Hi! I'm

Federico Calò

Software Developer | Technical Writer

I create modern web applications and custom digital tools to help businesses grow through technological innovation. My passion is combining computer science and economics to generate real value.

Contact Me

About Me

My passion for computer science was born at the Technical Commercial Institute of Maglie, where I discovered the power of programming and the fascination of creating digital solutions. From the start, I understood that computer science was not just code, but an extraordinary tool for turning ideas into reality.

During my studies in Business Information Systems, I began to interweave computer science and economics, understanding how technology can be the engine of growth for any business. This vision accompanied me to the University of Bari, where I obtained my degree in Computer Science, deepening my technical skills and passion for software development.

Today I put this experience at the service of businesses, professionals and startups, creating tailor-made digital solutions that automate processes, optimize resources and open new business opportunities. Because true innovation begins when technology meets the real needs of people.

My Skills

Data Analysis & Predictive Models

I transform data into strategic insights with in-depth analysis and predictive models for informed decisions

Process Automation

I create custom tools that automate repetitive operations and free up time for value-added activities

Custom Systems

I develop tailor-made software systems, from platform integrations to customized dashboards

const federico = {
  nome: "Federico Calò",
  ruolo: "Sviluppatore Software",
  città: "Bari, Italia",
  missione: "Aiutare attraverso l'informatica",
  passioni: [
    "Codice Pulito",
    "Innovazione",
    "Crescita Continua"
  ]
};

La Mia Missione

Credo fermamente che l'informatica sia lo strumento più potente per trasformare le idee in realtà e migliorare la vita delle persone.

Democratizzare la Tecnologia

La mia missione è rendere l'informatica accessibile a tutti: dalle piccole imprese locali alle startup innovative, fino ai professionisti che vogliono digitalizzare la propria attività. Ogni realtà merita di sfruttare le potenzialità del digitale.

Unire Informatica ed Economia

Non è solo questione di scrivere codice: è capire come la tecnologia possa generare valore reale. Intrecciando competenze informatiche e visione economica, aiuto le attività a crescere, ottimizzare processi e raggiungere nuovi traguardi di efficienza e redditività.

Creare Soluzioni su Misura

Ogni attività è unica, e così devono esserlo le soluzioni. Sviluppo strumenti personalizzati che rispondono alle esigenze specifiche di ciascun cliente, automatizzando processi ripetitivi e liberando tempo per ciò che conta davvero: far crescere il business.

Trasforma la Tua Attività con la Tecnologia

Che tu gestisca un negozio, uno studio professionale o un'azienda, posso aiutarti a sfruttare le potenzialità dell'informatica per lavorare meglio, più velocemente e in modo più intelligente.

Parliamone Insieme →

Join the Community

Join the developer community where we discuss software, AI, architecture and DevOps. Share ideas, ask questions and grow with us.

Channel

FC Dev Blog

Get notifications on new articles, complete series, weekly tips and featured tools. Bilingual IT/EN content directly in your Telegram.

New articles as they are published
Weekly tips and code snippets
Polls on future topics

Subscribe to Channel

Group

FC Dev Community

A bilingual IT/EN community for developers. Discussions, Q&A, mutual help and networking with other professionals.

Discussions on articles and technologies
Coding help and code review
Job opportunities and collaboration

Join the Group

Discussion Topics

View

Master SQL

RoadMap.sh

November 2024

View

Oracle Certified Foundations Associate

Oracle

October 2024

View

People Leadership Credential

Connect

September 2024

💻 Languages & Technologies

Java

Python

JavaScript

Angular

React

TypeScript

SQL

PHP

CSS/SCSS

Node.js

Docker

Git

💼

12/2024 - Present

Custom Software Engineering Analyst

Accenture

Bari, Puglia, Italy · Hybrid Analysis and development of computer systems through the use of Java and Quarkus in Health and Public Sector. Continuous training on modern technologies for creating customized and efficient software solutions and on agents.

💼

06/2022 - 12/2024

Software analyst and Back End Developer Associate Consultant

Links Management and Technology SpA

Experience analyzing as-is software systems and ETL flows using PowerCenter. Completed Spring Boot training for developing modern and scalable backend applications. Backend developer specialized in Spring Boot, with experience in database design, analysis, development and testing of assigned tasks.

💼

02/2021 - 10/2021

Software programmer

Adesso.it (prima era WebScience srl)

Experience in AS-IS and TO-BE analysis, SEO evolutions and website evolutions to improve user performance and engagement.

🎓

2018 - 2025

Degree in Computer Science

University of Bari Aldo Moro

Bachelor's degree in Computer Science, focusing on software engineering, algorithms, and modern development practices.

📚

2013 - 2018

Diploma - Corporate Information Systems

Technical Commercial Institute of Maglie

Technical diploma specializing in Business Information Systems, combining IT knowledge with business management.

Contattami

Hai un progetto in mente? Parliamone! Compila il form qui sotto e ti risponderò al più presto.

* Campi obbligatori. I tuoi dati saranno utilizzati solo per rispondere alla tua richiesta.

Security in IDPs: An Integrated Approach

Security in an Internal Developer Platform is not an additional layer to apply after the fact: it must be integrated by design into every platform component. The Zero Trust paradigm ("never trust, always verify") is the architectural foundation of a secure platform: every request, every access, and every communication is verified, regardless of origin.

The challenge for platform teams is balancing security with developer experience: overly restrictive policies slow development and incentivize insecure workarounds, while overly permissive policies expose the organization to risk. The solution is security automation: automatic policy enforcement that protects without being an obstacle.

What You'll Learn

Zero Trust principles applied to IDPs
RBAC and ABAC for granular access control
Policy enforcement with OPA and Kyverno
Automated secret management with Vault
Supply chain security: SBOM, image signing, vulnerability scanning
Compliance frameworks: GDPR, SOC2, ISO 27001

Zero Trust Architecture

The Zero Trust model is based on fundamental principles that must be implemented at every platform level:

Verify explicitly: every request is authenticated and authorized, even from the internal network
Least privilege access: every user and service has the minimum permissions necessary for their function
Assume breach: the platform is designed assuming a compromise can occur, minimizing the blast radius

In the Kubernetes context, Zero Trust translates to: mandatory mTLS between services (service mesh), network policies blocking unauthorized traffic, pod security standards preventing privileged container execution, and audit logging of every operation.


# Zero Trust: Kubernetes network policies
apiVersion: networking.k8s.io/v1
kind: NetworkPolicy
metadata:
  name: checkout-service-policy
  namespace: checkout
spec:
  podSelector:
    matchLabels:
      app: checkout-service
  policyTypes:
    - Ingress
    - Egress
  ingress:
    # Only from gateway and orders service
    - from:
        - namespaceSelector:
            matchLabels:
              name: api-gateway
        - namespaceSelector:
            matchLabels:
              name: orders
      ports:
        - protocol: TCP
          port: 8080
  egress:
    # Only to database, cache, and required services
    - to:
        - namespaceSelector:
            matchLabels:
              name: databases
      ports:
        - protocol: TCP
          port: 5432
    - to:
        - namespaceSelector:
            matchLabels:
              name: cache
      ports:
        - protocol: TCP
          port: 6379
    # DNS resolution
    - to:
        - namespaceSelector:
            matchLabels:
              name: kube-system
      ports:
        - protocol: UDP
          port: 53
---
# Pod Security Standard: restricted
apiVersion: v1
kind: Namespace
metadata:
  name: checkout
  labels:
    pod-security.kubernetes.io/enforce: restricted
    pod-security.kubernetes.io/audit: restricted
    pod-security.kubernetes.io/warn: restricted

RBAC and ABAC: Granular Access Control

Access control in the platform must be granular and automated:

RBAC (Role-Based Access Control): assigns permissions based on predefined roles (developer, tech lead, platform admin)
ABAC (Attribute-Based Access Control): permissions based on dynamic attributes (team, environment, time, location)
Just-In-Time access: temporary access to privileged resources with approval and automatic expiration
Break-glass procedures: emergency procedures for elevated access with complete audit


# RBAC: Kubernetes roles for the platform
apiVersion: rbac.authorization.k8s.io/v1
kind: ClusterRole
metadata:
  name: platform-developer
rules:
  # Can view and manage their own deployments
  - apiGroups: ["apps"]
    resources: ["deployments", "replicasets"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
  # Can view pods but not delete them
  - apiGroups: [""]
    resources: ["pods", "pods/log"]
    verbs: ["get", "list", "watch"]
  # Can manage configmaps and secrets in their namespace
  - apiGroups: [""]
    resources: ["configmaps"]
    verbs: ["get", "list", "watch", "create", "update", "patch"]
  # CANNOT modify namespaces, RBAC, or network policies
  - apiGroups: [""]
    resources: ["namespaces"]
    verbs: ["get", "list"]
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
  name: team-checkout-developer
  namespace: checkout
subjects:
  - kind: Group
    name: team-checkout
    apiGroup: rbac.authorization.k8s.io
roleRef:
  kind: ClusterRole
  name: platform-developer
  apiGroup: rbac.authorization.k8s.io

Automated Policy Enforcement

Policies must be automatically enforced, not left to developer goodwill. The two main tools for policy enforcement in Kubernetes are:

OPA/Gatekeeper: general-purpose policy engine with Rego language. Powerful but with a steep learning curve
Kyverno: Kubernetes-native policy engine using YAML. Simpler and more intuitive for K8s-specific policies


# Kyverno: platform security policies
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: require-non-root
spec:
  validationFailureAction: Enforce
  rules:
    - name: run-as-non-root
      match:
        any:
          - resources:
              kinds:
                - Pod
      validate:
        message: "Containers must run as non-root"
        pattern:
          spec:
            containers:
              - securityContext:
                  runAsNonRoot: true
                  allowPrivilegeEscalation: false
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: require-resource-limits
spec:
  validationFailureAction: Enforce
  rules:
    - name: require-limits
      match:
        any:
          - resources:
              kinds:
                - Pod
      validate:
        message: "All containers must have resource limits"
        pattern:
          spec:
            containers:
              - resources:
                  limits:
                    memory: "?*"
                    cpu: "?*"
                  requests:
                    memory: "?*"
                    cpu: "?*"
---
apiVersion: kyverno.io/v1
kind: ClusterPolicy
metadata:
  name: require-labels
spec:
  validationFailureAction: Enforce
  rules:
    - name: require-team-label
      match:
        any:
          - resources:
              kinds:
                - Deployment
                - StatefulSet
      validate:
        message: "All workloads must have 'team' label"
        pattern:
          metadata:
            labels:
              team: "?*"
              app: "?*"

Supply Chain Security

Supply chain security protects the entire software lifecycle, from dependency to deployment:

SBOM (Software Bill of Materials): complete inventory of all dependencies for every service, automatically generated
Image signing: cryptographic signing of container images with Cosign/Sigstore to guarantee integrity
Vulnerability scanning: automatic image scanning with Trivy, Snyk, or Grype integrated into CI/CD
Admission control: only signed and scanned images can be deployed to the cluster

Security Automation Principle

If a security policy requires manual action from the developer, it will fail. Security must be automated: scanning in CI/CD, policy enforcement in admission controllers, automatic secret rotation, automatic certificate renewal. The developer should not have to think about security: the platform handles it for them.

Compliance Frameworks

Modern IDPs must support compliance with regulatory frameworks:

GDPR: data encryption, access logging, data retention policies, right to deletion
SOC 2: security controls, availability, processing integrity, confidentiality, privacy
ISO 27001: information security management system, risk assessment, continuous improvement
PCI DSS: for platforms handling payment data

The platform should make compliance continuous and automatic: automatic audit trails, real-time policy enforcement, automatically generated compliance reports. This transforms compliance from a stressful annual audit into a continuous, painless process.

Audit Logging and Monitoring

A comprehensive audit logging system is the foundation for security and compliance:

Immutable logs: audit logs must be immutable and retained for the period required by compliance
Centralized logging: all security logs flow into a centralized system (SIEM)
Real-time alerting: immediate alerts for critical security events (suspicious access, privilege escalation)
Forensic capability: ability to reconstruct the sequence of events in case of a security incident


# Audit logging: Kubernetes audit policy
apiVersion: audit.k8s.io/v1
kind: Policy
rules:
  # Log all secret access
  - level: Metadata
    resources:
      - group: ""
        resources: ["secrets"]

  # Log all RBAC modifications
  - level: RequestResponse
    resources:
      - group: "rbac.authorization.k8s.io"
        resources: ["clusterroles", "clusterrolebindings", "roles", "rolebindings"]

  # Log all deletes
  - level: RequestResponse
    verbs: ["delete", "deletecollection"]

  # Log all pod exec
  - level: Request
    resources:
      - group: ""
        resources: ["pods/exec", "pods/attach"]

  # Minimal logging for frequent read requests
  - level: None
    resources:
      - group: ""
        resources: ["events", "nodes/status"]
    verbs: ["get", "list", "watch"]

Security by Default

The most secure configuration must be the default configuration. Golden Paths must include built-in security best practices: non-root containers, resource limits, network policies, secret management via Vault. Developers following the Golden Path get security without additional effort.