Konstantin ShpinevHackerman, Tech Lead, Tech Visioner
|
Hello! My name is Kostya. I’ve been passionate about IT and cybersecurity for 20 years. I co-founded Microimpuls — an IT company building software and video streaming services for internet providers and OTT platforms. After several years of running it, I moved on to the non-profit sector, where I now work as a CTO, focusing on projects that feel meaningful to me, but I’m always open to new challenges!
I like solving problems you can’t fix with a quick search or a prompt — the kind that make you go back to basics and really understand how things work or might work. I’ve built IT projects from the ground up and led teams through both calm and chaos. I care about results, love clean systems (maybe a bit too much), and I’m good at untangling messes — technical, structural, or human.
Outside of work, I enjoy driving and traveling, cycling, playing badminton and other team sports, building LEGO, playing video games, and watching movies. I’m learning to play drums and experimenting with music and I recently released my first AI-album.
/timeline
One of Russia’s largest human rights NGOs, focused on combatting and researching repression.
I lead an IT team and manage technical infrastructure. We build unique projects and custom technical solutions to help people resist political repression. Raising awareness about repression is another key part of the project’s mission — and in the context of censorship and internet blocks in Russia, our tech team puts in a great deal of effort to ensure that information can continue to be freely shared.
More about IT work in NGOs, and my experience at OI — in this article.
I enjoy designing complex systems, writing code, and working with servers — so from time to time, I take on freelance projects as a system architect, DevOps & software engineer, or IT consultant. If you think my skills could be useful to your project or you’d like to collaborate, feel free to reach out. My contact details are at the top of the page.
Here are some of the recent projects I’ve worked on:
The goal was to fix recurring Squid connection errors under heavy load, as users often reported that some websites wouldn’t load.
After analyzing network traffic and correlating it with error logs, I noticed that a large number of failed connections were also negatively affecting previously successful ones. This was the key analytical insight that led to identifying the root causes.
Three main issues were found:
First, under heavy load, a race condition in Squid’s code occasionally caused requests to bypass the cache. This was mitigated with a workaround by tuning specific configuration parameters to avoid triggering the bug.
Second, some resolved domains were not being cached due to how the caching mechanism worked internally. This became clear after reviewing the source code and was fixed by reconfiguring those specific domains.
Finally, to increase cache size and lifetime under high load, a configuration parameter needed to be adjusted in the opposite direction from what the official Squid documentation suggested. This was discovered through reviewing the source code and helped eliminate a long-standing misconfiguration.
As a result, connection reliability improved significantly — proxy connection errors were reduced by nearly 200×, from hundreds of thousands to just a few thousand per day. This aligns with an expected baseline failure rate given the scale of usage.
I was responsible for reworking and migrating a legacy infrastructure that had been running on a single physical server. The process was carried out step by step with minimal downtime, moving all components — including databases, search index, file storage, frontend, backend, and supporting microservices — into isolated environments across separate cloud instances.
To improve reliability and performance, I implemented load balancing and horizontal scaling through multiple application servers. Prior to the migration, users were regularly experiencing service unavailability.
All server configurations were provisioned using Ansible for consistency and reproducibility. I also applied hardening measures to improve overall security.
The deployment process for custom applications was modernized with Docker-based containerization and full CI/CD pipelines. Monitoring and alerting were configured to detect and report critical errors or outages.
Finally, I prepared documentation and handed the project off to the organization’s internal team for ongoing maintenance. The final infrastructure consisted of 10 servers, and despite the improvements, hosting costs remained within the organization’s budget.
As a system architect and developer, I helped design and implement a solution for ingesting and processing large volumes of heavy, heterogeneous datasets. The pipeline includes several stages: parsing, analysis, automatic data annotation, normalization and error correction with analyst involvement, ontology mapping, and indexing for fast, unified search across all datasets.
I was also responsible for deploying the entire system’s infrastructure in Google Cloud. It included an Elasticsearch cluster, multiple databases, application servers, message queues, S3-compatible storage, monitoring tools, and other components.
The system successfully processed 1 billion records in just two days. This performance was achieved through parallel data processing and careful optimization of normalization & aggregation algorithms.A digital security organisation working to protect human rights and freedom of expression online by developing and distributing free, open-source tools, services, and training for civil society, NGOs, and independent media.
I first joined the project as a Fellow, working as a pentester — identifying and fixing vulnerabilities in the custom publishing platform of a regional independent media outlet in Russia. Later, I took on a mentoring and advisory role in digital security: helping organisations identify key IT challenges, connect with the right experts, implement technical solutions, and resolve critical infrastructure issues.
One of the most meaningful experiences was designing and running an educational course on digital security, coordinating guest experts, and supporting a participating organisation in investigating a ransomware incident that nearly wiped out their infrastructure and caused several days of downtime.
We also organized offline hackathons, conferences, and other events for the fellow community. I really appreciated the variety of work — not just as a tech specialist, but also as a collaborator, teacher, and co-organizer.
More about the course and my mentorship experience can be found here.
A company developing white-label solutions for IPTV/OTT operators and video streaming services. Microimpuls product suite enables providers to launch a streaming platform from scratch, covering the entire pipeline — from video processing and delivery to the end-user experience across multiple devices.
The product is used by both high-load platforms with hundreds of thousands to millions of subscribers, and smaller regional providers.
I co-founded the company and helped grow it from a startup into a functioning international business. My contribution included product and tech strategy, setting up the company’s structure, and establishing all technical and business processes. I built the initial MVPs, created the business plan, and assembled the first development team. Over the years, I acted as both the company’s tech lead and business lead.
By the end of 2021, the company’s products were in use by 50 to 100 B2B clients across 17 countries, including large providers with subscriber bases ranging from 100k to over a million. The company had grown to a team of about 50 people. Grateful thanks to my team who helped turn this company and its products into what they became and who continue the journey today.
Microimpuls Smarty is a full-featured IPTV/OTT platform. Its key advantages include:
Affordability. Thanks to the use of mainstream technologies (Python/Django), extensive performance optimization, and real-world stress testing on our own commercial service, Smarty delivers a highly competitive price point — making it accessible even to small providers.
Performance. While competitor solutions often require a large server footprint, we achieved performance levels allowing up to 100,000 subscribers to be served from a single modern server (as of 2018). This was made possible through custom Django caching libraries, C-based modules, optimized scheduling algorithms, regular performance profiling, and system-wide optimization — including a lightweight custom serializer/deserializer and an efficient, low-traffic API. All components can run in a horizontally scalable, fault-tolerant cluster setup.
Smart TV UI framework. One of the things I’m particularly proud of is our in-house UI framework, built specifically for Smart TVs and IPTV set-top boxes, including Android-based devices. The code is optimized for older and lower-powered devices, with TV-specific UX patterns in mind (remote-first navigation, screen layout, etc.). Unlike generic JavaScript frameworks, our solution allows fast development of fully custom, high-performance interfaces.
Infinitely UI. This was a separate UX-focused project inspired by deep research into user behavior across streaming platforms. We benchmarked user flow efficiency against services like Netflix and Amazon Prime — and managed to reduce the number of clicks for common actions like switching between content types, content selection, and navigation. More about Infinitly.
Customization. Smarty is deeply modular. Many internal processes are written as replaceable Python modules, allowing high-level customizations tailored to specific operator needs and unique services.
Streaming technology. Our proprietary streaming server Spectr was developed with multi-platform support in mind and it goes beyond standard compliance to improve compatibility in unstable network conditions. Compared to competing solutions, it is significantly faster, more resource-efficient, and easy to scale in distributed fault-tolerant clusters. It also minimizes latency during buffering — providing a smoother playback experience.
First industry expo – CSTB 2014. This was Microimpuls’ first public appearance on the market. Despite the product still being in its MVP stage, we signed our first contracts with providers. Feedback from the expo helped us better understand user needs and adjust the product roadmap. It also gave us a clearer sense of what kind of company structure we’d need — one that could support rapid development, customization, deployment, and ongoing support.
Winning the Big Digit Award – 2016. This was the first public recognition of our product’s quality and marked a turning point in how larger providers viewed us. To win, we had to invest seriously in marketing and rethink how we presented our product. Although we already had happy clients, we had to make the product’s value clear to those who didn’t know us yet.
First contracts with major clients. For example, Tattelecom, the largest ISP in Tatarstan with over 1 million subscribers, was one of our first truly large-scale clients. Their high technical demands pushed us to significantly improve the product — boosting performance, flexibility, and UX. This led to the creation of the Futuristic UI, designed in partnership with Tattelecom’s team. Tattelecom had been using a legacy platform that was vendor-locked to outdated set-top boxes. The vendor had stopped development, but replacing the system was considered impossible — until we did it. They needed to launch new services (VOD, OTT TV, etc.) and required a modern interface compatible with Smart TVs. Our solution made that possible.
Investing in new products and partnerships. Once the company became profitable, we were able to expand not out of necessity, but by choice. We began exploring partnerships with VOD platforms, HbbTV and ad providers, and formed a strategic alliance with Irdeto, a leading European content security company.Bluepoint TV was an OTT streaming service based in the U.S. targeting immigrant audiences from Russia, Armenia, and Israel.
I reworked many modules of the platform powering the service, fixed bugs, and optimized performance for high-load scenarios. I also developed applications for several Smart TV brands and integrated them with the core system.
The company developed software solutions for IPTV providers.
I worked on two main projects: mucaster, a technology for transmitting live video streams over the internet, and a content delivery service built on top of it.
Mucaster was a point-to-point solution for transmitting live video streams between servers over public internet connections, for further restreaming to end users.
At the time, protocols like SRT didn’t yet exist. The only somewhat reliable way to deliver live streams over unstable networks was using UDP with added redundancy. This increased bandwidth usage but still failed to guarantee stable transmission — especially for Full HD streams (4K wasn’t yet common). Consumer streaming protocols like HLS or RTMP weren’t suitable either, as they relied on significant client-side buffering, while this use case required true low-latency live streaming.
I designed a custom MPEG-TS transmission protocol based on TCP, leveraging its built-in guaranteed delivery through handshake and packet acknowledgment. On top of that, I implemented adaptive bitrate control and dynamic buffering. The system analyzed the stream’s original bitrate to calculate delivery timing, which was encoded along with the video packets. On the receiving side, this metadata was decoded and used to reconstruct the stream and dynamically adjust buffer size and playback rate — compensating for any packet recovery time. In simpler terms, the technology introduced invisible, nanosecond-scale delays into the stream to build just enough buffer to maintain smooth delivery — without noticeable impact for the viewer or downstream devices.
With just 500ms of latency, the system could deliver live streams across the ocean from Russia to the U.S., while full rebuffering (noticeable playback interruption) occurred no more than once per day.An internet provider in Orenburg offering Triple Play+ services: internet, telephony, TV, video surveillance, and smart home solutions.
Here’s a description of the main projects I’ve worked on.
The goal was to modernize the legacy telephony system and transition it to IP, which significantly reduced the cost of connecting new subscribers and maintaining the network. This also enabled new business services like virtual call centers.
I developed the IP telephony platform based on the open-source softswitch OpenSER / Kamailio — a low-level, high-performance SIP server written in C/C++. Unlike Asterisk, which includes built-in call center features, Kamailio required extensive custom development to support production-grade services. I built the system core and modules for dynamic call routing, queue distribution, and auto-dialing, as well as integrated the entire solution into the company’s infrastructure.
The system supported telephony for several thousand customers and over ten business call centers. It also powered a number of automated phone lines with voice menus, allowing customers to check their account balance and initiate payments via the self-service portal. Another feature was a callout system that delivered pre-recorded messages to customers. One of the more original services was a dedicated number that read out the weather forecast for Orenburg, based on data from a weather station installed at Orenburg State University.
This softswitch development also became the subject of my university thesis — so I’ve preserved some of the technical details here.
The goal was to streamline internal workflows and automate customer request processing. Before this system, requests between departments were handled on paper, and even when digitized, they were stored in scattered Excel files on a shared server — making collaboration difficult and limiting the company’s growth.
I developed a custom internal management system using Python/Django, tailored to the telecom focus of the company.
Key features included: tracking of network infrastructure (objects and communication lines); client and contractor database; numbering resource management for the telecom operator; TV channel cataloguing; a ticketing system for internal task management; client request logging; document storage; and automated reporting tools.
The system significantly improved the efficiency of the customer support, technical, and installation departments. It introduced the concept of digital tickets and automated many formerly manual processes. Around 100 staff members used the system daily, with client requests submitted automatically around the clock by several thousand customers.
The company set out to launch a new interactive TV service — the first of its kind in the city at the time. I was responsible for selecting and integrating a vendor solution, extending its functionality, and building custom tools for both customers and support staff.
This included desktop IPTV apps, a real-time monitoring dashboard for support (a GPU-powered videowall showing multiple channels), and satellite receiver software for decoding and multicasting channels into the IPTV network.
I also developed an alternative time-shift TV system, replacing the vendor’s unstable DVR module with a faster, more reliable one that could handle higher loads and avoid broken recordings.
Although we started with an off-the-shelf platform, the system required substantial customization. We launched a stable, feature-rich IPTV service with time-shift capabilities in just three months.
I developed a local customer forum based on LiveStreet CMS, where users could share content, build communities, discuss news, and play games. The portal was integrated with a local torrent tracker and game servers.
The local torrent tracker turned out to be a killer feature — it allowed users to download large files much faster over the internal network, while helping the ISP save significantly on upstream bandwidth costs.A small startup focused on building software for contact and call centers under the AIS-Speak brand. The main project I worked on was a contact center solution for Tango Telecom.
I developed a call queue processing module — a known bottleneck in the Asterisk IP telephony system at the time. The module was written in C for efficient handling of incoming calls and routing them to operators based on custom business logic.
I also worked on the web interface for configuring the contact center, as well as the operator interface, which was embedded directly into the IP softphone.The company was the first in Orenburg to offer internet access via Dial-Up using prepaid time-limited cards. I worked as a forum administrator and also assisted the director and IT department with automating internal processes and reports.
I got it under unusual circumstances — I discovered a vulnerability in their user portal that allowed transferring virtual funds from a test account to an active one, effectively granting months of free internet access. I reported the issue to the provider, and they offered me a job.
I was also an active user on their forum and had developed a small utility for customers to track data usage and make better use of the free 15-minute internet sessions. The app allowed downloads to resume automatically after each reconnect.Thanks to the Internet Archive for preserving my old homepage from 2005 — brings back some nostalgic memories!
Ran a semester-long course for two student groups focused on “Analysis of Software Implementations” and “Software Vulnerabilities.”
I reworked the standard curriculum to include game-like mechanics inspired by CTF competitions. Throughout the course, each student developed a functional project — a service or application in any programming language — intentionally introducing software vulnerabilities covered in class.
In the second half of the semester, students exchanged projects and were tasked with identifying and fixing each other’s bugs. The final exam combined theory and practice: each student was randomly assigned a peer’s project and had to find, explain, and fix the vulnerabilities in a live session.
The format was well received by the students — many said it helped them better understand real-world security issues, and some even went on to participate in CTF competitions themselves.
A museum and cultural center in Moscow dedicated to the protection of human rights in Russia and the preservation of the legacy of Andrei Sakharov — a prominent physicist and Nobel Peace Prize laureate known for his human rights activism.
In 2024, I led a four-hour hands-on workshop for around 250 participants of the school, showing how to use n8n to build practical IT tools for routine tasks and introduce innovation with little to no programming experience.
I developed two educational programs for WSF participants in 2021 and 2022. Each program included 10-15 webinars, organized into modules on Operational Security, Secure Development, Infrastructure Security, Pentest, and general cross-cutting topics.
I also designed and led a webinar “Development of a Fault-Tolerant Secure Web Application by SDLC,” aimed at giving participants a broad perspective on the web application development process through the lens of various roles — developer, tech lead, architect, CTO, and security specialist.
In addition, I mentored a few organizations, helping them assess risks, identify critical IT issues, and implement practical solutions.
At various times, I’ve been invited to serve as a mentor, expert, or jury member at hackathons, f.e. the Demhack, the Digital Security Hackathon, the WSF Hackathon, or the mini-series Shifropunks.
I’m open to new opportunities — feel free to reach out using the contact details at the top of this page.
Some things that turned out pretty well:
| name | team | place |
|---|---|---|
| OrenCTF 2021 | individual | 2nd |
| UralCTF 2012 | bitmap | 1st |
| RuCTF 2012 | bitmap | 10th |
| UralCTF 2011 | bmp | 2nd |
| RuCTFe 2011 | bitmap | 5th |
| RuCTF 2011 | bmp | 10th |
| Volga-IT 2011 | individual | 3rd |
| RuCTF 2010 | Tochechnii_risunok | 11th |
| RuCTF 2009 | OSU 1 | 10th |
Also participated in DEF CON CTF and various other international CTFs at different times.
Rules of Attack-Defense CTF
Teams receive identical servers with a set of vulnerable services, to which the jury periodically sends private information — flags. Each team’s task is to find vulnerabilities, fix them on their own server, and exploit them to capture flags from other teams./outside of on-the-job learning
This website is built on the-monospace-web.