Kino
Cybersecurity Engineer, Security Architecture, Product Management
I'm a cybersecurity professional with expertise in security engineering and automations, architecture, and product management. I specialize in building secure systems, conducting risk assessments, and leading security R&D initiatives to protect organizations from evolving threats.
About Me
Location
Manila, Philippines
Experience
13+ Years
Focus
Cybersecurity & Security Engineering
My Experience
Professional journey in cybersecurity and technology
Head, Security Engineering & Automation
Leading security automation initiatives across enterprise systems, designing secure cloud infrastructures, and establishing security DevOps. Managing cross-functional teams to implement secure by default and DevSecOps processes.
Head, Security R&D and Product Management
Managed security product technology roadmap, conducted market research and analysis for new security tools, and collaborated with architecture and engineering teams to develop technical security architecture blueprint for security solutions. Led security R&D initiatives for proof-of-concepts and manage security tools operational business benefits for renewal and utilization of licenses.
Security Architect
Implemented security controls, conducted security risk assessments, and developed security architecture design and blueprints. Performed security risk assessments on critical infrastructure systems.
Lead Solution Designer
Overall Lead of Solution Design and Implementation for Globe Telecom's Digital Applications, end-to-end software development and lifecycle delivery. From planning, design, development, testing, deployment, and maintenance.
Solution Designer
Solution Design and Implementation for Globe Telecom's Enterprise Applications, end-to-end software development and lifecycle delivery. From planning, design, development, testing, deployment, and maintenance.
Systems Analyst
Vendor employee deployed in Globe as a Subject Matter Expert for Globe Telecom's Enterprise Applications, end-to-end software development and lifecycle delivery. From planning, design, development, testing, deployment, and maintenance.
QA Analyst
Vendor employee deployed in Globe as a QA Analyst for Globe Telecom's Enterprise Applications, quality assurance testing design and analysis, test cases, test plans, test reports, and test results.
QA Analyst
QA Analyst for mobile applications developement, quality assurance testing design and analysis, test cases, test plans, test reports, and test results.
My Skills
Security Architecture
Security Engineering
Programming & Automation
Security Tools & Platforms
Compliance & Governance
My Projects
Open source projects from GitHub and GitLab showcasing my expertise in cybersecurity tools, AI/ML, DevOps automation, and full-stack development
Kino MCP Project
A simple Model Context Protocol (MCP) implementation featuring a secure FastMCP server with OAuth 2.0 authentication and a modern React frontend. This project demonstrates how to build authentication features when AI assistant tools like Claude Code authenticate user management before using the MCP tools.
AI Agent with Calculator & File Operations
Comprehensive Python-based AI agent featuring calculator functionality, file operations, and Python code execution capabilities. Built with modular design and comprehensive documentation following Python best practices.
Downloads Folder Organizer
Robust Python script that automatically organizes Downloads folder by categorizing files into appropriate directories. Features smart duplicate handling, comprehensive logging, and support for 25+ file types with Pylint-compliant code.
Asteroids Game
Python implementation of the classic Asteroids arcade game using Pygame. Features player ship controls, shooting mechanics, destructible asteroids, score system, and screen wrapping for authentic arcade experience.
BookBot Text Analyzer
My first Boot.dev project - a Python text analysis tool for processing and analyzing book content. Built as part of learning fundamental programming concepts and file operations.
VSCode Git Integration Tool
Development tool built with HTML and JavaScript to enhance Git workflow integration within Visual Studio Code. Focuses on improving developer productivity and version control management.
Kubernetes Infrastructure Management
Infrastructure as Code project focused on Kubernetes cluster management and container orchestration. Demonstrates cloud-native development and DevOps practices.
Security Risk Assessment Platform (PSRA)
Private security project focused on automated risk assessment and compliance monitoring. Demonstrates advanced security engineering and risk management capabilities.
Firewall Management System
Private security infrastructure project for advanced firewall configuration and management. Showcases network security expertise and automated security controls implementation.
Demand Prioritization System
Private business intelligence tool for analyzing and prioritizing organizational demands and requirements. Built for strategic planning and resource allocation optimization.
Cura Healthcare Platform
Private JavaScript application focused on healthcare management solutions. Demonstrates full-stack development capabilities in the healthcare technology sector.
First Learning Project
Initial JavaScript project created during my programming learning journey. Represents foundational web development skills and early exploration of modern JavaScript frameworks.
Hadolint - Dockerfile Security Linter
A Dockerfile linter that helps developers write secure, efficient, and maintainable Dockerfiles. It detects syntax errors, enforces best practices, and integrates with ShellCheck to validate shell scripts in RUN commands.
Terraform Drift Detection
Infrastructure monitoring tool that detects configuration drift in Terraform-managed resources. Helps maintain infrastructure integrity by identifying unauthorized changes and ensuring compliance with defined infrastructure as code.
Cybersecurity AI News Aggregator
AI-powered news aggregation system for cybersecurity intelligence. Automatically collects, analyzes, and categorizes cybersecurity news and threat intelligence from multiple sources to keep security professionals informed.
PII Detection System
Advanced privacy protection tool that automatically detects and classifies Personally Identifiable Information (PII) in documents and data streams. Essential for GDPR compliance and data privacy protection.
PSRA Security Framework
Comprehensive security framework and toolkit for enterprise security operations. Provides reusable security components and utilities for building secure applications and systems.
Cyber TCG - Cybersecurity Trading Card Game
Educational cybersecurity trading card game that teaches security concepts through interactive gameplay. Combines learning with entertainment to make cybersecurity education more engaging.
X-Ray Confidence Scanner
Security scanning tool that provides confidence scoring for vulnerability assessments. Enhances traditional security scanning by adding contextual risk analysis and confidence metrics.
GitLab Notification System
Custom notification system for GitLab workflows and CI/CD pipelines. Provides enhanced alerting and monitoring capabilities for DevOps teams using GitLab infrastructure.
Enterprise Private Security Initiative
Private enterprise security project focused on advanced threat detection and response capabilities. Demonstrates cutting-edge security technologies for organizational protection.
Demand Prioritization Analytics (GitLab)
GitLab version of the demand prioritization system with enhanced CI/CD integration. Provides strategic planning and resource allocation optimization with automated deployment capabilities.
My Achievements
Recognitions and milestones in my cybersecurity journey
Detecting Threats with AI
Invited by Globe Business to deliver a session on empowering MSMEs in the Philippines through AI-driven threat detection and cybersecurity innovation
Hackathon Speaker
Invited to speak at Globe Telecom's CodeToCareer hackathon, empowering participants through insights on AI and cybersecurity innovation, and fostering talent in coding and cloud technologies.
Cybersecurity Speaker
Invited by Globe B2B Enterprise team for a Cybersecurity Enablement and Immersion session to share insights and expertise in enterprise security architecture, highlighting industry best practices and emerging threats
API Security Event
Invited as a speaker for Nexus & Traceable's API Security Event to discuss best practices and insights on API security, addressing an audience of enterprise professionals
CEH Certification
Certified Ethical Hacker (CEH) – EC-Council certification validating proficiency in ethical hacking, penetration testing, and cybersecurity defense.
CC Certification
Certified in Cybersecurity - ISC² certification
CVE Discovery
Discovered and reported 2 Critical CVEs in enterprise software, contributing to global security
Google Cybersecurity Specialization
Completed Google Cybersecurity Specialization on Coursera, mastering networks, detection & response, Linux, SQL, and automation of cybersecurity tasks using Python
NIST CSF Lead Implementer
Certified Lead Implementer for NIST Cybersecurity Framework (CSF), demonstrating expertise in establishing, managing, and optimizing cybersecurity programs.
DevOps Foundation Certification
Certified by DevOps Institute, demonstrating proficiency in DevOps principles, practices, automation, and continuous integration/delivery (CI/CD).
AWS Certified Cloud Practitioner
Certified by Amazon Web Services (AWS), validating expertise in cloud fundamentals, AWS cloud infrastructure, security, and services.
Google Cloud CI/CD
Earned the intermediate skill badge from Google Cloud, demonstrating expertise in Artifact Registry, Cloud Build, Cloud Deploy, and continuous integration pipeline security.
Developing Secure Software (LFD121)
Earned the Linux Foundation badge demonstrating knowledge in developing and maintaining secure software to counter cyber threats and rapidly address vulnerabilities.
Automating Supply Chain Security (LFEL1007)
Earned Linux Foundation badge validating skills in leveraging open-source tools to secure software supply chains, including SBOM generation and artifact signing
Introduction to DevSecOps for Managers (LFS180)
Earned Linux Foundation badge highlighting understanding of DevSecOps principles, platform optimization, cybersecurity fundamentals, and secure software delivery practices.
Boot.Dev - Learn to Code in Python
Completed comprehensive Python programming course on Boot.Dev, mastering fundamental programming concepts, data structures, and algorithms.
Boot.Dev - Learn Object Oriented Programming in Python
Mastered object-oriented programming principles in Python, including classes, inheritance, polymorphism, and design patterns.
Boot.Dev - Learn Linux
Completed Linux fundamentals course, gaining proficiency in command line operations, file systems, and system administration.
Boot.Dev - Learn Kubernetes
Mastered container orchestration with Kubernetes, including deployment, scaling, and management of containerized applications.
Boot.Dev - Learn Git
Completed Git version control course, mastering branching strategies, merge conflicts, and collaborative development workflows.
Boot.Dev - Learn Functional Programming in Python
Explored functional programming paradigms in Python, including lambda functions, map/filter/reduce, and functional design patterns.
Boot.Dev - Learn Docker
Mastered containerization with Docker, including image creation, container management, and Docker Compose for multi-container applications.
Boot.Dev - Build an AI Agent in Python
Completed advanced project building an AI Agent with calculator functionality, file operations, and Python code execution capabilities.
Boot.Dev - Build a Bookbot in Python
Developed a Python text analysis tool for processing and analyzing book content, demonstrating file I/O and text processing skills.
Boot.Dev - Build Asteroids using Python and Pygame
Created a complete implementation of the classic Asteroids game using Python and Pygame, showcasing game development skills.
Boot.Dev - Grandmaster: Sharpshooter
Achieved Grandmaster level by completing 28 sharpshooter sprees, demonstrating exceptional coding accuracy and consistency.
Boot.Dev - Master: Milestone
Reached Master level by completing 480 exercises, showcasing dedication to continuous learning and skill development.
Boot.Dev - Platinum: Streak
Achieved Platinum streak by studying consistently for 34 days, demonstrating commitment to daily learning and improvement.
Boot.Dev - Bronze: Fellowship
Earned Bronze Fellowship by contributing to the Boot.Dev community and earning karma in the Discord community.
Boot.Dev - Level 67 Achievement
Reached Level 67 on Boot.Dev with 763 XP, demonstrating significant progress in programming skills and course completion.
Boot.Dev - 658 Lessons Solved
Completed 658 lessons on Boot.Dev, showcasing comprehensive engagement with programming curricula and problem-solving skills.
Embedded Jit Security for Scalable Application Security Orchestration
Led the enterprise integration of Jit.io, a CI/CD-native application security orchestration platform, to enforce policy-as-code, automate vulnerability scanning, and embed security directly into developer workflows. This elevated secure coding practices while minimizing friction across GitLab pipelines.
Accelerated Time-to-Market with Secure Deployment Automation
Contributed in the architecture and implemented secure git-based automation for deploying Marketing campaign landing page, integrating security scans and Cloudflare self-service in the GCP edge delivery. Enabled Marketing teams to independently launch HTML/CSS/JS content securely - achieving same-day go-lives with built-in guardrails and no manual approvals.
Cross-Team Enablement through Reusable Secure Pipelines
Provided support and guidance in developing and distributing production-ready CI/CD workflows embedded with controls across JFrog and AdGitOps pipelines. This empowered teams across Engineering, Security, and Business Units to adopt a shared DevSecOps foundation with minimal onboarding overhead.
Eliminated Security Gaps with Policy-Driven Enforcement
Enabled security controls including TLS version enforcement, secrets detection, Dockerfile hardening, and OWASP checks - ensuring merge-time validation. Reduced high-severity vulnerabilities reaching staging and production by proactively addressing them earlier in the pipeline as part of the security scanners activation out-of-the-box.
Championed Shift-Left Security Culture with Developer-First UX
Enabled real-time feedback loops via integrations and GitLab inline comments, transforming static security scans into actionable developer guidance. Fostered greater ownership of security across teams and improved overall security posture without impeding velocity. This resulted in closer collaboration and support between the IT Platform Engineering, AWS Tribe, GCP Tribe, SOC Vulnerability team, Application Developers, and Security Engineering cross-functional teams. It translated to good developer feedback that praises our support and efforts.
Personal Insights
What drives you as a cybersecurity professional?
I'm driven by the mission to protect organizations and individuals from cyber threats. Every security solution I architect is a shield against potential attacks that could cause real harm. The constantly evolving threat landscape keeps me motivated to stay ahead of adversaries.
How do you approach security risk assessment?
I believe in a methodical, threat-modeling approach. I start by identifying critical assets, analyze potential attack vectors, assess the likelihood and impact of threats, and then design layered security controls. It's about thinking like an attacker while building like a defender.
What's your philosophy on security architecture?
Security should be built into the foundation, not bolted on as an afterthought. I advocate for 'security by design' principles - zero trust architecture, least privilege access, and continuous monitoring. The goal is to create systems that are resilient and can adapt to emerging threats.
How do you stay current with cybersecurity trends?
The threat landscape evolves daily, so I maintain active engagement with the security community through threat intelligence feeds, security conferences like RSAC, DEF CON, Black Hat, and GovWare, research publications, and hands-on experimentation with new attack techniques and defensive tools.
What's your approach to security team leadership?
I believe in fostering a culture of security awareness and continuous learning. I mentor team members to think critically about security challenges, encourage responsible disclosure of vulnerabilities, and promote knowledge sharing across the organization. Security is everyone's responsibility.
Where can I read your published articles and thought leadership pieces?
You can explore my published articles and thought leadership on cybersecurity and AI at the following links:
Get In Touch
Contact Information
Feel free to reach out for collaboration opportunities, questions, or just to say hello!
I also offer comprehensive cybersecurity services including security risk assessments, cybersecurity strategy planning, business consulting, threat modeling, security architecture design, DevSecOps implementation, compliance frameworks (NIST CSF, ISO 27001), and other specialized services based on my 13+ years of experience in security engineering and product management.