Skip to main content

Updated July 2026

Now

What I'm working on this month. Application Security Engineer in Charleston, SC, with 5+ years of software engineering behind me.

Working on

  • Working through SANS SEC504 toward GCIH. Building the labs into this site: live PowerShell investigation, RITA beacon detection, and Nmap discovery.
  • PortSwigger BSCP prep. Web pentesting is a skill I keep sharp, not my identity.
  • Building llm-audit. Five OWASP LLM Top 10 rules shipped in v0, more coming for the TS/JS ecosystem Semgrep's official AI pack does not cover.
  • Studying for AWS Security Specialty (SCS-C02), target Sept 2026. IAM least-privilege, CloudTrail detection, and Cognito hardening against enumeration.

Certifications

GIAC GSECPassedMarch 2026
GIAC GFACTPassedJan 2026
SANS Foundations AlumniPassedDec 2025
GIAC GCIH (SEC504)In progress2026
PortSwigger BSCPIn progressTarget Sept 2026
TCM PWPA (Web Pentest)In progress2026
AWS Security Specialty (SCS-C02)In progressTarget Sept 2026
AWS Solutions Architect Associate (SAA-C03)PlannedLater

Open to

Application Security, Product Security, and AI Security roles. Remote. I reply within 24 hours to recruiters and hiring managers.

Now — What I'm working on | Luis Javier Lozoya