SECUREPATH

Security

This page documents my security thinking and implementation: architecture, API/cloud controls, and evidence-backed labs.

Security ArchitectureAPI SecurityCloud SecurityZero TrustThreat ModelingDetection & ResponseEvidence / Writeups
In Progress

This section is being built out

I’m actively adding diagrams, controls, and lab evidence here. The structure below is intentionally set up so it’s easy to expand as I complete more labs and projects.

View projects →View skills →View roadmap →Read blog →
Security Architecture Snapshot

How I think about protecting systems

A quick scan of my trust boundaries, top risks, core controls, and where evidence will live as this portfolio grows.

See what’s next →
Snapshot

Trust Boundaries

Where trust changes and controls must be enforced.

  • User / device → application entry (identity + session controls)
  • UI → API boundary (authz, validation, rate limits)
  • API → data boundary (least privilege, encryption, auditing)
  • Admin / privileged access (MFA, conditional access, approvals)
  • Third-party integrations (tokens, webhooks, scoped permissions)
Planned: diagram of boundaries + data flows (UI → API → data).
Snapshot

Top Risks

The most common failure modes I design against.

  • Over-permissioned IAM roles and service accounts
  • Broken authorization / IDOR in APIs
  • Token leakage (logs, browser storage, CI/CD secrets)
  • Misconfigurations (public buckets, open security groups, weak defaults)
  • Insufficient logging for forensics and incident response
Planned: threat model summary + mitigations mapped to controls.
Snapshot

Core Controls

The controls I prioritize for real-world coverage.

  • Identity-first: MFA + least privilege + scoped roles
  • Segmentation and firewall rules (trust boundary enforcement)
  • Secure API patterns: validation, authz checks, rate limiting
  • Centralized logging + alerting (actionable signals, not noise)
  • Patch and vulnerability workflow (scan → fix → verify)
Skills map →Project proof →
Snapshot

Evidence & Artifacts

Proof that controls were implemented and verified.

  • Lab reports with screenshots and rationale (what/why/result)
  • Configs: firewall rules, hardening changes, logging settings
  • Scan results + remediation notes (before/after)
  • Writeups mapped to frameworks (MITRE ATT&CK / CIS Controls)
  • Architecture notes: assumptions, scope, non-goals, risks
Read writeups →Roadmap →
ARCH

Security Architecture

How I design security: trust boundaries, least privilege, segmentation, and control mapping (what the control is, where it lives, and how it’s verified).

Placeholder
Add: high-level architecture diagram + trust boundaries (UI → API → data) + threat model summary.
Placeholder
Add: Zero Trust approach (identity-first, device posture, continuous evaluation).
API

API Security

Practical API protections: authentication/authorization patterns, token handling, input validation, rate limits, and monitoring signals that actually matter.

Placeholder
Add: API gateway patterns, OAuth/JWT notes, secure headers, and abuse prevention.
Placeholder
Add: examples from your projects (endpoints, auth flow, logging strategy).
CLOUD

Cloud Security

Cloud IAM, least privilege, guardrails, and detection. Focus on preventing misconfigurations and enforcing secure defaults.

Placeholder
Add: IAM strategy, role boundaries, secrets management, logging/monitoring.
Placeholder
Add: shared responsibility and how you validate controls (evidence + tests).
LAB

Labs & Evidence

This is where screenshots, configs, and writeups live — the “proof” behind the claims. Evidence-first documentation is what makes a portfolio defensible.

Placeholder
Add: links to lab reports (Wazuh/Nessus/VyOS segmentation/hardening) and screenshots.
Placeholder
Add: 'What I did / Why / Result / Evidence' format for each lab artifact.

What’s coming next

These upgrades will make this page feel like a living security design doc.

  • Architecture diagram (trust boundaries + data flows)
  • Threat model summary (top risks + mitigations)
  • Evidence badges (links to lab reports, screenshots, configs)
  • Security controls library (what/where/how verified)
  • Case studies mapped to frameworks (MITRE ATT&CK, CIS Controls)
See roadmap →About me →Contact →