# Author **Ivan Piskunov** is a Product Security and cybersecurity practitioner focused on Application Security, DevSecOps, API Security, Cloud Security, secure architecture review, CI/CD security, Kubernetes security, and the practical mechanics of building security into product delivery. This knowledge base is assembled from hands-on notes, operating patterns, review heuristics, security leadership material, technical checklists, diagrams, snippets, and field-tested ideas collected across years of product, platform, cloud, and application security work. ## Focus areas * Product Security operating models, ownership, maturity, OKRs, and reporting. * Secure SDLC, AppSec review, threat modeling, architecture review, and security requirements. * DevSecOps pipelines, quality gates, SAST, DAST, SCA, SBOMs, signing, attestations, and release evidence. * API Security, business logic abuse, authentication, authorization, tenant isolation, and platform trust boundaries. * Cloud, Kubernetes, container, infrastructure, IAM, secrets, and runtime security. * Interview preparation, leadership communication, reusable security templates, and hands-on labs. ## Authored Materials ### Books, brochures, and field notes on Gumroad [My Gumroad storefront](https://ivan14piskunov.gumroad.com/) is a public shelf for my authored cybersecurity books, practical brochures, working notes, and structured guides. The material is packaged for engineers, security practitioners, and leaders who want compact, usable explanations instead of abstract theory — AppSec, DevSecOps, Cloud Security, Secure SDLC, interview preparation, and adjacent Product Security topics. ### Cybersecurity Bastion — Telegram channel [Cybersecurity Bastion](https://t.me/+lM-z1s7354Y1NmEy) is my second author channel focused on hands-on security engineering: DevSecOps, Kubernetes security, CI/CD, AWS, Azure, GCP, Secure SDLC, architecture review, API Security, and AppSec issues. The channel is designed as a practical stream of notes, patterns, observations, and security-thinking prompts for people who build and defend real systems. ## Editorial position This project is written for readers who need security material that can survive real engineering pressure: limited time, legacy systems, mixed ownership, release deadlines, production risk, audit requests, and executive questions. The tone is intentionally practical. The goal is not to collect buzzwords. The goal is to help a reader make better security decisions, ask sharper review questions, explain risk clearly, and build safer products without turning security into theater. ![Product Security Knowledge Base footer](/files/fQNzMAKOWjRP989toSYF) --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://docs.product-security.expert/author.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.