SECURE TERMINAL // CLEARANCE: VISITOR
CoreDirective Security Terminal v2.1
Type "help" for available commands.
 
visitor@coredirective:~$
KEYBOARD SHORTCUTS
JNext section
KPrevious section
TOpen terminal
RDownload resume
?Toggle this panel
ESCClose overlays
Press any key to close
█ CLASSIFICATION: TOP SECRET // EYES ONLY

Agent Dossier

Codename: CORE_DIRECTIVE
Origin: Cameroon → Atlanta, GA
Clearance: IAT/IAM Level III

Objective: Build the future of autonomous security operations. One infrastructure at a time.

Current Status: Armed with 6 certifications, a production security platform running 24/7, and an unreasonable amount of determination.

// If you found this, you're probably an engineer.
// We should talk.

◉ emmanueltigoue@gmail.com
◉ (404) 839-2214
Press ESC or click to close
ESTABLISHING SECURE CONNECTION
VERIFIED. ACCESS GRANTED.
[ Security Engineer ] // Atlanta, GA

EMMANUEL TIGOUE

CASP+ (SecurityX) • SSCP • CCNA • DoD 8140 IAT/IAM III

Security Engineer delivering AI-augmented cloud security platforms for enterprise clients on AWS. Integrates LLM-driven automation with SOAR orchestration for threat detection and incident response. Reduced attack surface by 85% through Zero Trust architecture.

Download Resume View on GitHub
OPEN TO WORK // SECURITY ENGINEER
// Proof of Work

What I Built

CoreDirective Automation Engine — a production security platform on AWS serving enterprise clients. 6-service containerized stack, 17 integrated services, zero external AI costs. Every metric below is verifiable in the public repository.

17
Integrated Services
89%
NIST/CIS Coverage
85%
Attack Surface Reduction
$0
AI Inference Cost
99.2%
Workflow Success Rate
$135
Monthly Infrastructure
Threats Analyzed 10,847 // MONITORING ACTIVE
System Architecture // CoreDirective Automation Engine
Layer 1 // Perimeter
◉ Cloudflare Tunnel TLS 1.3
◉ AWS Security Groups DEFAULT DENY
◉ SELinux Enforcing container_t
Layer 2 // Zero Trust
◉ Identity-Aware Proxy OTP AUTH
◉ Docker Bridge Isolation 172.28.0.0/16
◉ Credential Rotation QUARTERLY
Layer 3 // Services
◉ PostgreSQL 16 :5400
◉ n8n SOAR :5600
◉ Ollama / Qwen :11400
◉ Whisper STT :8200
◉ OpenClaw AI :18700
AWS EC2 t3.xlarge • 16GB RAM • 100GB gp3 • Terraform IaC
Zero Trust

3-Layer Security Architecture

Cloudflare Tunnel + AWS Security Groups + SELinux container confinement. No exposed ports. 16/18 NIST 800-53 controls implemented. Quarterly credential rotation enforced.

Cost Engineering

72% Cost Reduction

Self-hosted Qwen 2.5 7B (4-bit quantized) replaces $400/mo GPU instances. Self-managed NAT instance saves $367/year vs AWS NAT Gateway. Production Terraform with S3+KMS state backend.

Automation

17-Service Orchestration

Single webhook-driven control plane. Google Workspace, Telegram, PostgreSQL, Ollama, Cloudflare, GitHub, and 11 more services. 99.2% success rate across 700+ workflow executions.

TERRAFORM // zero-trust-sg.tf
resource "aws_security_group" "zero_trust" {
  name   = "cd-zero-trust-sg"
  vpc_id = aws_vpc.main.id

  ingress {
    # No inbound rules - tunnel access only
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = [] # DEFAULT DENY
  }

  egress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  tags = { Name = "CoreDirective-ZeroTrust" }
}
DOCKER // container-hardening.yml
services:
  cd-service-n8n:
    image: n8nio/n8n:latest
    security_opt:
      - no-new-privileges:true
    read_only: true
    tmpfs:
      - /tmp
    networks:
      - cd-internal # isolated bridge
    deploy:
      resources:
        limits:
          memory: 2G
          cpus: "1.0"
    cap_drop:
      - ALL # drop all capabilities
    cap_add:
      - NET_BIND_SERVICE
// Clearance Stack

Certifications

◉ VERIFIED

CompTIA CASP+ (SecurityX)

Advanced Security Practitioner
DoD 8140 IAT/IAM Level III
Expires Jun 2028 • Click to verify on Credly
◉ VERIFIED

ISC2 SSCP

Systems Security Certified Practitioner
Operational Security
Click to verify on Credly
◉ VERIFIED

Cisco CCNA

Certified Network Associate
Enterprise Networking
Click to verify on Credly
◉ VERIFIED

CompTIA Security+

Security Fundamentals
DoD 8140 Baseline
Expires Jun 2028 • Click to verify on Credly
◉ VERIFIED

CompTIA Network+

Networking Fundamentals
Infrastructure Foundation
Expires Jun 2028 • Click to verify on Credly
◉ VERIFIED

ISC2 CC

Certified in Cybersecurity
Security Foundations
Click to verify on Credly
◉ IN PROGRESS

AWS Certified Security — Specialty

Cloud Security Architecture
AWS-Native Threat Detection
Target 2026
// Service Record

Experience

CoreDirective — Security Engineer
Atlanta, GA • Sep 2025 – Present
  • Delivered AI-augmented cloud security platforms for clients, integrating LLM orchestration, automated threat detection, and SOAR workflows processing live traffic 24/7 on AWS infrastructure
  • Architected a Zero Trust access framework using Cloudflare Tunnels and identity-aware proxy across 6 production services, eliminating all exposed ports and reducing lateral movement risk by 85%
  • Deployed production LLM infrastructure (Claude, Ollama) behind API gateway authentication with container isolation, enabling AI-driven security analysis and automated incident response
  • Engineered AWS-native threat detection (GuardDuty, CloudTrail, Security Hub) processing 10,000+ daily events, reducing mean time to detect from 48 hours to 4 hours
  • Automated 12 security operations workflows integrating Claude AI and SOAR orchestration, eliminating 20+ hours/month of manual alert triage and enrichment
  • Codified 30+ AWS resources via Terraform with enforced security baselines across VPC, IAM, EC2, and S3, eliminating configuration drift
  • Hardened 8 Docker containers on Linux with network segmentation, unprivileged execution, and read-only filesystems, reducing container attack surface by 90%
Texaco — IT Operations Manager
Atlanta, GA • Mar 2022 – Feb 2026
  • Sustained 99.5% network uptime over 2.5 years across routers, switches, firewalls, and DNS infrastructure supporting continuous retail operations
  • Segmented POS payment traffic into dedicated VLANs, reducing broadcast domains by 70% and aligning network architecture with PCI-DSS requirements
  • Administered Active Directory group policies enforcing password complexity, least-privilege access, and software restriction, preventing unauthorized application installs across all endpoints
  • Automated user provisioning and credential rotation via PowerShell, reducing onboarding from 2 hours to 20 minutes per account
  • Led incident response for 95% of network security incidents within 2-hour SLA, performing traffic analysis with Wireshark for root cause identification
// Academic Record

Education

Georgia State University — Atlanta, GA
GPA: 3.7 • Dean's List
  • B.B.A. Computer Information Systems — May 2026
    Concentration in Cybersecurity
  • B.B.A. Business Economics — May 2025
  • A.S. Business Administration — May 2025
// Connect

Contact

Open to Security Engineer roles. Available for interviews and technical discussions.

▶ LinkedIn ▶ GitHub ▶ Email ▶ Resume (PDF)
emmanueltigoue@gmail.com
(404) 839-2214