Skip to content
View nazufel's full-sized avatar

Block or report nazufel

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
nazufel/README.md

Hello There πŸ‘‹

My name is Ryan. I like solving problems and breaking things.

My current focus is AI security from both sides.

Building and governing it: At work, my team governs enterprise AI usage through a managed gateway with RBAC-controlled MCP connections, tool-call observability, and allow-listed skills. I recently shipped an agentic AI security bot (Python, Claude on Bedrock) that triages cloud security findings and opens remediation PRs, wrapped in a custom harness I built to enforce scoped tool access, call limits, and human escalation. I've also written my own MCP server to extend an LLM into an environment it couldn't natively reach β€” real-time Xcode build errors and console output, exposed to Cursor over MCP.

My working philosophy:

You don't bring AI into your world. You give parts of your world to AI in its own world.

Breaking it: I'm taking the AI Red Teamer path on Hack The Box and run security assessments against local OSS models like jailbreaking, prompt injection, and bypassing security controls using:

  • Ollama β€” runs models locally
  • Garak β€” vulnerability scanner for LLMs
  • PyRIT β€” automated testing of AI security risks

I currently work at dbt Labs as a Senior Product Security Engineer. I collaborate with engineering and business stakeholders at the design and implementation phases of feature development, ensuring we shift left and think about security from the start. I help lead incident response practices to lower mean time to acknowledge and resolve, build security tooling, harden IAM, and respond to Wiz and Expel alerts. There's always something new to do.

Daily production tools:

I've spent nearly ten years building distributed systems in the public clouds and I'm always the security champion, whether in DevOps, SRE, or development. Now I do security full-time, and I'm loving it.

Talks I've given:

πŸ“« Best way to reach me: email

πŸ˜„ Pronouns: he/him

Pinned Loading

  1. xcode-errors-mcp xcode-errors-mcp Public

    An MLOps pipeline using MCP server to expose Xcode errors to an LLM

    Python

  2. owasp-top-ten-meetup-notes owasp-top-ten-meetup-notes Public

    Meetup Notes for the OWASP Top Ten Demo

  3. 2021-devhouse 2021-devhouse Public

    Demo code used in the Devhouse 2021 talk.

    HCL

  4. ansible-demo-2022 ansible-demo-2022 Public

    Introduction Example to Ansible

    Jinja 2

  5. kubernetes-troubleshooting-demo kubernetes-troubleshooting-demo Public

    Demo code walking through various Kubernetes troubleshooting scenrios.

    Go