Khemmapon
Tawantham
DevSecOps & Cybersecurity Engineer
About
I secure systems before they become incidents.
As a DevSecOps & Cybersecurity Engineer with 3+ years of hands-on experience, I specialize in embedding security into every layer of the development lifecycle — from CI/CD pipelines to internal network architecture.
What I do professionally:
- 🔐 Zero-Trust networking & VPN infrastructure (NetBird)
- 📡 SIEM & monitoring deployments (Wazuh, Zabbix)
- 🔧 DevSecOps pipeline integration (Jenkins, SonarQube, Sentry, Semgrep)
- 🗝️ Secrets management (Infisical) & on-premise server operations
What I do in my own time:
I run a personal homelab on Proxmox VE — experimenting with TrueNAS, OPNsense, AdGuard Home, Home Assistant, Docker, and n8n. It's where I pressure-test ideas around infrastructure hardening, network segmentation, SIEM tuning, and automation before they ever touch production.
Security isn't just my job. It's how I think.
Skills
Security & Infrastructure
DevSecOpsCybersecurityCI/CD SecurityOWASPZero-Trust NetworkingSIEM (Wazuh, Zabbix)Threat Detection & Incident ResponseNetBird VPNNetwork SegmentationInfrastructure HardeningSecrets Management (Infisical)On-Premise Server Management
Infrastructure & Platforms
Proxmox VEOPNsenseTrueNASDockern8n
DevSecOps Toolchain
JenkinsSonarQubeSemgrepSentry
Development
TypeScriptReact.jsReact NativeVue.jsNuxt.jsRuby on RailsNestJSNode.jsRubyPostgreSQL
Version Control & OS
GitGitHubGitLabBashUbuntuLinux
Bio
- Built and shipped client-facing web applications using Ruby on Rails, Nuxt.js, React.js, and Vue.js — managing projects from requirements gathering through production deployment.
- Developed cross-platform mobile applications using React Native, delivering consistent experiences across iOS and Android for multiple clients.
- Grew from junior web developer into a tech lead role over 5+ years, eventually leading junior developers across concurrent client projects — running code reviews, setting standards, and accelerating team growth.
- Maintained long-term client relationships by engaging directly in requirements discussions and iterating rapidly on feedback.
- Designed and developed internal business applications using NestJS (backend), React.js (frontend), and React Native (mobile), improving operational workflows for internal stakeholders.
- Led a team of junior developers — defining technical direction, unblocking issues, and ensuring delivery against project milestones.
- Worked closely with customers to gather requirements and translate them into scalable, maintainable software solutions.
- Owned bug triage and resolution for critical issues, maintaining application reliability across web and mobile platforms.
- Led full-stack development of a production E-Commerce platform using Ruby on Rails (backend), React.js (frontend), and React Native (mobile) — owning features end-to-end across all three surfaces.
- Mentored and led junior developers, conducting code reviews and guiding them through complex implementation challenges to keep projects on track.
- Collaborated directly with customers and the product team to translate business requirements into technical specifications and actionable development plans.
- Diagnosed and resolved complex, high-impact bugs across the stack, minimizing downtime and improving platform stability.
- Enforced UI/UX consistency standards across the web and mobile apps — standardizing fonts, layouts, and component patterns for a cohesive brand experience.
- Architected and maintained a Zero-Trust internal network using NetBird VPN, securing access for distributed engineering teams across multiple countries.
- Deployed and managed SIEM/monitoring stack (Wazuh + Zabbix) for real-time threat detection, incident response, and infrastructure observability across on-premise servers.
- Drove DevSecOps culture adoption by integrating security tooling into CI/CD pipelines using Jenkins, SonarQube, Sentry, and Semgrep — shifting security left in the development lifecycle.
- Implemented Infisical for centralized secrets management, eliminating hardcoded credentials and reducing secret sprawl across services.
- Deployed Umami Analytics as a privacy-first, self-hosted alternative to third-party analytics platforms.
- Acted as cross-functional security liaison, collaborating with product, marketing, and engineering teams across Morocco and Pakistan to translate business requirements into security specifications.
- Documented and escalated security incidents and operational concerns directly to the Country Director, maintaining executive-level visibility into risk posture.
- Evaluated and onboarded open-source tools and services to reduce licensing costs while maintaining enterprise-grade capabilities.