e
eldorzufarov

Eldor Z

@eldorzufarov

Senior DevSecOps Engineer

Usbekistan
Englisch, Russisch
Einige Informationen werden in englischer Sprache angezeigt.
Über mich
Senior DevSecOps Architect | Creator of Auditor & Sentinel Core. I build deterministic security systems moving from noisy reporting to binary enforcement. As founder of DataWizual Security Lab, I engineered a dual-core ecosystem: 🛡️ Auditor Core: Baseline-aware engine for deep SAST, secret detection, and IaC auditing (Terraform/Terragrunt). 🛡️ Sentinel Core: Deterministic CI/CD gate enforcing "ALLOW or BLOCK" for Docker & supply-chain integrity. I specialize in zero-telemetry, offline-first security. I don’t just find leaks; I build systems that prevent them.🦾🛡️⚖️... Mehr lesen

Kompetenzen

e
eldorzufarov
Eldor Z
offline • 

Meine Dienstleistungen

Hilfe / Beratung
I will audit your code and find real vulnerabilities vs false positives using ai
Ab100 $ / ProjektWeitere Details

Portfolio

Arbeitserfahrung

Founder & Principal Security Engineer

DataWizual Security Lab

Aug 2025 - Present9 mos

Work Experience & Engineering Focus I founded DataWizual Security Lab to solve a critical industry flaw: the reliance on "noisy" security scanners that are far too easy to bypass. My work is dedicated to engineering a suite of deterministic enforcement tools specifically designed for high-security, air-gapped, and enterprise environments where data privacy is non-negotiable. Key Achievements & Engineering Focus: Dual-Core Ecosystem Development: I am the architect and lead developer of two interconnected security engines: Auditor Core and Sentinel Core. Together, they form a complete "Security Lab" that covers everything from initial static analysis to final production blocking. Auditor Core (The Analysis Engine): I engineered this CLI-first engine to provide professional, baseline-aware security auditing. It performs deep SAST, secret detection, and supply-chain risk analysis. Unlike standard tools, it separates legacy issues from new regressions, allowing teams to focus on actual new risks without "alert fatigue." It generates comprehensive HTML/JSON reports mapped to ISO 27001 and SOC 2 frameworks. Sentinel Core (The Enforcement Gate): I developed this as a "physical" security gate for CI/CD pipelines. It operates on a strict binary logic: ALLOW or BLOCK. It ensures that no artifact—whether a Docker image or a Terraform script—reaches production if it violates core engineering invariants. Artifact-Level Security: My frameworks evaluate security posture across the entire SDLC: Dockerfiles (supply-chain integrity), CI/CD Workflows (SHA-256 pinning), K8s/IaC (Terragrunt/Terraform), and Secrets (high-precision credential detection). Zero-Telemetry & Privacy: I architected an offline-first execution framework for organizations with strict data privacy requirements. My tools eliminate external data leakage, ensuring that sensitive security data never leaves the authorized administrative perimeter. Enterprise Governance & Shield: I designed a centralized administr