Xavier Garceau-aranda is a Principal Security Engineer at Latacora with 12 years of hands-on experience securing cloud and application environments. He combines deep offensive and defensive expertise from roles at NCC Group and InnoTec with practical software engineering skills earned earlier as a developer and researcher. Xavier has contributed to well-known open-source cloud security tools like Scout2 and ScoutSuite, improving AWS and Azure auditing checks to catch misconfigurations such as insecure S3 settings and missing Azure networking validations. Based in Spain, he pairs a Master's in Information Security with a background in software engineering to bridge code-level fixes and enterprise security strategy. Colleagues describe him as a pragmatic problem-solver who turns nuanced threat models into automated, auditable controls.
12 years of coding experience
5 years of employment as a software developer
Bachelor of Software Engineering, Bachelor of Software Engineering at Université de Montréal - Ecole polytechnique de Montréal
Máster Universitario en Seguridad Informática, Máster Universitario en Seguridad Informática at Universidad Internacional de La Rioja
Contributions:33 releases, 130 reviews, 2520 commits in 4 years 5 months
Contributions summary:Xavier primarily focused on implementing and improving Azure resource auditing capabilities for the Multi-Cloud Security Auditing Tool. Their contributions included the removal of redundant parameters and the addition of features, such as attaching network interfaces to security groups and adding basic support for Azure Application Security Groups. The user demonstrated strong technical expertise by improving HTML partials, writing Python scripts for resource management, and integrating new Azure features.
Contributions:1 release, 35 commits, 20 PRs in 11 months
Contributions summary:Xavier primarily focused on improving the security posture of the AWS auditing tool. Their contributions include updating the README to recommend the use of AWS Managed Policies over custom ones, and implementing rules to check for secure transport and default encryption settings for S3 buckets. Furthermore, the user addressed specific issues within the codebase, implementing fixes to identify and flag potential vulnerabilities. These changes collectively enhanced the tool's effectiveness in identifying and reporting security risks.
Find and Hire Top DevelopersWe’ve analyzed the programming source code of over 60 million software developers on GitHub and scored them by 50,000 skills. Sign-up on Prog,AI to search for software developers.
Request Free Trial
Xavier Garceau-aranda - Principal Security Engineer at Latacora