Sign in Subscribe

About Yafes D.

Staff Application Security Engineer | Product Security Architect | DevSecOps Lead

I am a security leader and hands-on engineer with over 20 years of experience building, breaking, and securing large-scale SaaS and telecommunications infrastructure. My career has been defined by a simple mission: bridging the gap between security requirements and engineering velocity.

What I Do

I specialize in the "Security-by-Design" philosophy. Throughout my career—most recently as a Staff Application Security Engineer at SugarCRM—I have focused on automating security within the SDLC. I don't just find vulnerabilities; I build the tooling and culture to ensure they don't return.

Key Achievements:

  • Vulnerability Reduction: Reduced critical vulnerability fix times by >90% through automated triage and direct engineering mentorship.
  • Scale: Architected and managed end-to-end AppSec programs (SAST/DAST/SCA) for platforms serving thousands of global enterprise customers.
  • Innovation: Developed custom security automation tools and integrated them into modern CI/CD pipelines to eliminate manual bottlenecks.

My Current Focus: The Y.MO.LA Lab

In 2025/2026, I am focusing on the "next frontier" of Application Security. I am currently building StokumNET, a cloud-native inventory application using Go/Gin, React/Next.js, and PostgreSQL, Mobile (iOS, Android).

This blog, y.mo.la, serves as a living documentation of my research into:

  • Zero-Trust Architectures for home and enterprise servers.
  • Modern API Security and token-refresh mechanisms.
  • Isolated Infrastructure using Wireguard and Docker.

Why Work With Me?

I bring a unique combination of Offensive Mindset (Penetration Testing, CTF winner) and Defensive Strategy (Security Architecture, Secure Coding). I am a "Polyglot Engineer" proficient in 10+ languages, allowing me to speak the same language as the developers I support.

Let’s Connect

I am currently exploring new opportunities in Application Security/Privacy, Product Security, and DevSecOps where I can apply my 20+ years of experience to solve complex security challenges at scale.