Software Engineering student at Politécnico Grancolombiano
Backend Developer building secure systems with Java, Spring Boot, and Python
Passionate about writing code that is not just functional — but secure by design

Career goal: Backend Developer → DevSecOps Engineer
Security focus: OWASP, secure coding, JWT, threat modeling
Currently studying: eJPT certification at Securiters Academy (Marta Barrio)
Building: Secure-Wallet-API — portfolio project applying OWASP Top 10 and DevSecOps practices

"I don't just write code — I write secure code. Security is not a feature, it's a foundation."

Backend REST API for a secure digital wallet system built with a DevSecOps-first approach - security, automation, and testing integrated from day one, not added as an afterthought

Actively under development — focused on learning secure API design, CI/CD automation, and PostgreSQL persistence

• JWT authentication with refresh token rotation (15 min expiry)**
• BCrypt strength-12 password hashing + account lockout after 3 fialed attempts (OWASP A07)
• Role-based access control: USER / ADMIN / MANAGER with deny-by-default policy (OWASP A01)
• Log injection prevention via input sanitization on all user-controlled log data (OWASP A09)
• OWASP Dependency Check + CodeQL SAST on every PR-build fails on CVSS >= 7(GitHub Actions)
• ACID-guaranteed financial transactions with PostgreSQL 16
• Full audit trail - soft deletes, no financial data ever deleted

Tech: Java 17 Spring Boot 3 Spring Security PostgreSQL 16 Docker GitHub Actions OWASP CodeQL JWT

Backend system for water consumption reporting. Educational project with practical focus on database persistence and Docker volumes

• Built with Spring Boot & MySQL, fully Dockerized
• RESTful API with full CRUD operations
• Layered architecture (Controller → Service → Repository)
• Spring Data JPA for database persistence

Tech: Java Spring Boot MySQL Docker Spring Data JPA REST API

IBM Spring boot MVC final project. User login with role-based authentication (USER/ADMIN) Admin generates quiz questions, users answer existing questions, answers are graded and an average score is calculated. Thymeleaf used to build page structures with HTML

• Spring Security for authentication and BCrypt encryption
• Thymeleaf for HTML page structure and from handling

Tech: Java Spring Boot MVC Maven

Structure logging system and custom exception handling for a service order management REST API Docker containers for database setup and Spring Boot

• REST API for service order management
• Custom exception classes (ClientNotFoundException, OrderNotFoundException, InvalidDataException)
• Docker implementation with local volumes for the database
• Structure log recording

Tech: Java Spring Boot MySQL Docker Exception Handling Logging

10 essential Bash scripts for cybersecurity and system administration

• Reconnaissance automation, log analysis, file validation
• nmap wrapper for network scanning automation
• Text processing with grep, awk, cut
• Based on Securiters Academy (eJPT path)

Tech: Bash Linux Nmap Grep/Awk Automation

Educational object-oriented project. A multi-level game where challenges are randomized math problems Players have 3 lives, can recover a life by passing a level with all correct answers, and each level increases in dificulty

• Applied OOP principles (Encapsulation, Inheritance, Polymorphism)

Tech: Java OOP Design Patterns