// PROJECTS

Side quests

Things I build and break outside the day job.

CI/CD Security · 2024

Pipeline Security Automation with Semgrep

GitHub Action automating static code analysis with custom Semgrep rules, with a gating mechanism that blocks merges on detected vulnerabilities — enforcing security compliance before production.

Semgrep · GitHub Actions · SAST

Offensive Tooling · 2024

Secrets Detection Tool

Python tool that identifies exposed credentials across large codebases, simulating attacker reconnaissance. Live API validation filters expired tokens to keep detection precision high.

Python · API validation · Recon

Writing

Enterprise AI Security, in practice

Writing about what enterprise AI security actually looks like day to day — gateways, guardrails, governance, and the OWASP LLM Top 10 — on Substack.

Substack

CTF

TryHackMe

Staying sharp offensive-side through CTF challenges and hands-on labs.

tryhackme.com/p/drumin ↗