● Available for opportunities

DevSecOps
Engineer

Building secure, scalable infrastructure with a security-first mindset. Passionate about automating everything, securing pipelines, and shipping reliable software.

Get in touch View projects

Years coding

Projects shipped

Security configs

Uptime %

doanh@devsecops:~

$ whoami

doanhcd

$ cat skills.txt

Docker · K8s · Terraform · Ansible

Python · Go · Bash · CI/CD

Security · DevOps · SRE

$ neofetch

▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀▄▀

About me

I'm a DevSecOps engineer with a deep passion for building secure, automated infrastructure. My days are spent bridging development and security — embedding security checks into CI/CD pipelines, hardening containers, and making sure every deployment is airtight.

When I'm not hardening Kubernetes clusters or writing IaC, you'll find me exploring new security tools, contributing to open source, or building personal projects like TrustLayer.

I believe security isn't a feature — it's a mindset. Every line of code, every config, every pipeline should be designed with defense in depth.

2024 — Present

DevSecOps Engineer

Building secure CI/CD pipelines, automating security compliance, and managing cloud infrastructure at scale.

2023

Started DevOps Journey

Dived deep into Docker, Kubernetes, and infrastructure as code. First automated deployment pipeline.

2022

Software Foundations

Built the first projects with Python, learned Linux, and discovered the world of automation.

2020

The Beginning

Started coding, motivated by curiosity about how systems work and how to break (then secure) them.

Skills & Stack

☸️

Kubernetes & Containers

Docker Kubernetes Helm Containerd

🔧

Infrastructure as Code

Terraform Ansible CloudFormation Pulumi

🔐

Security & Hardening

Falco Trivy OPA Vault

⚙️

CI/CD & Automation

GitHub Actions Jenkins ArgoCD Tekton

☁️

Cloud Platforms

AWS GCP Azure DigitalOcean

📜

Programming

Python Go Bash YAML

Projects

🛡️

TrustLayer Personal Brand

Personal brand & portfolio for demonstrating DevSecOps expertise, security configurations, and project showcases.

trustlayer.vn iluvu.trustlayer.vn

🚀

Secure CI/CD Pipeline

End-to-end secure pipeline with SAST, DAST, container scanning, and policy enforcement at every stage.

GitHub Documentation

📊

K8s Security Monitor

Real-time Kubernetes security monitoring using Falco, Trivy, and custom alerting pipelines.

GitHub Blog post

🔑

Vault Auto-Unseal

Automated HashiCorp Vault unsealing using AWS KMS, with disaster recovery and rotation built-in.

GitHub Architecture

Security Posture

A+

Security Rating

Container hardening complete

100%

Pipeline Coverage

SAST + DAST + Container scan

24/7

Monitoring

Real-time threat detection

Get in touch

I'm always interested in hearing about new opportunities, challenging projects, or just chatting about DevSecOps. Feel free to reach out.

📧

doanhkma.trash@gmail.com

💬

@doanhcd

💻

GitHub

github.com/doanhcd

🌐

Website

trustlayer.vn

Name

Message