Network Forensics
Lab 1.1 – tcpdump Traffic Analysis
Analyzed PCAP traffic with tcpdump: identified /.env probing, WordPress brute-force with Hydra, and cleartext login parameters visible in the HTTP payload.
tcpdumpdigPCAP analysisCLI
Read write-upLuis Lozoya
Security-Focused Software Engineer · Cloud · AI
5+ years building and securing production web apps with React, Next.js, and AWS. GIAC certified (GFACT, GSEC in progress). Currently delivering secure, cloud-native applications and AI integrations for clients across the US and Spain.
AppSecAWSReactNext.jsTypeScriptPython
GIAC GFACT Certified · Pursuing GSEC · US Work Authorized
About
Where software engineering meets security
Originally from Spain with a degree in architectural engineering from IE University. After 6+ years in construction project management, I pivoted into software engineering and never looked back. Now a security-focused engineer with deep experience in cloud technologies and application security, recently earning the GIAC GFACT certification through the SANS Institute.
I bring together real-world software engineering experience and formal security training to design and build applications that are secure by design, scalable, and production-ready.
In addition to traditional web development, I work with AI-enabled features, including LLM integrations and automation workflows, always with a security-aware mindset around data handling, access control, and responsible AI usage.
Currently building and securing cloud-native applications at GDNA, with a focus on secure API design, least-privilege IAM, and production-grade AWS architecture. Currently pursuing GIAC GSEC. Always open to interesting conversations.
1st Place, HackOps 2024Judge, HarborHack 2024Speaker, HarborHack 2025
Tech Stack
Technologies I reach for every day, and the broader toolkit I bring to projects.
Core Stack
React
Next.js
TypeScript
Node.js
AWS
Python
PostgreSQL
Tailwind CSS
Also Work With
Security
- OWASP Top 10
- OWASP LLM Top 10
- Threat Modeling
- Burp Suite
- OWASP ZAP
- Secure Coding
Forensics & IR
- Wireshark
- tcpdump
- PCAP Analysis
- VPC Flow Logs
- John the Ripper
- Hashcat
- exiftool
- nfdump
- DLP
Cloud & DevOps
- Lambda
- S3
- Amplify
- Docker
- CI/CD
- Git
AI / Automation
- LangChain
- OpenAI API
- Prompt Engineering
Data & APIs
- REST APIs
- GraphQL
- MongoDB
- Express
Experience
5+ years across startups, agencies, and independent consulting
Apr 2024 to Present
Mount Pleasant, SC
Started translating Figma designs into React/Next.js code. Evolved into owning full application architecture, API design, and database design on AWS.
Key Achievements:
- Architecting serverless AWS solutions: API Gateway, Lambda, S3, RDS, Cognito, IAM, Secrets Manager, Amplify
- Designing APIs, front-end architecture, and database schemas for client applications
- Running weekly client meetings to demo progress and incorporate feedback
Technologies Used:
AWS API GatewayLambdaS3RDSCognitoIAMSecrets ManagerAmplifyReactTypeScriptNext.jsPostgreSQL
Aug 2023 to Apr 2024
Mount Pleasant, SC
Built a client project using Svelte and maintained Querri's HubSpot website with custom code modifications throughout the contract.
Key Achievements:
- Built a client-facing project using Svelte and FusionAuth
- Modified and maintained Querri's HubSpot website with custom code
- Built custom HubSpot CMS modules and templates
Technologies Used:
SvelteHubSpot CMSHTMLCSSJavaScriptFusionAuthAWS
Software Engineer (Contract)
Upstate Nutrition
E-commerce & Wellness
Jul 2023 to Aug 2023
Remote
Short-term contract to rebuild the company's Shopify storefront. The engagement ended before completion.
Key Achievements:
- Started rebuilding the Shopify storefront with Liquid templates
- Gained experience with Shopify's ecosystem and e-commerce development
Technologies Used:
ShopifyLiquidJavaScriptCSSSEOAnalytics
Jul 2021 to Jun 2023
Charleston, SC
First engineering role after JRS Coding School bootcamp. Promoted from Software Engineer I to II. Full-stack development on Angular/NestJs stack with Azure cloud services.
Key Achievements:
- Built custom Chrome extensions integrated with CRM tools using RESTful APIs and OAuth 2.0
- Developed and maintained full-stack features using Angular, NestJs, MongoDB, and Azure Cosmos DB
- Created Azure Functions with various triggers, reducing infrastructure costs for client workloads
- Mentored junior developers and coordinated between development and leadership teams
Technologies Used:
AngularNestJsMongoDBAzure Cosmos DBAzure FunctionsTypeScriptNode.jsREST APIsOAuth2.0
Security Labs
5of 20
Hands-on labs with real packet captures, full analysis, and detailed writeups. Evidence of skill beyond certifications.
Network ForensicsCloud Network ForensicsPassword Management & CryptographyData Security & DLPtcpdumpdigPCAP analysisCLIWiresharkDisplay filters
Network Forensics
Lab 1.2 – Wireshark Packet Analysis
Investigated a 628K-packet PCAP in Wireshark: used protocol hierarchy and conversation statistics to surface a port-80 scanning pattern from 3.142.238.241, followed an HTTP stream revealing a successful WordPress brute-force login (Hydra, admin/#AlphaInc!), and completed a live-capture exercise extracting an HTTP object from loopback traffic.
WiresharkPCAP analysisDisplay filtersHTTP stream following
Read write-upCloud Network Forensics
Lab 1.3 - AWS VPC Flow Log Analysis
Analyzed 173K VPC flow records across 579 log files: isolated 33,232 attacker flows from 20.106.124.93, determined a 6.5-hour attack window, quantified 265MB exfiltrated on port 8889 and 190MB on port 80, and confirmed the full attack surface (HTTP, SSH, 8889) using PCAP-to-NetFlow conversion with nfpcapd/nfdump.
AWS VPC Flow Logszcatzgrepawk
Read write-upPassword Management & Cryptography
Lab 2.1 – Password Auditing
Cracked passwords across 4 hash types using John the Ripper and Hashcat: extracted and cracked an Office 2013 encrypted Excel file, an NTLM hash, and Linux crypt hashes using a CeWL wordlist. Demonstrated brute-force infeasibility against SHA-512 with Hashcat, then used John's word-mangling rules to expand 1,552 base words into 4M+ candidates to crack passwords the original wordlist missed.
John the RipperHashcatoffice2johnunshadow
Read write-upData Security & DLP
Lab 2.2 - Data Loss Prevention
Scanned removable media for sensitive content using grep keyword matching, extracted document metadata with exiftool revealing author identity and SECRET classification, and geolocated a photo's origin from embedded GPS coordinates.
grepexiftoolEXIF/GPS analysisCLI
Read write-upLab Pipeline
SEC401 - Network Security and Cloud Essentials
3/3Lab 1.1 – tcpdump Traffic AnalysisNetwork Forensics
Lab 1.2 – Wireshark Packet AnalysisNetwork Forensics
Lab 1.3 - AWS VPC Flow Log AnalysisCloud Network Forensics
SEC401 - Defense in Depth
2/3Lab 2.1 – Password AuditingPassword Management & Cryptography
Lab 2.2 - Data Loss PreventionData Security & DLP
Lab 2.3 - Mobile Device Backup RecoveryData Security & DLP
SEC401 - Vulnerability Management and Response
0/4Lab 3.1 - Network DiscoveryNetwork Security
Lab 3.2 - Binary File Analysis and CharacterizationMalware Analysis
Lab 3.3 - Web App ExploitationWeb Application Security
Lab 3.4 - SIEM Log AnalysisSIEM & Log Analysis
SEC401 - Data Security Technologies
0/3Lab 4.1 - Hashing and Cryptographic ValidationCryptography
Lab 4.2 - Encryption and DecryptionCryptography
Lab 4.3 - Intrusion Detection and Network Security Monitoring with Snort3 and ZeekIntrusion Detection
SEC401 - Windows and Azure Security
0/4Lab 5.1 - Windows Process ExplorationWindows Security
Lab 5.2 - Windows Filesystem PermissionsWindows Security
Lab 5.3 - Applying Windows System Security PoliciesWindows Security
Lab 5.4 - Using PowerShell for Speed and ScaleWindows Security
SEC401 - Containers, Linux and Mac Security
0/3Lab 6.1 - Linux PermissionsLinux Security
Lab 6.2 - Linux ContainersLinux Security
Lab 6.3 - Linux Logging and AuditingLinux Security
Labs are from SANS Cyber Academy.
Certifications & Education
Industry certifications and academic foundation
Verified
GIAC Foundational Cybersecurity Technologies (GFACT)
SANS Institute
January 2026
CybersecurityNetworkingOperating Systems+3
Verified
Introduction to AI
Google (via Coursera)
2025
Artificial IntelligenceAI ApplicationsData Science
Verified
Cybersecurity: System Administration Certificate Program
Purdue University and Ivy Tech
2023
CybersecuritySystem AdministrationNetwork Security+2
Education
Cybersecurity Path - System Administration
Mar 2022 - May 2023Purdue University NorthwestOnline
Cybersecurity and system administration program covering security fundamentals, network protection, and infrastructure management.
Full Stack Developer
Nov 2019 - Oct 2020JRS Coding SchoolThe Harbor Entrepreneur Center, Charleston, SC
Intensive full-stack development program. Career pivot from construction to software engineering. Landed first engineering role at Interloop within months of completion.
Arquitecto Tecnico (Bachelor's in Architectural Engineering)
2006 - 2012IE UniversitySegovia, Spain
Technical architecture degree covering structural engineering, construction management, and building design. Final thesis: design and construction technical drawings for a hospital. Foundation for project management and analytical thinking that carried into software engineering.
Portfolio
Selected client and independent work with measurable outcomes
Client Work
Delivered via GDNA, Querri, and direct engagements
Featured
AfricaNXT: Global Mentorship Platform (via GDNA)
Problem
Mentorship platform needed secure, scalable onboarding UX for ~1,200 users.
Solution
Built React UI components and AWS Cognito auth with secure session management, input validation, and CDK-managed infrastructure with least-privilege IAM policies.
Impact
Onboarding efficiency improved by 60%; secure registration and sign-in flow in production with OWASP-aligned authentication controls.
Tech
React 18AWS CDKCognitoSquid CloudTypeScriptSESAuth Security
Independent Projects
Side projects and open-source work with live demos and source code
TalentAgent: AI Job Fit Assessment Platform (2026)
Role: Solo builder: design, full-stack development, AI integration, payments, deployment
Paste any job description and get an honest 0-100 fit score with strengths, gaps, and interview prep. Includes ghost job detection and a job board with AI scores.
Problem: Job seekers waste hours applying to roles that aren't a good fit or are ghost postings.
Approach: Built a full-stack platform with OpenAI for fit scoring, Supabase for data and auth, Stripe for payments, and a job board with pre-scored listings.
Outcome: Live platform that scores fit in 10 seconds, detects ghost jobs, and gives honest 'Don't Apply' signals. Free to use.
Next.js 15SupabaseOpenAIStripeTypeScriptTailwind CSS
ShopEssentialsHub: Curated Product Recommendation Platform (2025)
Role: Design, full-stack development, deployment (Vercel)
A modern product curation platform with hand-picked Amazon products, reviews, category filtering, and Editor's Choice. Responsive, SEO-optimized, with affiliate integration.
Problem: Users needed a trusted, curated list of products by category instead of browsing generic storefronts.
Approach: Designed and built the full stack: Next.js app, category and filter UX, Editor's Choice section, and Amazon affiliate integration with SEO and responsive layout.
Outcome: Live site with clear categories, fast load times, and monetization path. Demonstrates full-stack and product-thinking skills.
Next.jsReactTypeScriptTailwind CSS
.f3582cb7.png&w=828&q=75)
Bilingual Business Site (EN/ES) (2025)
Role: Design, front-end development, deployment
Modern bilingual marketing site built with Next.js 14, custom i18n, dark mode theming, and Framer Motion animations. Responsive layout with reusable section components.
Problem: Wanted a full-scale project to practice bilingual routing, dark mode theming, and polished Framer Motion interactions end-to-end in Next.js 14.
Approach: Built from scratch with a custom i18n system, next-themes dark mode, Framer Motion animations, and modular section components for hero, services, pricing, portfolio, and contact.
Outcome: Shipped a production bilingual site with full dark mode, smooth animations, and a complete section library demonstrating end-to-end Next.js 14 patterns.
Next.js 14React 18TypeScriptTailwind CSSFramer Motion
Cursor Rules Hub: AI Community Platform (2025)
Role: Full-stack development, database design, deployment
Community-driven platform for sharing and discovering AI behavior rules for Cursor Editor. Rule browsing, creation tools, and file-pattern matching.
Problem: Cursor users had no central place to find, share, or version rules; everyone was reinventing the wheel.
Approach: Built a Next.js app with Supabase for storage and auth. Implemented rule CRUD, tagging, and pattern-matching logic so rules can be suggested by file type.
Outcome: Live community site for browsing and contributing rules. Demonstrates full-stack work and understanding of developer tools.
Next.js 14SupabaseTypeScriptTailwind CSS
YouTube GPT Creator (2024)
Role: Backend, AI integration, scripting/automation
AI-assisted automation for YouTube content workflows using Python and LangChain, reducing manual steps in scripting and planning.
Problem: Content creators spend significant time on scripting, research, and planning before recording.
Approach: Built a Python tool using LangChain to automate research and draft scripts from prompts. Integrated with common content workflows.
Outcome: Roughly 40% reduction in manual effort for script and planning steps. Demonstrates AI/LLM integration and automation.
PythonLangChain
NEVA Estudio, Concept Redesign (2026)
Role: Solo build: concept, design, full-stack development
An unsolicited concept redesign for a bilingual (ES/EN) architecture studio. Project gallery with image carousel, service detail modals, contact form, and Framer Motion animations. Built to practice next-intl routing and minimalist editorial layout. Not affiliated with or endorsed by NEVA Estudio.
Problem: Wanted hands-on practice with bilingual routing, i18n content modeling, and editorial layouts for a design-focused business.
Approach: Built a concept site with next-intl locale routing, image carousel gallery, service modals, and Framer Motion interactions.
Outcome: Working concept demonstrating full i18n flow, accessible gallery interactions, and a minimalist editorial aesthetic.
Next.js 15React 19TypeScriptTailwind CSSFramer Motionnext-intl
Coastal Millwork & Supply, Concept Redesign (2025)
Role: Solo build: concept, design, full-stack development
An unsolicited concept redesign for a commercial interiors contractor, exploring modern project gallery UX, service presentation, and local SEO patterns. Built with Next.js 16 and Tailwind CSS. Not affiliated with or endorsed by Coastal Millwork & Supply.
Problem: Wanted to practice Next.js 16 features and explore content-heavy layouts for a services-based business.
Approach: Designed and built a concept site with an interactive project gallery, service pages, and SEO-friendly metadata.
Outcome: Working concept showcasing modern Next.js 16 patterns and content-heavy layout techniques.
Next.js 16React 19TypeScriptTailwind CSS
Fit Check
Would Luis be a good fit?
Paste a job description and get an honest AI assessment of how Luis's experience maps to the role.
0 characters
Contact
Let's discuss your next project. Reach out via the form below or connect on LinkedIn