Senior Engineering Manager at GitLab, leading distributed teams in Authentication, Authorization, and Supply Chain Security. 15+ years building security infrastructure, distributed systems, and engineering organizations across companies like Checkmarx, Elbit Systems, Motorola Solutions, and Coronet.

Previously Chief Architect and Director of Engineering at Checkmarx, where I led 60+ engineers building CxOne, a SaaS application security platform. I hold a patent in context-based access control and have published research on email authorship verification using CNNs.

I write Rust, Go, and Python daily. I care about making AI-assisted development actually safe and reliable, not just fast.

At GitLab (as @mmishaev):

• labkit-rs -- Rust observability library for GitLab services. Correlation IDs, structured logging, HTTP/gRPC middleware, and OpenTelemetry integration. Wire-compatible with the Go implementation so Rust and Go services look identical in dashboards.
• GitLab Secrets Manager / OpenBao -- GA planning and capacity estimation for GitLab's secrets management offering. TSC member for the open-source Vault fork under the Linux Foundation.
• Authorization architecture -- Designed auth token exchange systems, evaluated replacements for large-scale permission tables, and threat-modeled credential flows across services.

Open source:

• Prompt-Shield -- Multi-layered defense against indirect prompt injection attacks in GitHub issues, PRs, and comments. 97%+ detection accuracy. Available as a GitHub Action.
• AI Harness Scorecard -- Grades repositories on engineering safeguards for AI-assisted development. Based on DORA 2025, OpenAI's Harness Engineering, and SlopCodeBench research. Published on the GitHub Marketplace.
• slsa-l3-poc -- Hands-on analysis and experimentation with GitHub's SLSA Build Level 3 and artifact attestation features.
• ai-daily-content-collector -- AI-powered daily brief that aggregates 40+ RSS feeds and uses Claude for summaries. Saves me 2+ hours a day.
• awesome-llm-security -- Curated collection of LLM security tools, research, and resources.

• GitLab -- Senior Engineering Manager, Software Supply Chain Security (2025-present)
• Checkmarx -- Chief Architect and Director/Head of Engineering, 60+ engineers (2020-2025)
• Elbit Systems -- Command & control systems for perimeter security (2018-2020)
• Coronet -- Cloud access security broker; patented remote access security (2015-2018)
• Motorola Solutions -- Unified network services, smart retail, smart cities (2012-2015)

M.Sc. in Computer Software Engineering (SCE). Certifications in leadership from University of Michigan, cybersecurity from NYU Tandon, and software product management from University of Alberta.

I write about engineering leadership, AI security, and developer productivity on Medium (112 followers):

• The Engineering Leader's Uncomfortable Truth About AI-Assisted Development
• Disciplined AI-Assisted Development with Superpowers: A TDD Journey
• Your AI Security Analyst: GitLab Duo Meets Security Automation
• Enforcing Capability Security in Go with Capslock and GitLab CI
• How I Built an AI-Powered Daily Brief That Saves Me 2+ Hours Every Day
• Why Documentation Just Became Your AI's Best Friend

See all posts on Medium ->

Other publications:

• SecureCloud: Looking At All Sides Of The Cloud Security Narrative
• Implementation of emails authorship verification with convolutional neural networks (CNN) and TensorFlow
• Five Key Steps for Turning Developers into Appsec Champions

Rust Go Python Ruby TypeScript Kubernetes Terraform OpenTelemetry gRPC OAuth/OIDC FIPS 140-3 SLSA SBOM GCP AWS

• LinkedIn -- career
• Medium -- blog
• GitLab -- day job
• GitHub -- open source