██████╗ ██╗ ██╗██╗██╗ ██╗██╗
██╔════╝ ██║ ██║██║██║ ██╔╝██║
╚█████╗ ███████║██║█████╔╝ ██║
╚═══██╗ ██╔══██║██║██╔═██╗ ██║
██████╔╝ ██║ ██║██║██║ ██╗██║
╚═════╝ ╚═╝ ╚═╝╚═╝╚═╝ ╚═╝╚═╝
shiki = {
"role": "Web Application Security Engineer @ Exfil Security (US · Remote)",
"focus": ["Web & API Pentesting", "AI-Powered Systems", "Cloud-Native Dev"],
"origin": "Colombia 🇨🇴",
"mindset": "I built the castles — now I find the cracks in them.",
"off-duty": ["Anime", "Medieval fantasy", "Gaming"],
}I'm a security engineer with a developer's brain. Before pivoting into AppSec, I designed and shipped full-stack cloud-native applications end-to-end — from architecture to AWS deployment. That background is what makes my pentesting different: I understand how the code actually works, so I know exactly where it breaks.
Currently performing enterprise web application security assessments for Fortune 500-scale clients, testing authentication flows, authorization logic, complex API chains, and cloud-native architectures.
Web application & API pentesting · Authentication & authorization bypass · Business logic testing · Vulnerability chaining · Manual request manipulation · Thick-client testing (training) · Developer-friendly report writing
ECS/Fargate · EC2 · S3 · DynamoDB · Lambda · CloudWatch · IAM · VPC
RAG pipelines · LangGraph · LlamaIndex · Vector databases · LSTM networks · scikit-learn · Fuzzy logic · AI-assisted dev (Claude Code · GitHub Copilot)
🔒 Sentinel — Vulnerability Scanning Platform
A security-focused scanning platform built to detect and surface web application vulnerabilities. Designed with an AppSec-first mindset after hands-on pentesting experience with real enterprise targets.
Python FastAPI Security Tooling
⚔️ DnD-AI — AI Dungeon Master
Over 10 million D&D sessions fail to happen each year — because there's no Dungeon Master. DnD-AI replaces the DM with an AI that generates the story, enemies, and map in real time.
- 🗺️ Real-time map visualization
- 🎨 AI-generated scene imagery (OpenAI / HuggingFace)
- 🧠 Natural language action interpretation via Google Gemini
- ⚔️ Full game loop: characters, combat, inventory, campaigns
Django Python Gemini API OpenAI API LangChain
🏗️ Poneglyph Reduce — Distributed MapReduce System
A Hadoop/Spark-inspired MapReduce system built from scratch across three heterogeneous languages. One Piece-themed architecture: Road-Poneglyph (Master · Java), Poneglyph (Workers · C++), Clover (Client · Python).
- 📡 gRPC for Master ↔ Worker communication
- 🔀 Full shuffle/partition pipeline with hash-based key routing
- 📊 Real-time React dashboard with MQTT telemetry
- 🔧 Fault tolerance: task timeouts, worker heartbeats, automatic re-queuing
- 💾 Redis state persistence
- 🐳 Full Docker Compose cluster
Java C++ Python React TypeScript gRPC MQTT Redis Docker
🌍 3D Real Estate Platform
Immersive real estate exploration using 3D environments. Users can navigate and interact with properties through a rich visual experience, built with Three.js and Next.js.
Three.js Next.js React GSAP
📰 Fake News Detection Pipeline
Distributed real-time fake news classification using streaming data infrastructure. Ingests articles via Kafka, processes with Spark, and indexes results into OpenSearch.
Apache Kafka Apache Spark OpenSearch Python MLOps
🤖 More Projects
| Project | Stack | Description |
|---|---|---|
| AI Travel Planner | Python · FastAPI · LLM | AI-powered itinerary generation |
| Parking Forecasting | skforecast · GitHub Actions | Time-series demand prediction with CI/CD |
| MLOps Iris Pipeline | FastAPI · GCP · sklearn | End-to-end ML pipeline on Google Cloud |
| E-commerce (Moto Detailing) | NestJS · Next.js · PlaceToPay | Full store with payment gateway |
| BIM Project Management | Full-Stack | System for electrical engineering firms |
| MQTT Broker from Scratch | C | Custom protocol implementation |
| WhatsApp/Messenger Chatbots | Python · APIs | Automated customer conversation flows |
| sebastian-salazar-osorio | |
| sebasalazaro@gmail.com | |
| 🌎 Location | Colombia · Open to Remote |
"Security is about understanding systems — sometimes you need to explore the dungeon to find the flaw in the castle walls."