Skip to content
View rivassec's full-sized avatar
🎯
Focusing
🎯
Focusing
36 followers · 2 following
  • Bay Area, CA

Achievements

Achievement: Pull Sharkx3

Achievements

Achievement: Pull Sharkx3

Block or report rivassec

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Please don't include any personal information such as legal names or email addresses. Maximum 100 characters, markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
rivassec/README.md

DevSecOps | Infrastructure Security | Automation

Cloud-native security engineer focused on designing hardened infrastructure, building scalable security pipelines, and implementing pragmatic compliance automation to support secure and efficient cloud operations.

📄 Writing & Blog

Insights on Kubernetes security, IAM hardening, incident retrospectives, and security automation: 🔗 rivassec.com

📝 Recent post: Secure Snapshot Verification in Elasticsearch

📊 GitHub Stats

Top Language Stars Last Commit

🔐 Security-Focused Contributions

  • secure-iam-lint — CI-ready IAM policy linter to detect insecure patterns early in development
  • cf-token-links — Flask-based microservice for generating expiring access links
  • eks-rbac-audit — RBAC role analyzer for Kubernetes focused on privilege escalation detection
  • elasticsearch-tools — Hardened snapshot verification scripts with Prometheus observability
  • tw-disinfo-defense — Toolkit for investigating Twitter disinformation using OAuth automation
  • efi-bruteforce — Early research into USB-based EFI input automation (featured on Hackaday)

💼 Professional Contributions

Work under @oliveratprimer includes:

  • Designing FedRAMP-aligned security automation pipelines
  • Deploying Zero Trust and hardened Kubernetes environments
  • Building CI/CD workflows that support compliance and audit readiness

🛠️ Toolbox

  • Infrastructure: AWS, EKS, Terraform, Pulumi, CloudFormation
  • Security: IAM, RBAC, CIS Benchmarks, FIPS, Zero Trust
  • Tooling: Trivy, Checkov, Vault, CrowdStrike, GitHub Actions
  • Languages: Python, Bash, YAML (daily use), Go (familiar)

📊 Areas of Focus

  • Scaling Kubernetes and AWS hardening efforts
  • Policy-as-code pipelines for audit-driven security automation
  • Tooling that bridges security assurance and developer velocity
  • Embedding compliance into infrastructure and CI/CD workflows
  • Reproducibility and observability in DevSecOps systems

📈 Featured Projects

  • secure-iam-lint — Linter for AWS IAM policies, designed to prevent privilege escalation and misconfigurations in CI pipelines.
  • eks-rbac-audit (in progress) — Kubernetes RBAC analyzer to surface overly permissive roles and privilege escalation vectors.
  • cf-token-links — Secure access link service with expiration controls, built for shareable profiles and recruiter access.
  • elasticsearch-tools — Minimal-permission scripts for verifying Elasticsearch snapshots and exposing Prometheus-style metrics.
  • tw-disinfo-defense — OAuth-driven automation toolkit for analyzing disinformation patterns on Twitter.
  • efi-bruteforce — Archival project demonstrating low-level input automation on EFI screens, featured in 2013 by Hackaday.

Security is not a feature. It is infrastructure.

All contributions are built for clarity, reproducibility, and operational reliability.

Pinned Loading

  1. secure-iam-lint secure-iam-lint Public

    Python-based linter for AWS IAM policies to catch insecure configurations

    Python 2

  2. efi-bruteforce efi-bruteforce Public

    Automates EFI password input using Teensy-based USB HID brute-force

    C++ 3

  3. eks-rbac-audit eks-rbac-audit Public

    Audit tool for detecting risky RBAC permissions in EKS clusters