Projects

Desktop app to manage false-positive justifications for vulnerability findings. Designed to keep triage disciplined and auditable.

A hands-on experiment applying SRE concepts (SLI, SLO, latency, error budgets) to security controls. A small instrumented Flask API exposes Prometheus metrics for login reliability, failures, and latency, with dashboards built in Grafana. Focused on transforming AppSec risks into measurable signals.

Second lab in the SRE + AppSec observability series. Builds on the metrics from Lab 1 by adding Prometheus alerting rules, Alertmanager integration, and automatic evidence generation for ITGC controls. The small Flask app now produces security-focused alerts (login failures, latency SLO breaches, low traffic signals) and a Python script exports daily JSON evidence from Prometheus queries. A practical workflow for turning AppSec metrics into operational detection and audit-ready artifacts.

Third lab in the SRE + AppSec observability series. A Python Prometheus exporter pulls CloudTrail, GuardDuty, IAM and KMS signals directly from AWS, exposing them as real-time cloud posture metrics. Grafana visualizes the SLOs: CloudTrail logging availability, GuardDuty high-severity findings, IAM access key rotation age, and KMS customer-managed key rotation status. A practical exercise in turning cloud configuration drift and ITGC controls into measurable, operational telemetry.