CI/CD Security · 2024
Pipeline Security Automation with Semgrep
GitHub Action automating static code analysis with custom Semgrep rules, with a gating mechanism that blocks merges on detected vulnerabilities — enforcing security compliance before production.
Semgrep · GitHub Actions · SAST
Offensive Tooling · 2024
Secrets Detection Tool
Python tool that identifies exposed credentials across large codebases, simulating attacker reconnaissance. Live API validation filters expired tokens to keep detection precision high.
Python · API validation · Recon
Writing
Enterprise AI Security, in practice
Writing about what enterprise AI security actually looks like day to day — gateways, guardrails, governance, and the OWASP LLM Top 10 — on Substack.
Substack
CTF
TryHackMe
Staying sharp offensive-side through CTF challenges and hands-on labs.
tryhackme.com/p/drumin ↗