About โ Alfred Gamulo
๐ Hi, Iโm Alfred!
I am a Principal Engineer with a deep-rooted obsession for security across cloud infrastructure, compliance, and application domains. I donโt just write code: I build tools that keep the digital world a little safer.
๐ก๏ธ What I Do
My journey has taken me through some incredible security challenges. Here is a snapshot of my focus areas:
- Cloud Security: Iโve spent years securing AWS environments, from contributing to Cloud Custodian to developing cloud-native HSMs at AWS CloudHSM.
- Vulnerability Management: At AWS Inspector, I built modules to help users hunt down security flaws in EC2 hosts and Lambda containers.
- Infrastructure & FinOps: Most recently at Take-Two, I bridged the gap between security and operations by building a custom CMDB solution to oversee cloud-deployed assets.
- System Engineering: I enjoy building and maintaining my own computing environment, QuantumQat, which is my custom-tailored, immutable operating system.
- SaaS Delivery: I enjoy the challenge of account provisioning and product delivery pipelines, especially when they empower users to understand their own compliance.
๐ฉ The โHackerโ Side
When I am not at my desk, I am usually deep in the security community. I believe in continuous learning and giving back to the scene:
- Community Leader: I serve as an organizer and Discord Moderator for RVAsec and help co-author the conference-wide cryptography contest for ShmooCon.
- Active Member: For the last decade, I have been a constant face at NovaHackers and the HackerAssociation, sharing talks and trading knowledge.
- CTF Competitor: I love the thrill of the hunt. I have taken 1st place in both Wireless and Embedded CTFs at DEF CON.
๐ Hall of Fame
- DEF CON Black Badge Winner (2024): Part of the winning team for hacking IoT devices.
- CTF Documentation: You can find my research and activity over at CTFdeets.
- Open Source: I enjoy polishing the tools we all use, whether it is enhancing PyKCS11 or refactoring AES implementations for the AWS CloudHSM community.
๐ ๏ธ Tech Stack
| Domain | Tools |
|---|---|
| Cloud | AWS (HSM, Inspector, Custodian), Cloud Infrastructure |
| Security | PKCS, Encryption, IoT Hacking, Vulnerability Research |
| DevOps | Account Provisioning, Product Pipelines, SaaS Delivery |
๐ซ Letโs Chat
I am always looking for new puzzles to solve and security objectives to tackle. If you want to talk shop about cloud-native security or exchange CTF tips, letโs connect!
๐ Socials:
๐ GitHub Stats: