DevOps / DevSecOps / Cloud Platform Engineer | Kubernetes, Terraform, CI/CD, AWS, security automation, observability, and incident response
I build production-oriented cloud platforms and policy-bounded AI security systems: Kubernetes platforms, CI/CD automation, observability, security guardrails, and secure model delegation.
- Production platform engineering: built and improved cloud and Kubernetes platform capabilities, CI/CD pipelines, observability, and security automation for production workloads. See Production DevOps Portfolio: Cloud Platform and DevSecOps Engineering.
- AI security research: Secure Model Delegation -- policy-bounded local-to-cloud LLM fallback with target-specific disclosure policy, sanitization, routing, response verification, and audit logging
- Contributing to: PentAGI -- contributor, not owner. Selected merged PRs across OAuth hardening, runtime reliability, Docker Compose health checks, and broad test coverage for core packages
- Contributing to: Strix (21.1K+ stars) -- AI pentesting agents, reconnaissance skill docs and bug triage
| Project | Description | Stack |
|---|---|---|
| Production DevOps Portfolio: Cloud Platform and DevSecOps Engineering | Production DevOps portfolio covering AWS infrastructure, Terraform, Kubernetes platform operations, CI/CD, GitOps delivery, observability, IAM hardening, WAF/security controls, incident response, and cost optimization. | AWS, Kubernetes, Terraform, GitHub Actions, ArgoCD, Docker, Prometheus, Grafana |
| Secure Model Delegation | Policy-bounded controller for local/private-to-cloud LLM fallback using synthetic enterprise requests. Applies hard disclosure policy before delegation, sanitizes denied spans, captures delegated payloads, and evaluates leakage, routing accuracy, and utility. | Python, FastAPI, YAML policy, synthetic benchmarks |
Secure Model Delegation is my current AI security research focus: how a trusted local or private AI system can safely delegate selected text requests to a less-trusted cloud LLM while enforcing target-specific confidentiality policy.
The work centers on threat modeling, disclosure-policy design, request sanitization, routing controls, response verification, audit logging, and leakage/utility evaluation with synthetic enterprise scenarios.
Active contributor to security-focused open-source projects. Listed as a contributor in PentAGI v1.2.0 release.
| Project | Stars | Contributions | Stack |
|---|---|---|---|
| PentAGI | 15K+ | Contributor, not owner. Selected merged PRs include OAuth hardening (#120, #125, #127), runtime and reliability fixes (#150, #151, #152, #178, #179), CA private key cleanup (#168), Docker Compose health checks (#243), and test coverage across search tools, config, terminal, providers, graph/server context, schema validation, Langfuse, and Graphiti (#153, #170-#172, #189, #199-#202, #213-#214, #230-#244). | Go, TypeScript, GraphQL |
| Strix | 21.1K+ | Reconnaissance skill docs, Discord badge fix, Windows compatibility, bug triage | Python, Docker, LLM |
| Certification | Issuer | Valid |
|---|---|---|
| Certified Ethical Hacker (CEH) | EC-Council | 2025-2028 |
| Terraform Associate (004) | HashiCorp | Current |
| CASE Java (Application Security) | EC-Council | 2024-2027 |
| Degree | Institution | Status |
|---|---|---|
| MS Cybersecurity | Georgia Institute of Technology | Expected December 2026 |
