About Michel Kinasz
About
Michel Kinasz — Application Security Specialist
I design, implement, and harden security-sensitive software for organizations where application security, cryptography, platform hardening, and certification evidence have to survive real engineering scrutiny.
My background spans embedded router operating systems, central bank digital currency, PCI-MPoC mobile payment acceptance, DRM and application protection, HSM-backed key management, X.509/PKI validation, smart card middleware, biometric identity systems, and post-quantum cryptography migration. I hold a Canadian security clearance.
Today my practice focuses on three areas where these threads converge:
- Application & AI Security Architecture — threat modeling, trust boundaries, data-flow review, runtime protection, and secure integration of AI-assisted workflows
- Applied Cryptography & Certification Support — OpenSSL, MbedTLS, WolfSSL, PKI/X.509, white-box cryptography, FIPS 140-3, Common Criteria, PCI-MPoC, and post-quantum migration
- Payment, Mobile & Embedded Security — CBDC wallet security, mobile threat defense, Android/iOS hardening, embedded Linux/Yocto, ASLR, secure boot, and platform security
Selected Engagements
Ciena — Senior Software Developer (2025–Present)
Member of the security engineering team modernizing the cryptographic foundations and hardening the embedded OS powering Ciena routers. Strengthened the platform cryptography and TLS stack by fixing defects, removing weak and deprecated algorithms, enforcing modern cipher suites, and improving certificate validation. Led secure migration to OpenSSL 3.5, reengineering deprecated APIs into a FIPS-ready and post-quantum-ready foundation. Enabled full ASLR across router OS executables and supported FIPS 140-3 and Common Criteria work through code review, gap assessment, evaluator Q&A, compliance testing, and remediation.
Bank of Canada — Mobile Security Architect (2022–2024)
Assessed mobile platform security for the Canadian Central Bank Digital Currency (CBDC) initiative. Defined mobile platform security and cryptographic key-management principles aligned with NIST guidance and PCI-MPoC. Contributed to CBDC threat modeling and risk assessment with focus on cryptographic assets, key lifecycle, and TLS-protected interfaces. Implemented a non-custodial digital currency mobile wallet proof of concept, including key management, secure storage, transaction signing, application hardening, and runtime security posture monitoring. Evaluated mobile threat defense products and used OpenAI API in threat-analysis research.
Amadis — Senior Software Engineer / Architect (2019–2022)
Architected and led development of mobile payment acceptance systems. Advised senior management on secure payment acceptance requirements and mentored a cross-functional team on mobile payment security architecture and threat landscape. Designed and implemented mobile threat defense for payment acceptance apps using white-box cryptography and runtime application self-protection. Led PCI-MPoC certification work with Riscure and UL labs, including documentation, code reviews, gap assessments, evaluator Q&A, compliance testing, and remediation. Supported sales engineering in customer-facing engagements.
Irdeto — Principal Software Engineer (2011–2019)
Built application protection technologies for DRM and IoT products. Maintained an obfuscated Software Secure Element implementing cryptographic primitives for embedded conditional access systems. Designed a hardened X.509 certificate parser and trust-chain validator to strengthen TLS/PKI handling against malformed input and trust-store attacks. Designed a Linux Security Module for kernel activity monitoring and IoT security posture assessment. Maintained and extended an HSM-backed cryptographic key-management system for set-top box provisioning and supported sales engineering and operations.
Credentials & Standards
| Category | Detail |
|---|---|
| Security Clearance | Active Canadian government security clearance |
| Education | BSc Computer Science — University of Compiègne, France (1992) |
| Languages | French (native), English (full professional proficiency) |
| Certification Standards | FIPS 140-3, Common Criteria, PCI-MPoC, PCI-DSS, VISA security |
| Frameworks | STRIDE, FAIR, MITRE ATT&CK, OWASP MASVS, OWASP, NIST guidance |
| Cryptography | OpenSSL, MbedTLS, WolfSSL, white-box crypto, HSM/TPM, PKI/X.509, PKCS#11, post-quantum (ML-KEM, SHL-DSA) |
| Platforms | Android NDK/SDK, iOS/Swift, embedded Linux (Yocto), Linux kernel modules, Docker |
| Core Languages | C, C++, Python, Kotlin, Java, Swift |
How I Work
I operate best where architecture advice and implementation reality have to meet. Typical engagements include:
- Architecture reviews — application, platform, cryptographic, or mobile security design assessment
- Cryptographic migration — planning and executing transitions to FIPS-validated or post-quantum algorithms
- Certification support — documentation, lab coordination, and technical Q&A for FIPS 140-3, Common Criteria, or PCI-MPoC
- Threat modeling — structured analysis (STRIDE/FAIR/ATT&CK) with actionable risk prioritization
- Implementation support — secure API design, runtime hardening, cryptographic integration, and remediation guidance
Let’s Talk
If you are navigating a cryptographic migration, preparing for certification, or designing security architecture for a regulated product, I can help.
Contact me to schedule a consultation.