David Sastre Medina

Staff Product Security Engineer at Nexthink

Boalo, Community of Madrid, Spain

About

Experience

  • Staff Product Security Engineer at Nexthink
    Jun 2025 - Present · 1 yr 1 mo

  • Red Hat (7 yrs 8 mos)
    • Principal Product Security Engineer at Red Hat
      Oct 2022 - Jun 2025 · 2 yrs 9 mos

    • Senior Product Security Engineer
      Apr 2021 - Oct 2022 · 1 yr 7 mos

    • Cloud and DevOps Senior Architect
      Mar 2019 - Mar 2021 · 2 yrs 1 mo

  • Senior System Engineer at Worldpay
    Aug 2014 - Nov 2017 · 3 yrs 4 mos

    My duties in this position cover different aspects of the integration of code into working platforms: - from version control to packaging, CI/CD - building and maintaining middleware stacks - automation - writing tools for specific tasks (perl, python) The automation framework used to drive these processes has been primarily ansible.

  • Senior System Engineer/DevOps at Qindel
    Aug 2014 - May 2016 · 1 yr 10 mos

    Consultancy services for customers.

  • Senior System Engineer at Indra
    Mar 2009 - Aug 2014 · 5 yrs 6 mos

    All this is happening quite fast, but the fact is that we are moving from physical AIX servers to a virtualized (VMWare now, possibly RHEV or OpenStack in the future) farm of RHEL5/6 and CentOS5/6 servers, we are replacing BEA's middle-ware stack with open source alternatives, and we are making huge progress in monitoring, automation, log analysis and correlation and identity centralization. My goals in this role are centralizing identity services, securing the platform in a documented and audit-able manner and deployment and configuration automation of our virtual machines. The first task is being wonderfully worked out with the help of Red Hat's Identity Manager (Idm, upstream freeIPA), which allows to centralize identity, manage RBAC, HBAC, sudo rules, DNS, NTP, SELinux mappings. Amazing. The second task is closely related to having a centralized domain, as I can provide SSO -or, when not possible, at least centralized credentials- to several of the tools our team needs (Nexus, Jenkins, ssh access using 2FA, role based access to WebLogic, WebMethods, ...), gain knowledge of what is happening on the platform, monitor and correlate events. It is being quite a learning experience having to deal with complex deployments under SELinux. It is also being a difficult task to improve staff awareness security-wise. We will be possibly facing a PCI-DSS deployment soon, quite an opportunity to put all of this to a test. Automation. This is the key. There is quite a lot of work to do here, but we have moved from manual deployment of applications in AIX that lasted days, to automated installations in minutes. Similarly, for OS automated deployment, we are using a custom DHCP+PXE+TFTP+kickstart solution with puppet on top, that I am planning to improve with cobbler+pulp in the near future. Next steps will cover automation of deployments from DEV to QA, for extensive, reproducible, measurable testing; and hopefully, from QA to our production servers.