Daniele Mucci

I am a security professional with almost 10 years of experience. My main professional focus has been on Linux and Kubernetes security, or more broadly on infrastructure and platform security. I enjoy deep technical work, but I have also led multiple teams with success.

🛠 Work Experience

Staff Cloud Security Engineer - Form3

Apr 2025 - Present

I moved to a technical leadership position, taking the role of Staff Engineer with a focus on the Kubernetes and platform area.

Lead Cloud Security Engineer - Form3

Dec 2022 - Apr 2025

I took the lead the Platform Security team, whose main responsibilities involved creating and implementing security standards and guidelines for many platform components.

  • SME for Kubernetes, Linux and containers security and main security contact for the engineering platform teams, performing many ad-hoc investigations, threat modeling activities, evaluations and generally contributing to the platform design.
  • Lead a team of up to 4 people.
  • Artifact attestation and admission control in Kubernetes using Sigstore tooling (support and experimentation).
  • Lead internal initiatives to raise standards (e.g., knowledge management and documentation).

Senior Cloud Security Engineer - Form3

Apr 2022 - Dec 2022

I joined Form3 as a cloud security engineer and worked on designing, implementing, maintaining and configuring the CNAPP solution for a multi-cloud platform. I have also worked on some internal Go tooling for managing accesses to production environments.

  • Rollout of CNAPP solution across multiple clusters.
  • Runtime security for Kubernetes via falco/Kyverno (custom) rules/policies, in multi-cloud and baremetal environments.
  • Developed just in time access capability to GCP.

Lead Security Engineer - Coolbet

Nov 2021 - Apr 2022

I led the Security Engineering team within the company. The main tasks included supporting the company's compliance objectives by recommending, designing and implementing security controls. These controls ranged from network to Kubernetes security, including securing the development pipeline, championing secure software development and application security practices. I designed, coordinated and implemented the vulnerability management program. In addition to the technical responsibilities, I managed my team resources, budget, prioritization and internal training.

  • Supported the Terraformation for the self-managed identity provider
  • Implemented from scratch in-house vulnerability scanner integrating FOSS tooling
  • Hardened Kafka deployment using Vault

Information Security Engineer - Coolbet

Jan 2020 - Nov 2021

I moved my focus fully on security, assisting in developing the Information Security Program and policies for the organization, implementing technical controls for Kubernetes clusters and the development pipeline, and performing targeted penetration tests.

Security Operations Engineer - Coolbet

Oct 2018 - Jan 2020

In addition to the previous responsibilities, I investigated and resolved recurring issues and security incidents and worked on securing the Kubernetes clusters.

System Administrator - Coolbet

Sep 2016 - Oct 2018

I performed standard Linux administration tasks, including servers deployment and maintenance while managing multiple Kubernetes clusters.

🖹 Certificates

CKS - Certified Kubernetes Security Specialist

Jan 2024
The Linux Foundation Certificate URL

Linux/UNIX Network Programming

Jan 2024
man7.org Certificate URL

System Programming for Linux Containers

May 2023
man7.org Certificate URL

CKA - Certified Kubernetes Administrator

May 2023
The Linux Foundation Certificate URL

eWPT - Web Application Penetration Tester

Mar 2023
eLearnSecurity Certificate URL

CCSE - Certified Container Security Expert

Feb 2023
Practical DevSecOps Certificate URL

OSCP - Offensive Security Certified Professional

Nov 2021
Offensive Security Certificate URL

eXDS - Certified eXploit Developer

May 2021
eLearnSecurity Certificate URL

eCPPT - Certified Professional Penetration Tester

Sep 2020
eLearnSecurity Certificate URL

🕮 Education

Master's Degree in Cyber Security

2015 to 2018

Tallinn University of Technology (TalTech) - 5/5

Relevant courses: Information System attack and defense, Malware I and II, Secure Software Development

Bachelor's Degree in Computer Engineering

2012 to 2015

La Sapienza University of Rome - 110/110 cum laude

🗒 Skills

DevSecOps

Kubernetes (advanced), containers (advanced), Linux (intermediate), Terraform (intermediate), Ansible (intermediate), AWS/GCP/Azure (basic), Hashicorp Vault (intermediate)

Offensive Security

Exploit development (basic), web applications (basic), penetration testing (intermediate)

Defensive Security

Access-control (intermediate), falco (advanced), Kyverno/admission controls (intermediate), security design (advanced), threat modeling (intermediate), network security (intermediate), eBPF (basic)

Tools

Grafana/Prometheus, Elastic/Kibana/Logz, Chronicle SIEM, Github Actions, Jenkins, Flux, Helm, Git, Logstash, Fluentd, Fluentbit, Kafka, Cilium

Programming Languages

Go, Rust, Python, Bash

🗃 Projects

Homelab

Jan 2018 - Present

I run and develop for years a small homelab, including Mikrotik network appliances, VLANs, Wireguard VPN, NAS devices and a 4-nodes Kubernetes cluster to host various services for the family. The whole lab is managed via Ansible, Terraform and Flux.

  • Manage and secure k0s-based cluster.
  • Hashicorp Vault integration for CA (SSH) and secrets management.
  • Developed custom tool to backup Kubernetes persistent volumes (Rust).

🗞 Publications

TED - A Container based Tool to Perform Security Risk Assessment for ELF Binaries

Oct 2014
Proceedings of ICISSP 2019, Prague

D. Mucci, B. Blumbergs. ISBN 978-989-758-359-9