Hi! I'm Kfir Gisman. I tackle software engineering challenges as if solving complex puzzles, leveraging my engineering mindset. My forte lies in translating human language requirements into high-level, robust projects, drawing on extensive experience in data analysis, security research, and software engineering. Having worked in successful startup and large corporations, I seamlessly integrate diverse approaches into modern project workflows. Moreover, I share insights on various topics through my Medium blog.
Technical
- Backend: Python (FastAPI), SQL (on MS-SQL and MongoDB, Mongoose), ASP.NET, CCEC. JavaScript and Node.js.
- Other Programming Languages: C# and Java (both include GUI). C, Bash.
- Cloud: AWS, GCP, Azure, AliCloud. IaC: Terraform, Ansible. CICD Hardening: Github Actions. Docker, K8S.
- Data: Python (pandas), social network analysis (SNA), Knowledge at data analytics life cycle, data preparation, linear and logistic regression, classification and evaluation, random forests, decision trees, KNN, SVM, unsupervised algorithms. Social Network Analysis using ORA and Gephy.
- Frontend: React, HTML, CSS, AJAX, API rest, Firebase, bootstrap, JavaScript.
- Operating Systems: Linux, MacOS, Windows.
Docker and K8S: Docker Mastery: with Kubernetes +Swarm from a Docker Captain
Node.js: Udemy- The Complete Node.js Developer Course
🔬 Other Knowledge
-
Back & Front End
- HTML - CSS - ASP.NET - Node.JS - API rest - AJAX - JSON - XML - Firebase - Web API - CCEC - No-SQL - Data Set - MondoDB - Postman - Heroku - Studio 3T - MondoDB Compass -
JAVA
advanced concepts in Java object-oriented programming such as polymorphism, abstract Classes, interface realization, exception hierarchy. Event driven programming based on polymorphic event handlers, design and implement software systems in Java GUI. -
Big-Data
knowledge at data analytics life cycle, data preparation, linear and logistic regression, classification and evaluation, random forests, decision trees, KNN, SVM, unsupervised algorithms, using GoogleColab. -
SNA- Social Network Analysis
Data collection and data integration, statistical and other research, and data testing. The basics of network theory, nodes and connections, types of nodes and activities, and three levels of presenting them. Calculating and understanding key metrics of players and opinion leaders, finding groups in the network, topology of the network, networks Randomness, Scale Free Networks, and models of network development and the movement of epidemics and rumors on the network. -
UX/UI
Ux design process includes: Functional chunks, Conceptual elements, Navigation map and policy, Wireframes, Mockups. -
Computer Architecture
learning Combinational Building Blocks such as Multiplexers, Decoders, Latches and Flip-Flops: SR Latch, D Latch D Flip-Flop, Register, MIPS R2000 language and single cycle architecture. -
Operating Systems
learning operating systems structure (kernel approaches, dual mode operations, preemptive/non-preemptive OS’s), processes and threads (client-server systems, RPC, pipes, threads dispatching, high-level of thread scheduling), synchronization and mutual exclusion, deadlocks, CPU thread-scheduling (scheduling algorithms and priorities, Mars-Rover project, starvation). Codding in Java and C# in WIN32 API. -
Software Engineering
learning Imparting concepts in software engineering and methods of analysis and design, presenting the development stages of a software system, including definition Requirements, formalization of requirements and their analysis and software design. Learn UML diagrams such as: Use Case Diagrams, System Sequence, Activity Diagrams, and Interaction Diagrams.
-
Motivating the average developer to engage in DevSecOps - Lecture- Presentation at the DevSecOps Spain Community on Docker Security. I offered a hands-on experience for the audience, during which we coded together and investigated vulnerabilities in containers.
-
PyPI Suspends New Registrations After Malicious Python Script Attack- Published in Checkpoint. Supply chain attacks targeting PyPi packages, exemplified by a recent incident involving 44 malicious packages uploaded, underscore the importance of verifying Python code sources to prevent system compromise and data exposure, emphasizing the need for robust security measures like CloudGuard Spectral to safeguard against such threats.
Quick Dives into FastAPI Series' Articles
-
Unleash the Power of FastAPI: Async vs Blocking I/O - Published on Python in Plain English Medium publication. This article delves into the crucial differences between asynchronous and blocking I/O in FastAPI, explaining their impact on application performance and scalability. Through practical examples, it demonstrates how to leverage asynchronous programming to handle high-concurrency scenarios efficiently, making it a must-read for developers optimizing FastAPI projects.
-
Understanding FastAPI’s UploadFile: The Starlette Connection - Published on Python in Plain English Medium publication. This article explores FastAPI’s
UploadFile
functionality and its seamless integration with Starlette, the foundational ASGI toolkit. It provides insights into handling file uploads efficiently and demonstrates how to work with streaming and large files in web applications, making it an essential guide for developers managing file operations in FastAPI projects. -
Building Robust Components with FastAPI and Pydantic - Published on Python in Plain English Medium publication. This article highlights the synergy between FastAPI and Pydantic in constructing reliable and maintainable application components. It covers creating reusable models and enforcing validation rules, ensuring data consistency and integrity across APIs. A practical guide for developers seeking to improve their application's robustness and clarity.
-
Understanding FastAPI Fundamentals: A Guide to FastAPI, Uvicorn, Starlette, Swagger UI, and Pydantic - Published on Python in Plain English Medium publication. This foundational article introduces FastAPI's core building blocks, including Uvicorn for serving, Starlette for routing, and Pydantic for data validation. It also explores the built-in features for auto-generating API documentation with Swagger UI and ReDoc, making it an essential resource for developers new to FastAPI.
Enhance Your Code Delivery Skills as a Software Engineer Series' Articles
-
Solving Logs Woes: A Small Dive into Singleton Design Pattern- Published in Python in Plain English. Describes my experience incorporating logging into a Python software project, initially encountering difficulties with writing logs from files but overcoming the issue by implementing the Singleton Design Pattern, ensuring a single instance of the Logger class exists throughout the program's execution. They explain the Singleton pattern's concept, implementation in Python, benefits, considerations, and its role in resolving their logging issue, emphasizing streamlined and centralized logging.
-
Enhancing Software Architecture through Comprehensive Testing in Backend Development - Published in Python in Plain English.Discusses the importance of incorporating comprehensive testing into backend development to ensure code quality and resilience. He explains a three-layered architectural approach (Controller, Service, Data Access) and outlines different types of tests (True Positive, False Positive, Error Handling) to cover a wide range of use cases and scenarios.
-
How to Write an Effective README File — A Guide for Software Engineers- Published in Stackademic. This blog emphasizes the importance of creating clear and comprehensive README files for software projects, highlighting their role in enhancing collaboration, communication, and long-term project sustainability.
-
Mastering Error Handling: A Comprehensive Guide - Published on Stackademic Medium publication. This article offers an in-depth exploration of error handling in FastAPI. It discusses how to implement custom exception handlers, leverage middleware for centralized error logging, and provide meaningful responses to clients. With practical examples, it serves as a valuable resource for building resilient and user-friendly APIs.
-
Raising the Difference: Between Raise and Raise e -Published on Stackademic Medium publication. This article dives into the nuanced differences between Python’s
raise
andraise e
syntax in exception handling. It explains how each impacts stack traces and debugging, offering practical examples to clarify their appropriate use cases. A must-read for Python developers aiming to write cleaner and more informative error-handling code.
-
Shell injection in GitHub Actions CI/CD- The article describes the security risks of using pull_request_target event in GitHub Actions, and how an attacker can exploit shell injection to run malicious commands or scripts in the workflow.
-
Why IMDSv1 is a Security Risk for Cloud Infrastructure- The article discusses the security risks of using IMDsv1, a metadata service for cloud infrastructure, and how an attacker can exploit it to gain access to sensitive information or execute commands on the cloud instances.
-
Why You Should Disable Cloud Storage Bucket Versioning- The article explains why cloud storage bucket versioning can be a security risk and a performance bottleneck, and suggests some alternatives to achieve data durability and availability.
📰 Archive of Blog
- Spotify Genres Network Analysis I built a genre network and found that the number of artists playing a genre correlated with its centrality in the network.
- Spotify- Genres Network Analysis by Through Decades Analysis the Pop and Rock through 1960-2020 by their popularity and the importance.
📰 Archive of Projects
-
JamFinder My friends and I created JamFinder, an app that helps musicians find partners based on their musical preferences and Spotify listening data, using an algorithm based on SNA. The app filters, scores and ranks potential partners according to their proximity in a network of 2500 Spotify genres and 30 musical communities
-
Hack IDC 21 Tool of home contents insurance without an insurance reviewer- consists of an algorithm that identifies objects in the space of the room with the help of a telephone camera and helps the user to quickly fill in insurance along with cross-referencing his personal details. With these components they gave insurance pricing to the user. The solution is agile and efficient with documentation and evidence used by both parties for transparency between them.
-
Watch List Management Website - Website's link
Developed Front and Backend project from scratch: customer watch list of series form TMdb data base. The website includes admin panel with users’ statistics, recommended series based on several parameters, real time chat base on firebase with changing emojis. Using API.net, JQUERY, JSON, SQL, Firebase, JavaScript, HTML and CSS. -
Nightclub Management Tool Project Developed customer management information system as part of a university project, using Java and fully documented in JavaDoc.
-
Software Engineering Documentation Includes Requirements Definition: Functional Requirements, Quality Requirements,System Architecture. Requirements Specification: Use Case Diagram, Glossary of UC, Actors Table, Traceability Matrix, Activity Diagrams. Design: Class Diagram.
-
Monopoly Game Front End Game
-
Chat Room App This project bulid in Node.js and is used purely for learning exercises and the course content should not be interpreted as something I've created on my own. It uses the Socket.IO library to allow users to join particular rooms and chat with other users within those rooms. b
-
Task Manager Project The Task Manager Project is written using ES6/7 JavaScript and uses Express to create a simple Node web server that allows users to create, store and delete tasks.
-
Weather Wesite Weather App build in Node.js and using weather api and map box api
-
Other Projects: Chat Room App | Task Manager Project | Weather Wesite