Who am I?

About Me

I am a computer scientist who tries to understand and implement technology for the good of myself, my family and friends, my organization and my team. I started my career as a software developer and have worked in many roles. In every role, I always try to implement the best industry practices in my job and contribute to the work in a way that matches with frontrunners.

I have goals to aim for the best, and I shape my career with this mentality. So I see every job as an opportunity to reach my objectives faster and every person as a companion in this journey.

Experience

Cloud and SRE Engineer

Working as Contractor (11/2024 - Present)

As Cloud and SRE Engineer my main focus is contributing efforts to maintain, provision and monitor infrastructure resources in AWS and K8s. I have also played role in the steps for automating manual processes such as Terraform Automation.

Computer Engineer (DevOps Engineer and Cyber Security Engineer)

Presidency of The Republic of Türkiye (08/2017 - 09/2024)

In my work I was a part of a team which have multiple roles and responsibilities. I specialize in multiple roles based on security perspective such as penetration testing, threat modeling, security operations, and enhancing organizational security against evolving cyber threats. On the other hand in order to improve and automate previously mentioned tasks I have find opportunities to specialize in DevOps field such as software development and deploying application.

My roles can be categorized in following sections:

DevOps Aspect:

  • Software Development: Spearheaded software development projects aimed at automating and optimizing security tasks, thereby reducing the operational workload of the security team. Employed collaborative tools such as Git, GitLab, Planka, Wekan, Rocket, Kanban board, and Gitlab CI/CD pipelines.
  • Linux System Administration and Container Orchestration: Managed and secured Linux servers and utilized Kubernetes orchestration to host internally developed security tools mentioned earlier, ensuring their secure and effective operation.
  • Monitoring System: Utilized internally developed tools as well as other industry standard tools such as Prometheus to monitor applications and infrastructure.
  • Consulting on Software Projects: Provided consultation to development teams, ensuring that software projects met organizational requirements. Evaluated and tested software functionality to ensure compliance with security standards and satisfaction of organizational needs.

Security Aspect:

  • Blue Team Operations: Led initiatives to monitor and analyze security threats to the organization’s infrastructure. Responsibilities included inspecting system logs and analyzing malware samples to identify and respond to security incidents. Utilized tools like Cuckoo Sandbox, dotPeek, oletools, and developed custom Python scripts to enhance threat detection capabilities.
  • Development and Implementation of Security Regulations: Authored and enforced comprehensive security policies and regulations across various domains, including VPNs, network devices, and end-user operations. These regulations were meticulously documented and presented using Microsoft Word and PowerPoint.
  • Threat Modeling: Conceptualized and executed detailed threat modeling processes for a diverse range of systems, including traditional network-based infrastructures and unconventional non-computer systems. This work significantly bolstered the organization’s overall security posture.
  • Penetration Testing: Conducted thorough and methodical security assessments across multiple domains, including mobile, web, network, and hardware systems. Utilized a broad array of tools such as Nessus, Kali Linux, Wireshark, Android Studio, Genymotion, and Frida to identify and address security vulnerabilities. Responsibilities included:
    • Mobile Security: Executed security checks in accordance with OWASP MAS and MASVS guidelines.
    • Web Security: Identified and mitigated web application vulnerabilities including remote code execution and SQL injection.
    • VOIP Security: Identified and mitigated voip application vulnerabilities including misconfigurations and call/message fraud.
    • Network Security: Conducted comprehensive network security scans and penetration tests, aiming to identify vulnerabilities and escalate privileges within the network.
    • Hardware Security: Assessed the security of hardware devices such as modems and routers, as well as internally developed systems based on threat modeling results

Penetration Tester

Turkcell GSM Operator (04/2017 - 08/2017)

After I have participated and passed the exam of Turkcell’s Cyber Security Camp I have started to work in Turkcell as Penetration Tester and Vulnerability Assestment and Security Audit Specialist. My key contributions included:

  • Conducted vulnerability assessments and security audits on web applications and servers, employing industry-standard tools such as Nessus, Kali Linux, Nmap, Wireshark, and Metasploit and manual inspections using Burp Proxy.
  • Performed code analysis using Checkmarx, identifying and mitigating potential security risks and vulnerabilities.

Software Developer

Grand National Assembly of Türkiye (08/2016 - 09/2016)

In my role at Grand National Assembly of Türkiye, I was dedicated to developing applications of internal needs. My contributions were centered around:

  • Engineered a desktop application utilizing C# and Windows Forms, which automated the integration of Word documents to generate comprehensive session reports for the Assembly.
  • Engineered a logging mechanism for Grand National Assembly’s website and internal web portal

Troubleshooting Engineer

TRT/Turkish Radio and Television Corporation (07/2016 - 08/2016)
  • Engaged in the troubleshooting and maintenance of ASP.NET web applications, leveraging C# and MSSQLServer to enhance application functionality and performance.

Technical Stack and Tools

Proficent In:

  • Programming Languages: Python, Java (Android)
  • DevOps Tools: Docker, Kubernetes, ArgoCD, Prometheus, Grafana, ELK, Gitlab CI/CD pipelines,Github Actions CI/CD, Terraform, Spinnaker
  • Cloud Tools: Most important AWS Services such as (EC2, ELB, S3, RDS, EFS, ECS, ECR, EKS, Fargate, IAM, Cloudfront, Util Services etc.)
  • Security Tools: Nessus, Acunetix, Invicti, Metasploit, Nmap, Wireshark, MobSF, Semgrep, JADX, Frida, Kali Linux (and associated tools)
  • Operating Systems: Linux, Android OS, Ubuntu
  • Collaboration Tools: Git, GitLab, Planka, Wekan, Rocket
  • Approaches: GitOps, CI/CD, DevSecOps, Cloud Native and Containerized Workloads, Immutable Infrastructure

Familier With:

  • Programming Languages: C#, JavaScript
  • Operating Systems: Windows
  • Web Development: HTML, CSS
  • Software Development: ASP.NET, Windows Forms

Interested With:

  • Cloud Native Applications and Security

Education

Computer Engineering

Gazi University (2012 - 2017)

My computer engineering education at Gazi University provided a comprehensive understanding of computing. It ensured a strong grasp of how computer systems function and the fundamental principles behind them. The curriculum covered programming fundamentals and software design in various programming languages and development techniques as well as computer networking and architecture. Courses in data structures, algorithms, and operating systems equipped me with the essential skills to understand and optimize computer systems effectively.

Certifications

  • Certified Kubernetes Administrator (CKA) – The Linux Foundation, 2024
  • Certified Kubernetes Application Developer (CKAD) – The Linux Foundation, 2024
  • HashiCorp Certified: Terraform Associate (003) – Hashicorp, 2024

Badges

  • AWS Knowledge: Amazon EKS – Amazon Web Services, 2024
  • AWS Knowledge: Networking Core – Amazon Web Services, 2024
  • AWS Knowledge: Cloud Essentials – Amazon Web Services, 2024