Xavier Garceau-aranda

Principal Security Engineer at Latacora

Spain
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts
email-iconphone-icongithub-logolinkedin-logotwitter-logostackoverflow-logofacebook-logo
Join Prog.AI to see contacts

Summary

🤩
Rockstar
🎓
Top School
Xavier Garceau-aranda is a Principal Security Engineer at Latacora with 12 years of hands-on experience securing cloud and application environments. He combines deep offensive and defensive expertise from roles at NCC Group and InnoTec with practical software engineering skills earned earlier as a developer and researcher. Xavier has contributed to well-known open-source cloud security tools like Scout2 and ScoutSuite, improving AWS and Azure auditing checks to catch misconfigurations such as insecure S3 settings and missing Azure networking validations. Based in Spain, he pairs a Master's in Information Security with a background in software engineering to bridge code-level fixes and enterprise security strategy. Colleagues describe him as a pragmatic problem-solver who turns nuanced threat models into automated, auditable controls.
code12 years of coding experience
job5 years of employment as a software developer
bookBachelor of Software Engineering, Bachelor of Software Engineering at Université de Montréal - Ecole polytechnique de Montréal
bookMáster Universitario en Seguridad Informática, Máster Universitario en Seguridad Informática at Universidad Internacional de La Rioja
bookDEC, DEC at Collège Jean De Brébeuf
github-logo-circle

Github Skills (19)

python10
azure-vm10
audit10
azure-cli10
information-security10
aws10
amazon-s310
code-auditing10
audit-logging10
aws-s310
azure10
auditing10
s3-bucket10
audit-trail10
cloud-security9

Programming languages (6)

HCLC++SCSSJavaScriptPythonClojure

Github contributions (5)

github-logo-circle
nccgroup/ScoutSuite

Aug 2018 - Dec 2022

Multi-Cloud Security Auditing Tool
Role in this project:
userBack-end Developer & Cloud Engineer
Contributions:33 releases, 130 reviews, 2520 commits in 4 years 5 months
Contributions summary:Xavier primarily focused on implementing and improving Azure resource auditing capabilities for the Multi-Cloud Security Auditing Tool. Their contributions included the removal of redundant parameters and the addition of features, such as attaching network interfaces to security groups and adding basic support for Azure Application Security Groups. The user demonstrated strong technical expertise by improving HTML partials, writing Python scripts for resource management, and integrating new Azure features.
gcpsecurity-toolssecuritycloudcloud-security
nccgroup/Scout2

Dec 2017 - Nov 2018

Security auditing tool for AWS environments
Role in this project:
userSecurity Engineer
Contributions:1 release, 35 commits, 20 PRs in 11 months
Contributions summary:Xavier primarily focused on improving the security posture of the AWS auditing tool. Their contributions include updating the README to recommend the use of AWS Managed Policies over custom ones, and implementing rules to check for secure transport and default encryption settings for S3 buckets. Furthermore, the user addressed specific issues within the codebase, implementing fixes to identify and flag potential vulnerabilities. These changes collectively enhanced the tool's effectiveness in identifying and reporting security risks.
security-toolssecuritycredentialsawssecurity-auditing-tool
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Xavier Garceau-aranda - Principal Security Engineer at Latacora