Skip to content
View bgoussama's full-sized avatar

Block or report bgoussama

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
bgoussama/README.md

Bagy Oussama

Final-Year Engineering Student

Cybersecurity & Telecommunication Systems · ENSA Marrakech

Engineering Secure Systems from Code to Cloud

GitHub LinkedIn Portfolio

About Me

I am a final-year engineering student at ENSA Marrakech, specializing in Cybersecurity and Telecommunication Systems. I design secure systems, automate security controls across CI/CD pipelines, analyze cloud and infrastructure risks, and build defensive cybersecurity solutions.

My practical experience comes from academic projects and internships spanning DevSecOps, security automation, mobile security, SOC operations, and infrastructure protection. I am currently preparing for a final-year internship/PFE where I can contribute to real security engineering challenges.

Current Focus

Focus Area What I Work On
DevSecOps automation Embedding repeatable security checks into delivery pipelines
Cloud and IaC security Reviewing cloud architecture and infrastructure definitions before deployment
SOC engineering Improving event visibility, incident analysis, response, and recovery workflows
Security assessment Finding vulnerabilities, hardening systems, and translating risk into practical fixes

Featured Projects

Project Description Verified Technologies
Next-Gen DevSecOps AI-assisted platform for generating, validating, and executing secure CI/CD artifacts from natural-language requirements. FastAPI, React, Jenkins, Docker, Terraform, AWS, SonarQube, Trivy, Prometheus, Grafana
SOC Self-Healing HoneyNet Defensive SOC proof of concept combining WAF controls, honeypot deception, centralized monitoring, local analysis, remediation, and rollback. NGINX, ModSecurity, Splunk, Logstash, Elasticsearch, Grafana, Ollama, Flask, Python, Bash
TLS Posture Analyzer Android network-security auditing interface for endpoint extraction, TLS configuration analysis, APK decompilation, and security reporting. Python, FastAPI, React, Vite, JADX, Apktool
StockPilot Inventory management application with authentication, stock tracking, threshold alerts, and PDF document generation. Java, Spring Boot, Spring Security, Spring Data JPA, Thymeleaf, H2, MySQL, Bootstrap
Secure Storage for Android Android application demonstrating private storage, encrypted preferences, safe logging, data export, and cleanup. Java, Android, Android Keystore, EncryptedSharedPreferences, JSON
OpenStreetMap Location Application Android location application that stores positions through a PHP backend and displays them on OpenStreetMap. Java, Android, Volley, OSMDroid, OpenStreetMap, PHP, MySQL

Technical Skills

Security

Vulnerability Assessment Network Security SOC SIEM Incident Response System Hardening Mobile Security

DevSecOps and Cloud

Jenkins Docker Kubernetes Terraform AWS SonarQube Trivy Prometheus Grafana

Development

Python Java FastAPI Spring Boot React Bash SQL

Security Platforms and Tools

Splunk Wazuh pfSense VMware ESXi vCenter Nmap Wireshark

DevSecOps Workflow

PLAN       Define threats, trust boundaries, and measurable security requirements
  ↓
CODE       Apply secure coding practices and prevent secret exposure
  ↓
BUILD      Run static analysis, dependency checks, and container scanning
  ↓
TEST       Validate application behavior and infrastructure controls
  ↓
DEPLOY     Enforce reviewed IaC, policy gates, and least privilege
  ↓
MONITOR    Correlate events, investigate risk, respond, and improve controls

Certifications

Connect With Me


Open to Final-Year Internship / PFE Opportunities in Cybersecurity and DevSecOps

Pinned Loading

  1. next-gen-devsecops next-gen-devsecops Public

    Automatisation de pipelines CI/CD avec Jenkins Déploiement d’infrastructure avec Terraform & AWS Intégration de la sécurité (SonarQube) dans le pipeline Monitoring avec Prometheus et Grafan

    Python 1

  2. SOC-Self-Healing-HoneyNet SOC-Self-Healing-HoneyNet Public

    Intelligent SOC platform combining local AI analysis, honeypot deception, security monitoring, visualization, and automated remediation.

  3. TLS-Posture-Analyzer TLS-Posture-Analyzer Public

    Forked from M4l1k40/TLS-Posture-Analyzer

    Android security audit tool for APK decompilation, TLS inspection, endpoint extraction, vulnerability detection, and AI-powered reporting.

    Python

  4. Creation-Application-de-Localisation-avec-OpenStreetMap Creation-Application-de-Localisation-avec-OpenStreetMap Public

    Android location application using OpenStreetMap, OSMDroid, Java, PHP, and MySQL to collect, store, and display GPS positions.

    Java

  5. SecureStorageLabJava SecureStorageLabJava Public

    Android Java lab demonstrating secure local storage with Android Keystore, EncryptedSharedPreferences, internal files, cache, and secure data cleanup.

    Java

  6. gestion_stock gestion_stock Public

    Forked from halima200431/gestion_stock

    Stock management web application built with Spring Boot, featuring inventory tracking, supplier management, threshold alerts, and PDF document generation.

    Java