DevOps & Application Security Specialist with about 7 years building secure, scalable systems. I specialize in IAM, SIEM integration, and WAF for education and enterprise platforms.
Security & IAM: Keycloak • OAuth 2.0/OIDC • SAML • ModSecurity • Wazuh SIEM • OPA
Backend: Java (Spring Boot/Security) • Golang • Node.js • Python
Frontend: React • Angular • TypeScript
DevOps: Docker • GitHub Actions • Jenkins • Ansible
Cloud & Data: Azure • PostgreSQL • MongoDB • Redis • Elasticsearch • AWS S3
Humifortis – Deterministic & Explainable Risk Engine
A minimal, incremental, and fully explainable real-time risk engine for security decision-making across IAM, applications, and infrastructure (Continuous, Explainable Risk Assessment – CERA).
CSSO IAM Platform – Continuous SSO for Microservices
Enterprise IAM with risk-aware sessions, adaptive MFA, device fingerprinting, and comprehensive audit trails.
Custom SIEM integration for Keycloak, Shibboleth, and Moodle with real-time anomaly detection and security signal correlation.
Golang + React application with policy-driven automation, integrity verification, and encrypted multi-cloud backups.
Lightweight web-based SPA (React + Golang) for inspecting, organizing, and validating AcroForm PDF fields using custom naming conventions — no database required and free to use.
Deploying and customizing Keycloak, Wazuh, ModSecurity, Moodle, and Odoo in production environments.
I focus on cybersecurity, with a special emphasis on access control optimization and continuous authentication. My research publications cover Organization-Based Access Control (ORBAC), correct-by-construction access control, and big data security — available at tsognong.me.
I am actively developing Humifortis, a deterministic and explainable real-time risk engine for security decision-making across IAM, applications, and infrastructure — available at humifortis.educosmic.tech.
I am also passionate about writing on cybersecurity topics, sharing insights and tutorials at Medium.