Security Engineer | Platform security, cloud defense automation, and security-focused open source
Public work I can explain deeply: Kubernetes hardening, WAF automation, and security-focused contributions to open-source security tooling.
- Public project: K8s Security Baseline -- CIS benchmark audit automation, RBAC templates, network policies, and SOC 2-aligned reporting
- Public project: AWS WAF Security Framework -- Terraform modules for AWS WAF v2 with bot protection, rate limiting, and eCommerce-focused rules
- Open-source contributor: PentAGI -- merged PRs across OAuth hardening, runtime reliability, test coverage, observability, and Docker Compose infrastructure
- Open-source contributor: Trivy -- test coverage contributions for container and IaC security scanning
- Open-source contributor: Strix -- documentation fixes and bug triage for AI pentesting agents
- PentAGI -- Contributor, not owner. Selected merged PRs across OAuth hardening, runtime reliability, Docker Compose health checks, and broad test coverage for core packages. Stack: Go, TypeScript, GraphQL.
I use GitHub to show public projects I can defend in detail and merged upstream work that has third-party validation.
| Project | Contribution Focus | Stack |
|---|---|---|
| PentAGI | Contributor, not owner. Selected merged PRs include OAuth hardening (#120, #125, #127), runtime and reliability fixes (#150, #151, #152, #178, #179), CA private key cleanup (#168), Docker Compose health checks (#243), and test coverage across search tools, config, terminal, providers, graph/server context, schema validation, Langfuse, and Graphiti (#153, #170-#172, #189, #199-#202, #213-#214, #230-#244). | Go, TypeScript, GraphQL |
| Trivy | Test coverage contributions for vulnerability and IaC scanning packages. | Go |
| Strix | Documentation fixes and bug triage for AI pentesting agents. | Python, Docker, LLM |
- Security and auth hardening: OAuth GET callback state enforcement (#120), required field validation in OAuth state parsing (#125), missing return fix in OAuth callback redirect (#127), and CA private key cleanup after certificate signing (#168).
- Runtime and reliability: browser tool graceful degradation on screenshot failure (#150),
http.DefaultClientmutation guard in search tools (#151), error propagation inGetToolcontainer lookup (#152), repeating tool-call infinite loop fix (#178), detached command context isolation (#179), and pgvector Docker Compose health checks (#243). - Test coverage and maintainability: search tools (#153), executor helpers and terminal utilities (#172), provider coverage (#189), config and terminal packages (#199-#200), response and embeddings packages (#201-#202), graph and server context helpers (#213-#214), server models and schema validation (#230-#231), Langfuse coverage (#241-#242), and Graphiti client coverage (#244).
| Certification | Issuer | Valid |
|---|---|---|
| Certified Ethical Hacker (CEH) | EC-Council | 2025-2028 |
| Terraform Associate (004) | HashiCorp | Current |
| CASE Java (Application Security) | EC-Council | 2024-2027 |
| Degree | Institution | Status |
|---|---|---|
| MS Cybersecurity | Georgia Institute of Technology | Expected 2026 |
