Hi there!
I am a Senior Technical Staff Member in IBM Research with over 27 years of experience in software engineering, specializing in distributed systems, cloud-native platforms, and open-source technologies. My focus is on establishing universal workload identity for secure multi-cloud and hybrid deployments, with a strong commitment to Zero Trust principles.
As a Senior Certified Level 3 (Thought Leader) Cloud Software Engineer, I design and develop large-scale, distributed cloud environments, primarily based on Kubernetes, Go, and Python, with a specialization in workload identity, secret management, and trusted identity frameworks to reduce attack surfaces and strengthen privacy and security across environments.
I currently lead architectural efforts aimed at improving security for AI Agentic Platforms (Kagenti) project), combining workload attestation, token-based delegation, and centralized trust management to enable safe and autonomous AI operations.
Beyond my engineering work, I’m deeply engaged in the open-source community:
- Member of the SPIFFE Steering Committee
- Active maintainer and contributor to several CNCF and open-source projects
- Advocate for open collaboration and secure, scalable design
I co-authored several technical papers and filed over 20 patents.
| LinkedIn | Twitter | GitHub |
My blogs and publications
2025:
2024:
- “SPFFE/SPIRE on Red Hat OpenShift”
- “Cross-cloud identity framework with SPIFFE/Spire on OpenShift”
- CloudNative Security Conference NA 2024: “Demystifying and Enabling Worklaod Identity Across the Cloud Native Ecosystem”
- AHFE Conference: “Harnessing Growth-Mindedness to Enhance Organizational Effectiveness”
2022:
- NIST IR 8320B, “Hardware-Enabled Security: Policy-Based Governance in Trusted Container Platforms”
- Universal Workload Identity Blog
2021:
- Open source workload identity management could help secure hybrid clouds
- Deploying Tornjak with Helm Charts
2020:
- Confidentiality and Governance of Cloud Services
- Protecting data using secret management with Trusted Service Identity
- IBM Research Launches Container-Based Open-Source Projects
- Secret Management with Trusted Service Identity for Sensitive Data Protection
2016 Building the IBM Containers cloud service
2010 RC2—A Living Lab for Cloud Computing
My Open-Source Projects and Community Contributions
- Contributor and maintainer Kagenti
- Owner, contributor, and maintainer Tornjak
- Contributor and maintainer SPIRE Helm Charts
- Owner and contributor Trusted Service Identity
- Contributor SPIFFE/SPIRE
- Tornjak Youtube Channel
Conferences
- 2025 KubeCon + CloudNativeCon NA, Atlanta, GA: “Tutorial: Build-a-Bot Workshop: Enabling Trusted Agents With SPIRE + MCP”, rec
- 2025 KubeCon + Colocated: “Who Let the Agents Out? Securing AI Workloads the Right Way”
- 2025 Workload Identity by CyberArk / KubeCon + CloudNativeCon EU, London, UK: “Zero-Trust Based Workload Identity Solutions For Agentic Platforms”
- 2024 Workload Identity by Venafi / KubeCon + CloudNativeCon NA, Salt Lake City, UT “Federating Trust in the Cloud Multiverse with SPIRE and Tornjak”
- 2024 Applied Human Factors and Ergonomics (AHFE) Scientific Conf, Nice, France: “Harnessing growth-mindedness to enhance organizational effectiveness”, rec
- 2024 CNCF CloudNative Security Con NA: Workshop: “Demystifying and Enabling Workload Identity Across the Cloud Native Ecosystem”,rec
- 2023 CNCF CloudNative Security Con NA: “Demystifying Zero-trust for Cloud Native Technologies”, rec
- 2022 SPIFFE Community Day: “Tornjak Journey - How to become a User Interface and a Control Plane for SPIRE”, rec
- 2021 Kubecon NA: “Untangling the Multi-Cloud Identity and Access Problem With SPIFFE Tornjak”, rec
My Certificates
- Professional Certification: Level 3 - Distinguished Technical Specialist
- Technical Specialist Profession Certification - Level 3
- Open Source Contributor
- Seurity Zero Trust Principles
- Patent Plateau
- All my certificates
My Notes:
Useful notes
I am using hacker theme and the editor on GitHub to maintain and preview the content of this file.