Cybersecurity Engineer focused on security automation, vulnerability management, and trustworthy AI-assisted systems.

I build tools that help security teams and developers make better decisions through automation, structured data, and explainable assistance while maintaining transparency, auditability, and operator control.

My background spans vulnerability operations, DevSecOps, application security, infrastructure security, and embedded systems security across large-scale and security-critical environments.

• Security Automation & Orchestration
• Vulnerability Management & Risk Prioritization
• Trustworthy AI-Assisted Systems
• DevSecOps & Secure CI/CD
• Application & Infrastructure Security
• Deterministic Security Workflows

I'm currently building open-source security and AI-assisted tooling at CyberSecAuto Labs (CSAL).

Self-hosted MCP server providing AI agents with structured access to OpenVAS / Greenbone.

• No telemetry
• Credential isolation between clients and the scanner
• Raw scan data returned without modification

A thin, auditable bridge. Analysis and reporting belong in the agent or in higher-level platforms.

Network egress auditing for test execution.

Define allowed outbound connections, run your tests, and get a clear pass/fail report.

• Detect unintended external calls
• Prevent data exfiltration during execution
• Enforce network behavior policies in CI/CD

Make network behavior explicit, testable, and auditable.

Manage AI context files (CLAUDE.md, AGENTS.md, .cursor/rules) privately, kept out of your project repository, synced across your machines.

• Keep personal AI context out of shared repositories, where it doesn't belong
• Sync AI workflows across machines without exposing personal or client-specific notes
• Own your data using a standard Git remote you control

For developers who depend on AI tooling but cannot commit the context that makes it effective.

Self-hosted vulnerability triage engine built on DefectDojo.

Deterministic logic scores and prioritizes findings. A local LLM explains the decisions, it never makes them.

• Know what to fix first, with an auditable reason why
• AI-generated context grounded in real data, not hallucinations
• Vulnerability data and inference stay on your infrastructure

Security decisions remain deterministic, transparent, and reviewable.

• Trustworthy AI-Assisted Systems
• Security Automation & Orchestration
• Deterministic Decision Engines
• Local-First AI Workflows
• Auditable Software Execution
• Machine-Readable Security Data Pipelines

Some of my earlier work, including Ledger applications and blockchain-related projects from my time at Blooo, can be found here:

👉 https://github.com/Z4karia

• 📧 Email: zakaria@cybersecauto-labs.org
• 💼 Organization: https://cybersecauto-labs.org