アカサタナハマヤラワイキシチニヒミリウクスツヌフムユルエケセテネヘメレオコソトノホモヨロアカサタナハマヤラワイキシチニヒミリウクスツヌフムユルエケセテネヘメレオコソトノホモヨロアカサタナハマヤラワイキシチニヒミリウクスツヌフムユルエケセテネヘメレオコソトノホモヨロアカサタナハマヤラワイキシチニヒミリ

Alberto Galán

DevSecOps · AppSec · Pentesting · Cloud Security

DevSecOpsAppSecPentestingCloud SecuritySecure CI/CDSAST/DAST

Get in Touch View Skills

About Me

Defending and securing digital systems with modern cybersecurity engineering

I’m Alberto Galán, a cybersecurity engineer specializing in DevSecOps, AppSec, Cloud Security, and Pentesting. With over 4 years of experience across Europe, LatAm, and the U.S., I help companies build secure software pipelines and strengthen their security posture.

My expertise covers the full S-SDLC—SAST, DAST, SCA, IaC security, secure CI/CD gates, cloud hardening, and automated threat detection. I design security workflows that reduce vulnerabilities, support compliance (GDPR, ISO 27001), and empower engineering teams to deliver safer and faster.

I’ve also worked in penetration testing, digital forensics, and security automation using Python, Bash, Go, JavaScript, Terraform and modern DevOps tooling. My approach blends offensive and defensive techniques to secure applications, cloud environments, and CI/CD pipelines.

In recent years, I’ve also incorporated AI Security and LLM Safety into my work evaluating AI model integrations, preventing prompt-based risks, securing data flows, and designing policies for responsible AI usage. I leverage AI-assisted security automation to enhance code review efficiency, accelerate vulnerability analysis, and support scalable threat-detection workflows across engineering teams.

Today, I work as a Freelance DevSecOps Engineer, helping companies implement security engineering that actually works in real environments, not just on paper.

Security Services

Modern cybersecurity services to protect digital assets and strengthen your security posture

DevSecOps Engineering

Security embedded across CI/CD pipelines with automated SAST, SCA, DAST, policy-as-code, artifact signing and secure GitHub/GitLab workflows.

Application Security (AppSec)

Secure SDLC, OWASP ASVS, threat modeling, secure code review, API hardening and remediation guidance for engineering teams.

Cloud Security

Secure-by-design cloud architecture, IAM hardening, Kubernetes RBAC, network segmentation and monitoring across AWS, Azure and GCP.

IaC Security (Terraform)

Secure Terraform reviews using TFSec, Terrascan and KICS. Misconfiguration detection, sensitive variable protection and secure module patterns.

Web & API Penetration Testing

Controlled offensive assessments for web apps and APIs: OWASP Top 10 testing, exploitation analysis and detailed remediation reporting.

OSINT & Attack Surface Monitoring

Continuous discovery of exposed assets, subdomains, services and leaked credentials using Shodan, Censys and automated OSINT tooling.

Cybersecurity Training & Workshops

Hands-on training for technical and non-technical teams: secure coding, DevSecOps, AppSec fundamentals and security awareness sessions.

AI Security & LLM Safety

Security assessments for AI integrations: prompt safety, data leakage prevention, key protection, access control and AI usage policies.

Skills & Expertise

Technical capabilities that support modern cybersecurity engineering and secure software delivery.

DevSecOps Automation

Experience building secure CI/CD pipelines with automated SAST, SCA, DAST, artifact signing, secret scanning and policy-as-code.

Application Security (AppSec)

Strong knowledge of OWASP ASVS, API Security, threat modeling, secure coding practices and vulnerability remediation workflows.

Web & API Pentesting

Skilled in manual and automated testing against modern applications: authentication flaws, API logic abuse, access control, and OWASP Top 10.

Cloud Security Engineering

Hands-on expertise in hardening AWS, Azure and GCP environments: IAM, Kubernetes RBAC, network segmentation and zero-trust models.

Infrastructure as Code (Terraform) Security

Auditing Terraform for insecure configurations using TFSec, KICS and Terrascan. Implementing secure module patterns and policy enforcement.

AppSec Maturity & Governance (OWASP SAMM)

Capability to evaluate AppSec posture, identify gaps, conduct SAMM assessments and design realistic security improvement roadmaps.

Security Training & Awareness

Delivering training for engineering teams and non-technical staff: secure coding, DevSecOps fundamentals and general cybersecurity hygiene.

Public Exposure & OSINT Monitoring

Knowledge of OSINT tooling (Shodan, Censys, SecurityTrails) to detect exposed assets, leaked credentials and external attack surface risks.

AI-Assisted Security Automation

Leveraging AI-powered tools to enhance vulnerability analysis, automate security workflows, improve code review efficiency and support threat detection.

Security Lab

Conceptual cybersecurity experiments, engineering notes and high-level research — no sensitive code or exploits exposed.

CI/CD Security Lab

Secure pipeline concepts: SAST, SCA, DAST, artifact integrity, supply chain hardening and automated controls.

Application Security Lab

Conceptual demos of vulnerabilities, secure design patterns, misuse cases and mitigation strategies.

Cloud Security Lab

AWS/Azure conceptual hardening, IAM design patterns, and real-world architecture review examples.

Security Automation

Examples of how security engineering automates analysis, validation and monitoring at scale.

Infrastructure & IaC Security

Secure patterns for Terraform and Kubernetes, risk analysis and architecture diagrams.

Exposure & OSINT Monitoring

High-level methodology for external attack surface monitoring and digital exposure analysis.