Security assessments · Cloud architecture · AI Security
// cybersecurity architect · cloud security · AI security · Zero Trust · ENS · DORA · EU AI Act

I lead and design cybersecurity for cloud, critical and regulated environments.

I'm Juan David Rivera, a cybersecurity architect and technical leader with 13+ years of experience across technology, cloud and enterprise security.

I've worked with multinational companies and large organizations across banking, insurance, retail and the public sector, turning risk, compliance and real-world threats into security architectures and operations that work.

CAISP · Microsoft Security Certified · Technical Manager · 13+ years
Experience across
Tier-1 banking insurance retail public sector multinational consulting regulated cloud
juan_rivera jdr ~/recon PASSIVE
$
01
0
years across technology and cybersecurity
02
0
documented case studies
03
0
active certifications
04
0
in-house tools evolving
// about this site

A technical notebook from practice.

Here I share labs, tools, research and field notes on cloud cybersecurity, AI Security, offensive, defensive and compliance work. This is not theory on display. It's applied learning from projects, tests, mistakes and real experience.

What your browser
tells before you say anything.

Three passive tools to visualise signals that already travel with every visit: network, browser, device, DNS and public headers. I don't access private information or run intrusive tests. This is passive reconnaissance. In a real assessment, this would be just the first step toward understanding an organisation's exposed surface.

Public, passive and transparent. Private data requires explicit authorisation.

LIVE
juan_rivera jdr ~/recon/whoami PASSIVE
$ ./whoami --visitor --verbose
// NETWORK
ip_pub: ...
ip_local: ...
country: ...
city: ...
asn: ...
isp: ...
// DEVICE
os: ...
device: ...
browser: ...
gpu: ...
cores: ...
screen: ...
// BEHAVIOR
lang: ...
timezone: ...
cookies: ...
do_not_track: ...
fp_hash: ...
vpn: ...
RISK ASSESSMENT 0.18 · LOW
All of this is publicly available to every site you visit. Enabling DNT reduces your tracking surface. In a real audit, this is just the appetizer.

In-house tools to turn research
into results.

I build internal platforms, labs and AI agents to turn technical research into something useful: evaluations, reports, automations, review criteria and operating models.

I use AI to accelerate the repetitive work — correlation, prioritisation, analysis and reporting — without replacing technical review. I don't publish the whole engine. I publish results, lessons and deliverables that may help other security teams.

ASSESSMENT · BETA
AI-assisted

SurfaceScan

Public attack-surface evaluation

SurfaceScan reviews an organisation's public exposure from signals visible on the Internet: domains, DNS, published services, web configuration, TLS, exposed technologies and possible leaks from open sources.

It isn't about running a scanner and pasting the output. The focus is on separating noise from real findings, understanding impact and delivering an actionable report. AI agents help correlate evidence and prepare the report; the final reading is still manual.

  • Passive reconnaissance and non-intrusive validation
  • Findings prioritised with technical context
  • Clear, actionable report — manually reviewed
CLOUD · GOVERNANCE
early access

Cloud Governance

Multi-cloud posture evaluation and follow-up

Internal system to review cloud security posture, keep deviations traceable and turn scattered controls into real operational follow-up.

Backed by a proprietary control library, hardening guides and custom validations, extended with AI agents that review evidence, explain deviations, prepare reports and propose remediation actions.

The idea is simple: less repetitive work, more operational clarity, better security decisions.

  • Multi-cloud · Azure · AWS · GCP · IBM · Oracle
  • Proprietary controls · CIS · ENS · NIST · custom hardening
  • Evidence · exceptions · reporting · operational follow-up
AI · ADVERSARY VALIDATION
research preview

KOGI

Continuous Adversary Validation Platform

KOGI is a research platform for continuous adversary validation in controlled laboratories.

Its goal is to emulate attacker behaviour in an authorised setting to measure defensive coverage, test detections and understand how controls respond to realistic attack chains.

It combines automation, AI-assisted planning and MITRE ATT&CK mapping to turn offensive testing into defensive evidence: what gets detected, what doesn't, where response fails and what should improve.

Given its sensitive nature, operational code remains private. I publish methodology, lessons learned and defensive results as a paper.

  • Controlled adversary emulation
  • Detection and response validation
  • MITRE ATT&CK · AI-assisted planning · defensive evidence
AI · RESEARCH LAB
private stack

CyberLlama Lab

Private stack for AI Security

CyberLlama is my private lab for researching security in AI systems: prompt evaluation, model behaviour, threat modeling, adversarial testing, autonomous agents and technical reporting.

It isn't a public product or a wrapper over commercial models. It's an internal stack combining specialised models, AI agents, a proprietary knowledge base and automation to accelerate AI Security evaluations.

I use it as a working tool: to test hypotheses, build evaluation cases, document findings and turn technical research into useful deliverables.

  • AI red teaming · prompt evaluation · threat modeling
  • Autonomous agents · knowledge base · technical reporting
  • Private tooling · public learnings

Architecture, operations and compliance
in the real world.

I've worked with organisations in banking, insurance, retail and the public sector on projects where security has direct impact on continuity, audit, compliance and operational risk.

My work moves between cloud architecture, technical governance, identity, detection, response and automation: turning complex requirements into controls that can be deployed, measured and operated.

CLOUD
01/04
Cloud Security Secure architectures and posture assessment
Azure · AWS · GCP · OCI · IBM
GOVERNANCE
02/04
Security Governance Controls, evidence and deviation management
ENS · DORA · EBA ICT · CIS · NIST
IDENTITY
03/04
Identity & Zero Trust Secure access, segmentation and least privilege
IAM · ZTNA · Conditional Access · SSE
OPERATIONS
04/04
Security Operations Detection, response and continuous improvement
SOC · MITRE ATT&CK · purple team · automation

Find out what your organisation exposes
before someone else does.

I built a proprietary tool that runs a passive assessment of your public surface: domains, DNS, exposed services, web configuration, TLS, visible technologies and possible leaks in open sources.

Where a traditional enterprise team takes days or weeks to deliver the report, this system has it manually reviewed in under 24 business hours. Speed is the differential — not a mass scan full of noise, but in-house tooling tuned over years of real audits.

juan_rivera jdr ~/surfacescan LIVE
$
preparing scan
01 domain and subdomain discovery
02 DNS review and public exposure
03 headers and web configuration analysis
04 TLS review and HTTPS surface
05 identification of exposed services
06 search for sensitive signals in open sources
DELIVERY <24H
Manually-reviewed curated PDF · delivered in under 24 business hours
$