geminishkvAppSec Teamlead
Salut 👋,
I'm Elijah Shmakov, Information Security Officer and Application Security Teamlead. MA degree at BMSTU.
Participated in securing products for BI, E-commerce, Supply Chain, Cryptocurrency, and Mobile GameDev. Active participant in InfoSec conferences and forums.
I build and scale Application Security and DevSecOps practices for fintech, integrators and high‑load platforms – from zero to production‑ready services. Design and implement code supply security services, as well as AppSec Toolchain mechanisms.
- Secure SDLC & DevSecOps: Shift‑Left, automation AppSec practise on web, mobile, APIs, microservices and vulnerability management
- Secure architecture review (web, mobile, APIs, microservices), security design for payment and crypto systems
- Risk‑based security (risk assessment & vulnerability management) and secure architecture, threat modeling, supply‑chain security
- Vulnerability Management, application architecture design, supply‑chain security
- Leader with end‑to‑end experience building application security functions from scratch in enterprise and fintech environments
- Designs and implements Secure SDLC with integrating SAST, SCA, DAST, container and secrets scanning into CI/CD pipeline, drives security champions programs and risk‑based remediation
- Strong background in information security risk management and compliance (PCI DSS, critical infrastructure regulations, fintech standards, etc.), with proven ability to balance security and time‑to‑market
- Received a letter of appreciation from V. Selin for my substantial contribution to application security SAST activities in the FSTEC of Russia certification process under GOST 71207
- Founder and lead of the FinDevSecOps community for the Russian fintech market
- Organiser of the first DevSecOps hackathon in Russia and continuing the series in 2026
- Lecturer in secure software development and information security at leading technical universities:
- Bauman Moscow State University
- Moscow Institute of Physics and Technology
- Author of articles and talks on DevSecOps, secure development, and practical AppSec
- Podcast about secure development Podster and YouTube
- Interview with BISA association on YouTube about secure software development
- Organized the first DevSecOps hackathon in Russia and how it went
- Developing an open-source map of AppSec Toolchain tools in the FinDevSecOps community, considering import substitution solutions
- Design and roll out DevSecOps processes
- Build AppSec Toolchain with focus on developer experience
- Run threat modeling, risk analysis and security workshops for teams
- Telegram: @geminishkv
- Blog (ru): AppSecTA
All information in this profile and the included repositories (according to GitHub’s applicable terminology), including any text and graphic works, is provided for informational purposes only. Any use of the information provided through this profile and/or any text or graphic works in the repositories in practice, without prior consent from the subject for conducting testing, falls under the scope of applicable law. The author is not responsible for any possible damage caused by the provided materials, including any text or graphic works. All text and graphic works, including links, are for informational purposes only and are intended solely to share knowledge in product security.
| ContentId | Area | PageTitle | MetaDescription |
|---|---|---|---|
| UC-SPEC | Training Center Specialist, BMSTU | Team Lead in Software Development | Comprehensive program on building and leading software development teams, including planning, delegation, communication, conflict resolution, and performance management in IT projects |
| UC-SPEC-DEVOPS | Training Center Specialist, BMSTU | DevOps Engineer | Intensive course on DevOps engineering covering CI/CD pipelines, infrastructure as code, containerization, monitoring, and collaboration between development and operations teams |
| UC-SPEC-DASA-DEVOPS | Training Center Specialist, BMSTU | DASA DevOps Product Owner | Certification program focused on the role of a DevOps Product Owner, value delivery, backlog management, stakeholder communication, and aligning business goals with DevOps practices |
| UC-SPEC-DEVOPS-PRO | Training Center Specialist, BMSTU | Certificate DevOps Professional | Advanced DevOps professional training covering end-to-end delivery automation, environment management, reliability engineering, and scaling DevOps practices across teams |
| UC-SPEC-AGILE-SCRUM | Training Center Specialist, BMSTU | Agile - Scrum Management | Course on managing development processes using Agile and Scrum, including roles, ceremonies, artefacts, iterative planning, and continuous improvement in software teams |
| UC-SPEC-SCRUM-MASTER | Training Center Specialist, BMSTU | Scrum Master | Practical training for Scrum Masters on facilitating teams, removing impediments, coaching stakeholders, and ensuring effective use of Scrum in projects |
| UC-SPEC-SOFT-TEST | Training Center Specialist, BMSTU | Certificate Software Testing as QA Specialist | Fundamental and advanced software testing course covering test design techniques, test documentation, functional and non-functional testing, defect management, and QA processes |
| UC-SPEC-DASA-DEVOPS | Training Center Specialist, BMSTU | DASA: DevOps Practitioner for Team Organization | Hands-on DASA DevOps Practitioner program focused on team organization, culture change, collaboration patterns, and practical implementation of DevOps principles in organizations |
| UC-SPEC-QA-PROJECTS | Training Center Specialist, BMSTU | Quality Management in Projects and Services | Course on designing and implementing quality management systems for IT projects and services, including metrics, processes, audits, and continuous improvement practices |
| UC-SPEC-NET-ADMIN | Training Center Specialist, BMSTU | Administration of Services and Networks | Training on administration of network services and infrastructures, including configuration, troubleshooting, access control, monitoring, and ensuring availability in enterprise environments |
| UC-SPEC-SEC-SYSTEMS | Training Center Specialist, BMSTU | DevOps: Security of Systems, Services, and Networks | Course on integrating information security into systems, services, and network operations, covering threats, secure configuration, hardening, and DevSecOps security controls |
| UC-SPEC-ZABBIX | Training Center Specialist, BMSTU | Zabbix. Monitoring of Enterprise IT Infrastructure | Practical course on deploying and using Zabbix for enterprise IT infrastructure monitoring, including metrics collection, alerting, dashboards, and capacity planning |
| UC-SPEC-CLUSTERS | Training Center Specialist, BMSTU | Building Fault-Tolerant Cluster Solutions | Training on designing and implementing fault-tolerant cluster solutions with high availability, load balancing, redundancy, and disaster recovery strategies |
| UC-SPEC-CLUSTERS | Training Center Specialist, BMSTU | Azure Introduction | Introductory course on Microsoft Azure covering core cloud concepts, basic services, resource management, and foundational skills for working with Azure environments |
| CYBERED-OWASP | CyberED | Web Application Security and Threat Detection Practice Based on OWASP TOP 10 | Hands-on course in web application security focused on OWASP Top 10 risks, practical exploitation, detection techniques, and mitigation strategies for modern web apps |
| KASP-IS-ENTERPRISE | Kaspersky Academy | Enterprise Information Security | Program on building and managing enterprise information security, including risk assessment, policies, controls, incident response, and regulatory compliance |
| INFOSEC-WEB | Informzashita | Web Application Security | Practical training in web application security testing, covering common vulnerabilities, secure coding principles, and approaches to protecting web services |
| OTUS-DEVSECOPS | Otus | Implementation and Work in DevSecOps | Deep-dive course on implementing DevSecOps in organizations, integrating security into CI/CD, automating checks, and aligning development, operations, and security teams |