About

DevSecOps | Infrastructure Security | Automation

Cloud-native security engineer focused on designing hardened infrastructure, building scalable security pipelines, and implementing pragmatic compliance automation to support secure and efficient cloud operations.

Writing & Blog

Insights on Kubernetes security, IAM hardening, incident retrospectives, and security automation: rivassec.com

Recent post: Secure Snapshot Verification in Elasticsearch

GitHub Stats

Top Language Stars Last Commit

Security-Focused Contributions

  • secure-iam-lint - CI-ready IAM policy linter to detect insecure patterns early in development
  • cf-token-links - Flask-based microservice for generating expiring access links
  • eks-rbac-audit - RBAC role analyzer for Kubernetes focused on privilege escalation detection
  • elasticsearch-tools - Hardened snapshot verification scripts with Prometheus observability
  • tw-disinfo-defense - Toolkit for investigating Twitter disinformation using OAuth automation
  • efi-bruteforce - Early research into USB-based EFI input automation (featured on Hackaday)

Professional Contributions

Work under @oliveratprimer includes:

  • Designing FedRAMP-aligned security automation pipelines
  • Deploying Zero Trust and hardened Kubernetes environments
  • Building CI/CD workflows that support compliance and audit readiness

Toolbox

  • Infrastructure: AWS, EKS, Terraform, Pulumi, CloudFormation
  • Security: IAM, RBAC, CIS Benchmarks, FIPS, Zero Trust
  • Tooling: Trivy, Checkov, Vault, CrowdStrike, GitHub Actions
  • Languages: Python, Bash, YAML (daily use), Go (familiar)

Areas of Focus

  • Scaling Kubernetes and AWS hardening efforts
  • Policy-as-code pipelines for audit-driven security automation
  • Tooling that bridges security assurance and developer velocity
  • Embedding compliance into infrastructure and CI/CD workflows
  • Reproducibility and observability in DevSecOps systems
  • secure-iam-lint - Linter for AWS IAM policies, designed to prevent privilege escalation and misconfigurations in CI pipelines.
  • eks-rbac-audit (in progress) - Kubernetes RBAC analyzer to surface overly permissive roles and privilege escalation vectors.
  • cf-token-links - Secure access link service with expiration controls, built for shareable profiles and recruiter access.
  • elasticsearch-tools - Minimal-permission scripts for verifying Elasticsearch snapshots and exposing Prometheus-style metrics.
  • tw-disinfo-defense - OAuth-driven automation toolkit for analyzing disinformation patterns on Twitter.
  • efi-bruteforce - Archival project demonstrating low-level input automation on EFI screens, featured in 2013 by Hackaday.

Security is not a feature. It is infrastructure.

All contributions are built for clarity, reproducibility, and operational reliability.