Engineering Manager at Datadog, where I lead the eBPF Platform team — owning the infrastructure that powers eBPF-based observability across millions of hosts. I manage the Kernel Matrix Testing (KMT) framework, build performance optimization loops for eBPF programs, and contribute to the GPU Monitoring product.
Previously at Sysdig, where I built and scaled the Cloud Detection and Response (CDR) platform — from designing the cloud data ingestion pipelines (AWS, GCP, Azure) and detection engine as a Staff Engineer, to growing and leading the team as Technical Lead Manager. I also built and scaled the team behind Response Actions, a system to execute and orchestrate containment and forensic operations on customer infrastructure in real time.
Before industry, I was a researcher at the Polytechnic of Turin, working on eBPF, XDP, and high-performance network programmability. I spent time collaborating with tech companies in Silicon Valley as part of my research.
Competitive programming background: Bronze medal at the Italian Olympics in Computer Science (2010), ACM-ICPC SWERC finalist in Porto (2014) and Valencia (2013).
Outside of work, I love cooking, photography, and gardening. (PS my pizza with self-produced basil is awesome, friends say.)
Leading the eBPF Platform team, responsible for maintaining and evolving eBPF-based observability at scale. Managing the Kernel Matrix Testing (KMT) framework — ensuring eBPF agent changes are validated across a wide matrix of kernels and distributions. Building performance optimization loops for eBPF programs. Contributing to Datadog's GPU Monitoring product for real-time NVIDIA GPU observability.
eBPF Platform team. Working on kernel-level instrumentation, performance optimization, and GPU monitoring capabilities.
Scaled the Cloud Detection and Response (CDR) team. Led the team owning cloud data ingestion from AWS, GCP, and Azure and the detection pipeline for identifying anomalies across cloud environments. Built and scaled the team behind Response Actions — a system to execute and orchestrate containment and forensic operations on customer infrastructure in real time.
Designed and built the CDR platform: cloud provider data ingestion pipelines (AWS, GCP, Azure) and the detection pipeline to identify anomalies at scale. Transitioned from architect to technical leader of the initiative.
Sysdig Secure — Kubernetes security for enterprise cloud-native stacks.
Sysdig Secure — Kubernetes security for enterprise cloud-native stacks.
Working on eBPF (Extended Berkeley Packet Filter) and XDP (eXpress DataPath) to build high-performance and scalable networking solutions for linux. Studying an eBPF-based clone of iptables.
Working on OpenSource networking solution for OpenStack.
I collaborated with Nebbiolo Technologies to study, provide and deploy a virtual network solutions, using eBPF.
As part of my Master thesis, I spent some months visiting PLUMgrid, in Silicon Valley. I collaborated with smart and nice guys, with first hand knowledge of BPF and networing. I've learned a lot from them, while developing iovisor-ovn.
Development of a network analysis and diagnostic tool for Fiat Chrysler Automobiles.
This paper presents an eBPF-based firewall, bpf-iptables, which emulates the iptables filtering semantic while guaranteeing higher throughput outperforming other Linux-based firewalls particularly when a high number of rules is involved.
This paper presents an eBPF-based prototype, bpf-iptables, which emulates the iptables filtering semantic and exploits a more efficient matching algorithm. Our prototype outperforms iptables, particularly when a high number of rules is involved, without requiring custom kernels or invasive software frameworks.
This paper reports the first results of a project that aims at creating a (partial) clone of iptables, using the eBPF/XDP technology. This project assumes unmodified Linux kernel and guarantees the full compatibility (in terms of semantics and synxtax) with current iptables.
In this paper we summarize the most important lessons learned while exploiting eBPF to create complex network functions, presenting the most promising characteristics of this technology and the main encountered limitations.
Polycube is an open source framework to build fast network functions with XDP and eBPF
On top of that we built couple of applications:
Website: https://github.com/polycube-network/polycube
Iovisor-ovn is a network plugin for OpenStack, that provides a network layer based on bpf.
Website: https://github.com/iovisor/iovisor-ovn
Netdev 0x12, The Technical Conference on Linux Networking, Montreal (Canada), July 2018. Site, Paper, Slides, Video.
IOVisor Summit, Mountain View, CA, Feb 27th, 2017. Site, Slides.
2016 Fall Open vSwitch Conference, San Jose (CA, USA), Nov 7th, 2016. Site, Slides, Video.
Apart from being a developer and tech passionate, I enjoy most of my time being outdoors. I love long walks, in my city and also on beautiful mountains surrounding north Italy.
I always bring my camera with me, I'm a passionate photographer! I love cooking and gardening — it's my favourite hobby, it makes me feel better and satisfied. A friend of mine once said: "Matteo, your pasta is the best pasta ever."