freelance) — Swissquote · Jul–Dez 2024 · Genebra, CH — Migração Oracle (bilhões de registros), desnormalização & particionamento
- Sr. Software Engineer (Consultor) — SWIFT · Jul 2019–Jun 2024 · Bruxelas, BE — Monólito → microserviços · JSF → Angular · Coveo AI Search · Docker champion
- Lead Software & DevOps Engineer — MyCujoo (Eleven) · Jun 2018–Jun 2019 · Lisboa, PT — Plataforma real-time (Vert.x, Kafka) em Kubernetes/GCP · Liderança de engenharia
Destaques:
- Padronização de CI/CD com impacto direto em KPIs entre múltiplos squads
- Migração de banco em larga escala (bilhões de transações financeiras)
- Jornada completa monólito → microserviços e JSF → Angular
- Backends real-time (Vert.x, Kafka) em Kubernetes/GCP
- Postura de segurança: análise estática, hardening de imagens, coaching DevSecOps
- Ecossistema Techstream — 11 frameworks enterprise de DevSecOps, open source