Securing Software,by Design
I specialize in Application Security, DevSecOps, and Secure SDLC. I build robust security pipelines, conduct threat models, and help engineering teams ship confidently secure software.
8+
Years in AppSec
100+
Code Reviews
50+
Repos Secured
What I Do
Core Competencies
Secure SDLC Integration
Embedding security natively into developer workflows — from design reviews to pre-merge SAST checks — without slowing delivery.
Threat Modeling
Architecting systems with security in mind using STRIDE methodology, data-flow diagrams, and trust boundary analysis.
DevSecOps Automation
Operationalizing SAST, DAST, and SCA scanning across CI/CD pipelines at scale with Semgrep, Trivy, and GitHub Advanced Security.
Penetration Testing
Comprehensive black-box and white-box assessments of web applications, APIs, and mobile apps to uncover critical vulnerabilities.
Cloud Security
Hardening cloud infrastructure across AWS, Azure, and GCP with IaC scanning, runtime protection, and compliance automation.
Security Architecture
Designing defense-in-depth architectures with zero-trust principles, secure API gateways, and encrypted data pipelines.
From the Blog