Krzysztof Swidrak

Architected and delivered SSO integrations across a broad suite of enterprise security platforms — including CrowdStrike, TrendMicro, Rubrik, and Qualys — centralising identity governance and reducing access sprawl at scale. Led penetration testing engagements against e-commerce environments and drove cloud security engineering across AWS and Azure, covering CSPM configuration, triage, and remediation workflows. Extended detection coverage to AKS and EKS workloads, and developed custom integrations to strengthen SOC and Threat Hunting capabilities. Identified Shadow IT through proper cloud workload coverage, directly reducing unnecessary cloud spend and improving organisation-wide risk visibility.

Conducted in-depth penetration testing of Cassia Networks' products as part of security due diligence for the Dodge OPTIFY platform. Uncovered multiple vulnerabilities, including CVE-level findings that had previously gone undetected. Coordinated responsible disclosure with the vendor, resulting in measurable improvements to the security quality of Cassia's product line.

Provided security input bridging technical risk and business decision-making for the team responsible for the OPTIFY platform. Supported IT in establishing due diligence frameworks and executing SSO migrations. During vendor negotiations, applied precise audit scoping to eliminate redundant coverage — reducing the cost of external audits without compromising compliance integrity.

Delivered Azure security consultancy for a large-scale Digital Eco System platform, focused on advancing Zero-Trust posture: enforcing policy-driven access controls, transitioning role management toward IaC-deployed RBAC with Managed Identities, and hardening GitLab and Cloudflare WAF configurations to reduce attack surface and improve auditability.

Established a NIST SP 800-115-aligned penetration testing process as the operational backbone of a group-wide Vulnerability Management programme. Defined and supervised internal, external, and Bug Bounty streams across the capital group — from scoping through remediation tracking — eliminating redundant testing and reducing programme costs while maintaining consistent assurance quality.

Built the cybersecurity programme for the OPTIFY industrial IoT platform: authored a tailored policy suite aligned to ISO 27001 and SOC 2, designed security controls across Azure cloud workloads, edge sensors, and IoT gateways, and initiated DevOps security practices using Bicep-based IaC to establish a repeatable, auditable deployment model. Also worked with RBC Bearings IT to strengthen Entra ID integrations and EDR capabilities to meet enterprise compliance requirements.

Conducted penetration testing engagements across a broad range of internal enterprise applications and critical infrastructure components, including Privileged Access Management (PAM) systems, SAP environments, and FortiNet network appliances. Assessments covered both application-layer and infrastructure-level attack surfaces, providing the organisation with actionable findings and remediation guidance across high-value, high-risk targets.

Architected and delivered SSO integrations across a broad suite of enterprise security platforms — including CrowdStrike, TrendMicro, Rubrik, and Qualys — centralising identity governance and reducing access sprawl at scale. Led penetration testing engagements against e-commerce environments and drove cloud security engineering across AWS and Azure, covering CSPM configuration, triage, and remediation workflows. Extended detection coverage to AKS and EKS workloads, and developed custom integrations to strengthen SOC and Threat Hunting capabilities. Identified Shadow IT through proper cloud workload coverage, directly reducing unnecessary cloud spend and improving organisation-wide risk visibility.

Conducted in-depth penetration testing of Cassia Networks' products as part of security due diligence for the Dodge OPTIFY platform. Uncovered multiple vulnerabilities, including CVE-level findings that had previously gone undetected. Coordinated responsible disclosure with the vendor, resulting in measurable improvements to the security quality of Cassia's product line.

Provided security input bridging technical risk and business decision-making for the team responsible for the OPTIFY platform. Supported IT in establishing due diligence frameworks and executing SSO migrations. During vendor negotiations, applied precise audit scoping to eliminate redundant coverage — reducing the cost of external audits without compromising compliance integrity.

Delivered Azure security consultancy for a large-scale Digital Eco System platform, focused on advancing Zero-Trust posture: enforcing policy-driven access controls, transitioning role management toward IaC-deployed RBAC with Managed Identities, and hardening GitLab and Cloudflare WAF configurations to reduce attack surface and improve auditability.

Established a NIST SP 800-115-aligned penetration testing process as the operational backbone of a group-wide Vulnerability Management programme. Defined and supervised internal, external, and Bug Bounty streams across the capital group — from scoping through remediation tracking — eliminating redundant testing and reducing programme costs while maintaining consistent assurance quality.

Built the cybersecurity programme for the OPTIFY industrial IoT platform: authored a tailored policy suite aligned to ISO 27001 and SOC 2, designed security controls across Azure cloud workloads, edge sensors, and IoT gateways, and initiated DevOps security practices using Bicep-based IaC to establish a repeatable, auditable deployment model. Also worked with RBC Bearings IT to strengthen Entra ID integrations and EDR capabilities to meet enterprise compliance requirements.

Conducted penetration testing engagements across a broad range of internal enterprise applications and critical infrastructure components, including Privileged Access Management (PAM) systems, SAP environments, and FortiNet network appliances. Assessments covered both application-layer and infrastructure-level attack surfaces, providing the organisation with actionable findings and remediation guidance across high-value, high-risk targets.