About Me
I'm Gufran. I work on infrastructure security - building systems that protect everything from the kernel layer to cloud platforms and AI workloads.
I've worked on eBPF-based security, confidential computing, Kubernetes, attestation protocols, and distributed systems at scale.
- AI Security Infrastructure
- Distributed Systems & Networking
- Confidential Computing
- Runtime & Kernel Security
Where I’ve Worked
Senior Staff Engineer @ Protect AI / PANW
Sept 2024 - Current
- Built AI Infrastructure and Security at scale.
Blogs
I do write about whatever I am learning and doing, mostly about software development. Below are the blogs I have written and I am going to publish more blogs whenever I got some time to write
![TLS with Remote Attestation (aTLS) | Machine-to-Machine Secure Channel]()
TLS with Remote Attestation (aTLS) | Machine-to-Machine Secure Channel
An Attested TLS channel is a TLS channel that integrates remote attestation validation as part of the TLS channel establishing process.
![Managing the cryptographic keys within Trusted Execution Environment]()
Managing the cryptographic keys within Trusted Execution Environment
High level overview of the cryptographic keys management in the Trusted Execution Environment.
![Trusted Platform Module (TPM) as Root of Trust (rot) and cryptographic features]()
Trusted Platform Module (TPM) as Root of Trust (rot) and cryptographic features
High level overview of the trusted platform module its cryptographic features that can be used to perform the platform attestation.
Tech Talks
These are all the talks I have given over the past couple years. Mostly on location, sometimes remote.
Securing Kubernetes Workloads with Istio Service Mesh
Robust, transparent, and secure communication between kubernetes services is absolutely crucial. In this talk, we will explore how to secure the communication between the services with TLS/mTLS encryption.
PnPLoc: UWB Based Plug & Play Indoor Localization
Improving the indoor localization with two way ranging (TWR) protocol and TDoA. Based on Paper: PnPLoc: UWB Based Plug & Play Indoor Localization
TIP: Time-Proportional Instruction Profiling
Internals of CPU Profiling with different instruction sets and architectures
Open Source Projects
Below are the list of the projects that I have built, and open sourced. Most of these projects are Starter Kits & POCs that I built internally for experimentation and later open sourced it.
Event Streaming Pipeline for Cloud Native Workloads
This POC is built with the goal to collect events/logs from the host systems such as Kubernetes, Docker, VMs, etc. A buffering layer is added to buffer events from the collector
NextJS Frontend Boilerplate Starter Kit
Production grade boilerplate for starting the frontend project. Using NextJS, including user authentication.
Go Restful API Boilerplate Starter Kit
The goal of this boilerplate is to have a solid and structured foundation to build microservices in Golang. It has an inbuilt authentication backend.
Get In Touch
Although I’m not currently looking for any new opportunities, my inbox is always open. Whether you have a question or just want to have discussion about some cool tech trend or a product, feel free to drop me a message, I’ll try my best to get back to you!