Skip to content
View arnoldcastro5000's full-sized avatar

Block or report arnoldcastro5000

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
arnoldcastro5000/README.md

Arnold Castro

Cloud security engineer in Toronto. CISSP, AWS Solutions Architect Professional. I build security systems from the ground up and teach people how they work: 450+ hours of cloud and security instruction to 360+ college students, undergrad to postgrad, alongside a hands-on portfolio focused on securing AI-assisted development, the newest problem in the space.

Current work

prowler-cspm-demo: defense-in-depth on a real, running system. All 19 Prowler findings across AWS, GCP, and Azure remediated and verified by re-scan. Every change clears CI gates spanning supply-chain, SAST, secrets, IaC, and container scanning, and the supply-chain gate blocks malicious packages, not just vulnerable ones. Built by an AI coding agent running sandboxed with egress allowlisting. Live at prowler.cloudsecuritypractice.com.

LoonVault (beta): a secure cloud data platform mapped control-by-control to the OSFI B-13 cyber-risk framework. Least-privilege AWS stack behind Cloudflare, a working STRIDE threat model, and an OPA policy-as-code gate that runs 20 tests against every Terraform change, with each rule tied to the OSFI principle it enforces.

Open source

I contribute to Greenstand's Treetracker (reforestation tracking): infrastructure, reliability, and performance fixes. See my pull requests.

Elsewhere

LinkedIn · cloudsecuritypractice.com

Pinned Loading

  1. prowler-cspm-demo prowler-cspm-demo Public

    Defense-in-depth on a real running system: all 19 Prowler findings across AWS, GCP & Azure remediated and re-scan verified; live dashboard behind Cloudflare WAF; CI gates for supply-chain, SAST, se…

    TypeScript

  2. loonvault loonvault Public

    (Beta) Secure cloud data platform mapped control-by-control to OSFI B-13, with a working STRIDE threat model. Least-privilege AWS stack (ca-central-1) behind Cloudflare, RDS IAM auth, CMK encryptio…

    HCL