Hi, my name is Anastasiia.

I am a software engineer with ~10 years of experience in many languages and technologies, specialising in security engineering, data security and applied cryptography.

Now I am working on products and solutions at a data security solutions company Cossack Labs. We build software for data protection across apps and infrastructures: from SaaS services and mobile apps to critical infrastructure, power grid operators and SCADA networks.

I share a lot about “boring cryptography”, end-to-end encryption, data security, zero-knowledge / zero trust systems, software security architecture and security engineering.

Check out my LinkedIn to see more professional experience.

Open source

I keep my hands dirty and the world better by pushing things to open source 😀

• Themis — a high-level cryptographic library for 14 languages. Themis is extremely useful for multi-platform apps on mobile and web that need to exchange encrypted data. A foundation layer for end-to-end encrypted software.

• Acra — a database security suite for field-level encryption “on the fly”. Works as a transparent proxy for SQL databases, as API service for any data store, and as client-side SDK for client-side encryption.

• Workshops on my Github — I publish free developer-oriented workshops about risk management, cryptography and data security.

Conferences

During last years I was speaking and doing workshops at more than 60 conferences and meetups. That includes QCon Plus, QCon London, QCon NYC, BlackAlps, FrenchKit, UIKonf, SwampUP, InfoShare, JavaZone, Security BSides, CraftConf, FwDays, and many more. Check out my talks.

Want to invite me to your event?

Speaking is fun, but organizing events is even more fun. If I ever quit software engineering, I might become a professional conference organiser 😅

• Security track lead in Women Who Code Kyiv: more ladies in security engineering, yay!

• Host of security track for many years at QCon conferences: QCon Plus, QCon London, QCon New York, QCon SF. I was fully responsible for the security track’s theme and speakers line up. I built tracks to include a mix of engineering/researching/culture topics: OSINT, security bias, PQC, hunting for malware, security software design, building security culture in teams.

• PC member, later PC Chair of NoNameCon cybersecurity conference in Kyiv. NoNameCon is a full-mode-on conference with talks, workshops, CTFs, hacking villages, and even a charity educational day for kids CyberKids. We did two large conferences in 2018 and 2019 and went online in 2020. I cared about content & topics, worked with speakers and made sure that NoNameCon content represents many areas of cybersecurity.

• Co-organizer of mobile dev events at CocoaHeads Kyiv. We had tons of events in 2015..19, from small meetups to large conferences with international speakers.

Time-to-time I conduct paid secure software development training for mobile and web developers, or single-day cryptography engineering training with JP Aumasson, or occasional security engineering workshops.

Enjoy! 🔒