CYBERBALI
Security Architect
API Security Architecture | Enterprise-Scale API Ecosystems | Sorting Out Legacy Mess
SYSTEM ARCHITECT
Most enterprise breaches trace back not to a missing patch, but to architectural blind spots that no automated scanner will ever catch. That's the problem I spend most of my time on.
With close to a decade in IT security, I work as a security architect on a multi-million dollar enterprise product - the kind with API sprawl that makes standard tooling nearly useless. We're talking 15,000+ endpoints, a mix of legacy and cloud-native systems, and organically-grown infrastructure that's common in large enterprises but rarely talked about openly.
Over the past years I've been pushing the team toward centralized authorization middle-ware, designing frameworks that address logical flaws like BOLA and broken access controls at the architectural level, rather than treating every finding as a one-off.
Alongside the hands-on work, I translate these risks for engineering leads and C-suite stakeholders who need to understand exposure in business terms, not vulnerability counts.
Right now I'm going deeper - offensive techniques, threat modeling for APIs, and building reusable security frameworks that product teams can actually implement without slowing down delivery. I write about what I'm learning on Medium and Github.
If you're dealing with large API ecosystems, legacy remediation, or trying to build a real security practice inside a fast-moving product org - I'm always up for a conversation.
CORE FOCUS
-
API Security Architecture
-
Authorization & Access Control Design
(RBAC, BOLA/IDOR) -
Legacy API Ecosystem Remediation
-
Security Framework Design for Product Teams
-
Cross-functional Risk Communication
-
API Platform Focus
Web / Mobile / Windows Thick Client / AWS
HOW I THINK
Because understanding how systems fail — and how attackers think — is the fastest way to design defenses that actually hold up in the real world.