Francisco Javier Barrena 🇬🇧 🇪🇸

Senior Software Architect & Application Security

•
+34 660 27 4444
•
Valencia, Spain

Personal website
Linkedin profile
My slides at Slideshare
Twitter profile

As a software architect and developer, I've spent my career mastering the art of building scalable systems. My expertise lies in decoupled architectures, microservices, and cloud environments. I've honed my skills in React andTypescript, creating robust and efficient applications. My proficiency in Java and Spring, but also in NodeJS and NestJS, has allowed me to develop secure and high-performing back-end systems. I'm also adept at CI/CD and DevOps, ensuring seamless deployment and maintenance of software products. My experience with Docker and Kubernetes has been instrumental in managing containerized applications in various environments. I'm not just a builder, but also a teacher and speaker, sharing my knowledge and insights with others. I'm always proactive in learning new technologies, ensuring the quality and security of code and infrastructures. My journey in software development is one of continuous growth and innovation, and I look forward to bringing this passion to your team.

Experience

  • Principal Engineer
    Labster
    oct 2023 - act
    Labster is a company that develops virtual laboratory simulations for science education. These simulations are designed to enhance traditional science education by providing students with interactive and immersive virtual experiments

    As Principal Engineer at Labster, my role covers different aspects of the software development landscape, from problem solving, system design, architecture and technical leadership to mentorship, innovation and collaboration with other teams within the company.

    Technically, we use different tools and languages at Labster, always following a microservice mindset with a strong focus on decoupling, security and performance. Particularly noteworthy is the use of Docker, NestJS and NodeJS, Typescript, MongoDB, Redis, VueJS and Kubernetes
    EdTechproduct🐋 dockerkubernetessecuritymicroservicesvuejstypescriptnodejsnestjsMongoDBRedistestingscrumBDD

    english • remote

  • Chief Technology Officer (Hands on)
    Kyso Inc.
    nov 2021 - nov 2023 (2 years)
    Kyso is an early stage b2b data science startup with a fast growing team backed by some great investors like Techstars, Lunar Ventures, Tribal Ventures and more. Responsible for the engineering side of the company and member of the executive. I wore many hats, from product owner, security, architecture, development, management and hiring. Also, I was in charge of technical customer relations. We implemented from scratch the technical culture of the company with very good results, building a great product with best engineering practices, focusing especially in maintainability and security.

    With a small team, we were able to build a production ready product quickly, thanks to the great team we were able to hire. The product was designed to be installed on-premises in customer's infrastructure. That was a challenge, because every customer has its own cloud provider, and Kyso must work in all of them. The deployment was prepared using Docker and Kubernetes, and we added support for Helm and Terraform later. In order to keep the product maintainable and extensible, we designed the architecture to be driven by events, using NATS as an event broker and developing a set of consumers which extends the core features of the product (notifications with slack and teams, analytics, etc.). The API was built using NestJS and Typescript, and the frontend was built using NextJS and Typescript as well.

    Responsible of SecDevOps implementation, defining CI/CD pipelines for: building software components, build docker images, assess quality code, assess security of the code, dependencies and Docker images. I built pipelines for automatic deployment in different environments (staging, production and testing), using Gitlab CI/CD and Github actions.

    Also, I was in charge of developing a proof of concept about a LLM (Large Language Model) using Open Source resources like     PrivateGPT and HuggingFace Open Source Models. This LLM is trained on top of an Open Source model, for example Open Llama, with your data, generating a new LLM that can answer questions related to your data. As this model is trained with your data, and deployed in your infrastructure, your privacy is guaranteed. This model was integrated as well with Kyso's permission system, giving the users the power to decide who can use it.
    AWSCI/CDDevOpsTerraformproducttechnical leadership🐋 dockerkubernetessecuritycustomer relationshipsnextjsreacttypescriptNodeJSNestJSelasticsearchjupyterLLM🤖 AIMongoDBElasticsearch

    english • remote

  • Software Architect
    Nexica Econocom
    oct 2019 - nov 2021 (2 years and 1 month)
    Responsible for the refactoring of the CloudManager (website and public documentation), a tool to manage Hybrid Cloud infrastructure that works on top of VCloud and VCenter (VMWare), AWS, Azure and Veeam. Starting from a legacy code base, we refactored module by module to a new modern and scalable architecture. I was responsible for recruiting staff too. The technologies we used were Java and Golang for the backend, Angular for the frontend and Docker and Kubernetes for packaging and deployment. The integration with the Cloud infrastructure was done directly through VCenter and VCloud API (an other vendors), together with an event broker that triggers serverless functions based on OpenFaaS.

    I was as well responsible of SecDevOps implementation, defining CI/CD pipelines for: building software components, build docker images, assess quality code, assess security of the code, dependencies and Docker images. I built pipelines for automatic deployment in different environments (staging, production and testing), using Gitlab CI/CD.
    CI/CDDevOpsproductkubernetes🐋 dockermanagementsecurity☕ javaangularreactvmwarenodejsMySQLElasticsearchopenfaasInfluxDBAzure

    spanish • remote

  • Head of Cybersecurity Research Group (Hands on)
    Instituto TecnolĂłgico de InformĂĄtica
    oct 2019 - nov 2021 (2 years and 1 month)
    Technical Leader, responsible for opening a new line of work on cybersecurity, focusing on application security and Cloud environments and using new security paradigms, based on Machine Learning, Big Data, SecDevOps and Security as a Code. Those works were part of different research projects, in which the OPOSSUM project highlights, as I coordinated a technical team to develop technology based on Machine Learning to improve the security of the applications, through a next-generation Web Application & API Protection (WAAP) prototype, using Rust, Java, Angular, Kubernetes, NodeJS and Docker as technologies

    Also, I was working on projects related to data and AI on the following sectors: energy, manufacturing, automotive and software. Specially interesting was the ZDMP project, an european R&D project aimed to achieve a Zero Defect Manufacturing Processes. I was the technical manager of a consortium of 35 partners like FORD Spain, Software AG, Mondragon Assembly, Continental, among others. Also, I was the principal engineer of the AI Analytics Runtime, a core component in the ZDMP architecture responsible of the training and versioning of models. ZDMP architecture was heavily inspired on Kubeflow. As technical manager, I drove the technical culture of the project, laying the foundation of the architecture, the pipelines and the collaboration rules between the consortium.

    Finally, I was responsible as well of SecDevOps implementation, defining CI/CD pipelines for: building software components, build docker images, assess quality code, assess security of the code, dependencies and Docker images. I built pipelines for automatic deployment in different environments (staging, production and testing), using Gitlab CI/CD. As the project had data science and AI implications, we used Kubeflow to configure and define the pipelines related to data science and AI, covering the following phases of the AI pipeline: data acquisition and cleaning, data processing, data enrichment, training, packaging and deployment into production.
    CI/CDKubeflowR&Dproductmanagementtechnical leadershipcybersecurity🦀 rust☕ javaangularreactkubernetesnodejs🐋 docker🤖 AIPostgreSQLCassandraMongoDBElasticsearchMySQL

    english • spanish • hybrid remote

  • Head of Engineering
    Instituto TecnolĂłgico de InformĂĄtica
    ene 2018 - jun 2019 (1 year and 6 months)
    Responsible for the technical execution and software engineering of all ITI R&D projects. Management of a technical team of 26 engineers. Big Data, Machine Learning, IoT, Cloud Computing, choice of technologies and SecDevOps. Promoter of Open Source initiatives.

    I was responsible as well of SecDevOps implementation, defining CI/CD pipelines for: building software components, build docker images, assess quality code, assess security of the code, dependencies and Docker images. I built pipelines for automatic deployment in different environments (staging, production and testing), using Gitlab CI/CD. As many projects project had data science and AI implications, we used Kubeflow to configure and define the pipelines related to data science and AI, covering the following phases of the pipeline: data acquisition and cleaning, data processing, data enrichment, training, packaging and deployment into production.

    Also, combining it with my management tasks, I participated in research projects in different sectors such as the industrial sector and the health sector. Regarding the latter, the BigSalud and Helpsalud projects stand out, in which I designed, configured and deployed Big Data processing infrastructure to support the processing of different information, such as medical imaging and genomic streams, with the aim of training Machine Learning models for early detection of certain diseases such as breast cancer, using technologies as Spark, Hadoop, HDFS, Kafka, ActiveMQ or Kibana, among others. Finally, I was a proactive agent in the company's internal training, teaching more than 15 courses (many of them, with multiple editions), and thus training all the company's engineers in topics such as frontend (react, angular), backend (java , hibernate, node, nestjs), infrastructure (docker, kubernetes) and security (ENS, SecDevOps). These courses were offered as well for external companies.
    CI/CDKubeflowR&Dleadershipbig data🤖 AImanagementnestjsnodejsangularreactpythonsparkcloud☕ java🐋 dockerPostgreSQLCassandraMongoDBElasticsearchMySQL

    english • spanish • on-site

  • Software Architect & Team Leader
    Instituto TecnolĂłgico de InformĂĄtica
    2015 - ene 2018 (4 years)
    Architect and manager of a team of seven engineers. Driver of the change to architectures based on microservices and front-back decoupling, becoming the development standard of the company. Technological stack: Java, JPA, Hibernate, JAX-WS, Maven, Spring, Angular. Relevant projects: Consum Asset Management, BoxPlus, Java applications optimization for Orizon
    CI/CDteam management☕ java🐋 dockerenterprisespringperformanceangulartypescriptPostgreSQLSQL ServerMySQL

    spanish • on-site

  • Software Engineer
    Instituto TecnolĂłgico de InformĂĄtica
    2011 - 2015 (3 years)
    Java FullStack Developer for end customers and R&D projects. Technological stack: Spring, JPA, Hibernate, JAX-WS, JSF, JSP, Maven. Deployment on Tomcat and JBoss servers. Relevant projects: Episteme, Fet-Eye.eu, PangeaMT, Consum EnergĂ­a
    CI/CD☕ javaenterprisespringliferaysharepointPostgreSQLSQL ServerMySQL

    spanish • on-site

  • Professor
    Univesitat PolitÊcnica de València
    2021 - 2022
    Professor of the subject "Machine Learning applied to Cybersecurity" at Big Data Analytics Master
    pythondata analytics🤖 AIcybersecurityjupyter

    spanish • on-site

  • Professor
    Univesidad de MondragĂłn
    2021 - 2022
    Professor of the subject "Cybersecurity in the Cloud" at University Expert Course in the National Security Scheme (ENS)
    cloud cybersecurityensnist

    spanish • remote

  • CTO & Co-Founder
    Bioscore Sustainability
    feb 2017 - mar 2018 (1 year and 1 month)
    Architecture, design and head of implementation of a travel portal specialized in ecological destinations
    startupproductleadershipmanagementsecuritynestjsangulartypescript☕ java🐋 dockerPostgreSQLElasticsearchMySQLDB2

    english • spanish • on-site

  • Software Engineer
    iSOCO
    2008 - 2011 (3 years)
    Development of applications in .NET on SharePoint. Java application development with Liferay. Direct deal with the client, capture of requirements, change and time management. Relevant projects: CHGUV, Repsol, Mapfre and La Caixa
    ☕ javaenterprisespringliferaysharepointSQL ServerMySQL

    spanish • on-site

Speaker at events

  • 2024Cookieggeddon! Bye to 3rd Party Cookies and how that will affect your software
    YoutubeSlideshare
  • 2023API Security & Testing - A pragmatic guide
  • 2022Speaker at a round table about API Security
  • 2022API Security & Testing - A pragmatic guide
  • 2022API Security: Workshop to harden your API
    Slideshare
  • 2021Hard as a pod. How to secure your Kubernetes Deployments
    YoutubeSlideshare
  • 2021Welcome to Gotham. New and terrifying ways of cyberattacks
    YoutubeSlideshare
  • 2021The Rustalorian. This is the way
    Slideshare
  • 2020Stop being the weakest rival with DevSecOps
    YoutubeSlideshare
  • 2020Big Data in Cybersecurity: Better to die on your feet than to live on your knees
    YoutubeSlideshare
  • 2020Speaker at a round table about API Security
    Youtube
  • 2020Pirates of the Cloud: whose responsibility is it?
    YoutubeSlideshare
  • 2020OSINT Techniques that will leave you with a crooked ass
    YoutubeSlideshare
  • 2020Speaker at a round table of cybersecurity experts
    Youtube
  • 2019Machine Learning at full throttle with GraalVM
    YoutubeSlideshare
  • 2019Insanely fast apps with Quarkus
    Slideshare
  • 2019Kubernetes: The Cloud King
    Slideshare
  • 2018NestJS: Backends in Node for Javas' & DotNets'
    YoutubeSlideshare

Courses taught

Complementary Training