keeplook4ever

Sensitive Data Scanning & Test Environment Governance. Developed GoDLP-based scanning for 6+ sensitive data types (phone/email/ID/bank card/API keys/passwords), offering API integration and file detection. Led remediation of MySQL test environments: Coordinated with DBAs/business units to encrypt or purge 100+ exposed tables. Designed data masking workflows for production-to-test syncs, including Wiki data monitoring and Kafka/API integrations with stakeholders. Anomaly Detection & Alerting. Built real-time monitoring using FlinkCEP + Avitor to flag: High-frequency access, off-hours logins, and abnormal DB operations (e.g., bulk deletions). Integrated alerts via WeCom for rapid response. Optimized detection rules by establishing user behavior baselines with ML support, reducing false positives by 35%. Supported audit/compliance with granular activity logs and regulatory reports.

Group IAM Platform Governance. Spearheaded the integration and security remediation of the group-wide IAM platform, driving permission governance for critical business systems through data analysis (e.g., dormant accounts, over-privileged roles). Enabled self-certification and audit workflows to validate permission rationality, reducing excessive access by 30%+. MingJian Data Classification & Discovery Platform. From 0→1 built Trip.com’s sensitive data discovery platform, aligning with compliance (e.g., GDPR & China Data Security Law) via: Unified scanning for MySQL, SQLServer, Hive, ClickHouse, ElasticSearch (expanding to PostgreSQL/MongoDB/Redis). 84%+ accuracy for L3/L4 data classification using regex and expert rules. End-to-end control: identification → encryption → masking for global data assets. Security Operations & Analytics. Redash Dashboarding: Deployed and trained teams to visualize event trends (e.g., access anomalies). UEBA Rules: Detected cross-border/abnormal queries in customer service internal system, integrating with IAM to auto-revoke risky permissions. Strategy Optimization: Reduced false positives by 40% via log analysis (e.g., conf sensitive keyword searches). SQL Parser: Developed scripts to parse Hive/PostgreSQL/MySQL queries, linking to MingJian for sensitive query risk alerts.

Zero Trust & IAM Technology Research. Evaluated Zero Trust solutions from Zhongtong, QiAnXin, Sangfor, Tencent, ByteDance, and IAM architectures from Huawei, AWS, integrating insights to design a corporate Zero Trust IAM model. Combined research with hands-on implementation via GeekTime IAM project to validate architecture feasibility. Data Security Platform Development. Built a Django-based platform supporting multi-source data queries (MySQL, Hive, HBase, PostgreSQL, MongoDB, Redis, Presto, OpenTSDB, ClickHouse) with data masking, RBAC, workflow approvals, and audit logging. Optimized data encryption and dynamic masking rules for sensitive fields (e.g., PII). Bastion Host System. Enhanced Jumpserver (open-source) to support Linux SSH/SFTP and Windows RDP (via XRDP), with granular controls for clipboard copy/paste, SFTP backups, and IP whitelisting. Kibana & Kuboard Proxy Development. Designed proxies for Kuboard (integrated with CMDB) and Kibana to enforce 4A governance (Authentication, Authorization, Accounting, Audit) over containerized assets and Elasticsearch queries. Golang/Gin-Based Security Chatbot. Architected an AI-driven security assistant using Gin framework to automate troubleshooting for VPN, Bastion Host, and JIRA issues, improving operational efficiency by 30%+. OTP & SRC Project. Led OTP (One-Time Password) and Security Response Center (SRC) system upgrades, hardening authentication flows and vulnerability reporting pipelines.

Security Anti-Fraud System Development. Designed and implemented a real-time anti-fraud system using Nginx-Lua for traffic mirroring and request interception, including a self-developed Lua-based blocking module and token revocation system. Led the 920 Anti-Fraud Project, covering vendor evaluation (Qianxin, Topsec, Knownsec, Ruishu), deployment, testing, and strategy optimization. Enhanced fraud prevention with device fingerprinting, CAPTCHA, and behavioral analysis, reducing potential losses by ¥800K+ during promotional events. Black-Box Scanner Project. Optimized crawler (PhantomJS) and automated login to improve scanning efficiency. Developed detection plugins for XSS, CSRF, XXE, SQLi, CORS, SPF misconfigurations, and sensitive path exposure. Implemented scheduled scanning, reporting, and vulnerability tracking with remediation guidelines. Fortify White-Box Scanning System. Automated code scanning via Python & Jenkins, integrating with CI/CD pipelines. Reduced false positives by refining scan rules and optimizing result analysis. Generated actionable reports and drove developer remediation efforts. Baseline Compliance Check System. Built an automated checker based on CIS Benchmarks for OS, middleware, network devices, and databases. Developed periodic scanning, alerting, and dashboards, ensuring timely fixes by operations teams.