Sign in Subscribe
1 min read AppSec

From Staff Security to Hands-on Building: Why I'm Launching y.mo.la

Photo by Yafes.

After more than two decades in the security industry—most recently spending seven years as a Staff Application Security Engineer at SugarCRM—I decided to take a step back from the corporate environment to return to my roots: building.

In the world of AppSec, it is easy to become focused on the "break" or the "audit." But I’ve always believed that the most effective security engineers are those who truly understand how to build. This blog, y.mo.la, is where I will document my transition from high-level security architecture back into the "code-level" trenches.

The Project: StokumNET

For the past few months, I have been heads-down building StokumNET, a cloud-native inventory application. My goal isn't just to build a functional app, but to build a "Secure-by-Default" blueprint using a modern stack:

  • Backend: Go (Gin)
  • Frontend: React / Next.js
  • Data: PostgreSQL
  • Infrastructure: Docker & Wireguard

What to Expect Here

I created this space to share technical deep dives that I hope will help other security professionals and developers. My upcoming posts will cover:

  1. Zero-Trust Home Labs: How I secured my personal development environment using Wireguard tunnels and isolated Docker networks (this was the first thing I set up for this blog!).
  2. Modern API Security: Solving the "Token Refresh" challenge in Android and Web applications without sacrificing UX.
  3. Scaleable AppSec: Lessons learned from managing vulnerability lifecycles for platforms with thousands of global customers.
  4. The Polyglot Security Mindset: Why knowing 10+ programming languages is my "secret weapon" for effective code review.

Why "y.mo.la"?

"Y" stands for Yafes, and "Mo.la" is a platform I’m building for the future. Eventually, this will expand into a broader security news hub, but for now, it is my personal technical journal.

Whether you are a recruiter looking for a Staff Engineer who loves to code, or a fellow builder looking for AppSec tips, I’m glad you’re here.

Let’s build something secure.

Published by:

Yafes D.

Member discussion