Fidèle Tsognong | Software Engineer • Security Researcher • Founder of Humifortis

About Me Profile

I am a software engineer with a strong focus on security research, specializing in adaptive access control, risk assessment systems, and identity infrastructure. My work combines software development expertise (Java, Golang, TypeScript) with security research to build intelligent, real-time security enforcement mechanisms.

Currently, I'm developing Humifortis - a universal incremental risk engine that provides persistent, multi-entity risk scoring consumable by WAFs, IAM systems, API gateways, and applications. The project addresses a critical void in cybersecurity: the lack of a compressed, real-time risk signal that infrastructure can use for adaptive enforcement.

Security & Access Control Research Publications

Organization-based Access Control Optimization Based on Suspicious Behavior Detection Using Information Theory

Focus: Adaptive access control optimization leveraging entropy / information theory to detect anomalous request patterns.
DOI: 10.1007/s42979-021-00515-w
A Correct-by-Construction Model for Request-Based Access Control

Focus: Formal modeling ensuring policy correctness during design—reducing logic flaws in authorization flows.
DOI: 10.1007/978-3-031-88039-1_4
Big Data Access Control for Cloud-Native Hadoop Environments

Focus: Securing distributed data processing pipelines with scalable policy enforcement across Hadoop components.
DOI: 10.24138/jcomss-2025-0023
Continuous Single-Sign-On (CSSO) Method for Authentication & Authorization in Microservices

Focus: Extending traditional SSO with continuous, context-aware validation to reduce session misuse in distributed systems.
Preprint DOI

Core Technical Skills

Engineering Stack

Languages: Java, Golang, TypeScript, Python, Shell scripting
Frameworks: Spring Boot, React, Angular
API Styles: REST, basic GraphQL consumption
Eventing & messaging integration patterns
Tooling & Automation: Bash scripting, CI/CD workflows, containerization basics
Data & Processing: Hadoop ecosystem (research context), batch orchestration concepts
Databases: SQL (MySQL, PostgreSQL) and NoSQL (MongoDB)

Security & Identity

Access Control & Policy (OPA, attribute & risk-based models)
Keycloak realm design & federation
Continuous Single Sign-On concepts (CSSO)
Web Application Firewall (WAF) deployment & tuning (OWASP Top 10 rulesets)

Observability & Data Pipelines

ELK Stack (Elasticsearch, Logstash, Kibana)
Beats: Filebeat, Auditbeat, Metricbeat, auditd pipelines
SIEM Enrichment (Wazuh custom decoders/rules)
Backup integrity & lifecycle automation

Open Source Platform Services

Moodle

End-to-end deployments, theme customization, plugin evaluation, performance tuning for institutional e-learning.

Odoo

Module selection & configuration, workflow customization, secure hosting setup, integration patterns.

Keycloak

Realm design, SSO federation, identity brokering, fine-grained access policies, audit integration.

Wazuh (SIEM)

Custom decoders, rule authoring, alert noise reduction, identity system log mapping, dashboard curation.

ModSecurity WAF (OWASP CRS)

Deployment & tuning of ModSecurity with OWASP Core Rule Set: custom rule layering, false-positive reduction, log enrichment & integration with ELK / Wazuh for actionable attack visibility.

I provide tailored customization & secure deployments for education technology and identity/security stacks. Need something unique? Reach out below.

Professional Services & Consulting

🔐 Cloudflare & Web Security

DNS Configuration: DNS setup, record management, DNSSEC basics
SSL/TLS: Certificate configuration, encryption modes, HTTPS enforcement
Email Security: SPF/DKIM/DMARC records, email routing configuration
Web Application Firewall (WAF): Basic managed rules configuration, security level tuning
Performance Optimization: CDN setup, caching configuration, page rules
DDoS Protection: Basic protection configuration and monitoring
Web Analytics: Traffic monitoring and basic insights

Note: Currently building expertise in Cloudflare ecosystem. Available for standard migrations and basic security configurations. For complex enterprise setups, I collaborate with experienced specialists.

🛡️ Infrastructure Security Consulting

Security Architecture Review: Threat modeling, attack surface analysis, zero trust design
IAM & Access Control: Keycloak deployment, SSO/SAML/OAuth2 integration, RBAC/ABAC policies
SIEM & Log Management: Wazuh deployment, ELK stack configuration, custom detection rules
WAF Deployment: ModSecurity/OWASP CRS tuning, Cloudflare WAF configuration
Compliance Support: Audit trail implementation, security controls documentation
Incident Response Planning: Playbook development, threat hunting setup, forensics readiness

🎓 Education Technology Platforms

Moodle: End-to-end deployments, theme customization, plugin integration, performance tuning
Odoo: ERP configuration, workflow automation, multi-tenant setups, module development
Campus Infrastructure: SSO integration, student data security, observability pipelines

⚙️ Custom Development & Integration

API Development: REST/GraphQL design, microservices architecture, event-driven systems
Security Tooling: Custom authentication flows, policy engines, audit frameworks
Observability: Metrics pipelines, log enrichment, dashboard automation
Database Solutions: Backup automation, cloud sync, integrity monitoring

Looking for consulting? I provide architecture reviews, migration planning, security audits, and hands-on implementation for startups, SMEs, and educational institutions. Get in touch to discuss your project.

Flagship Security Projects

Humifortis - Universal Incremental Risk Engine

Flagship

A minimal, real-time risk assessment engine that calculates persistent, incremental risk scores for any entity type (users, sessions, API keys, devices, services). Unlike traditional SIEM/UEBA systems that operate in batch mode or RBA solutions limited to authentication, Humifortis provides a universal risk state exploitable across your entire infrastructure in <10ms latency.

Key Innovation: Incremental risk calculation with temporal decay + compressed interface (risk_score, risk_level, confidence, expires_at) consumable by Cloudflare Workers, Keycloak, API Gateways, WAFs, and custom applications.

Use Cases: Adaptive rate limiting, step-up authentication, real-time session revocation, risk-aware tokens, dynamic WAF rules, automated threat response.

Philosophy: "Humifortis" (Latin: humble + strong) reflects my origin as a village child learning that true security requires continuous vigilance, adaptive intelligence, and operational humility - not just expensive tools.

Visit Humifortis Project →

CSSO IAM Platform (Continuous Single Sign-On)

An identity & access management platform that augments traditional SSO with continuous, risk-aware session assurance. Incorporates device / browser / server fingerprint signals, rate limiting, contextual anomaly detection, adaptive & risk-based authentication challenges, full user & role management, OAuth 2.0 authorization flows, and compliance-grade audit trails.

AcroForm Validator (React + Golang)

Tooling to audit and validate PDF AcroForm field naming conventions, completeness, structural consistency, and enumerated field catalogs—supports automated QA workflows and integration into document ingestion pipelines.

Database Backup & Cloud Sync Platform

Modern web-based database backup monitoring & orchestration (Golang + React). Automated backup workflows with cloud synchronization to multiple targets (Google Drive, OneDrive, local storage), integrity verification, retention policies, and encryption.

Identity Log Observability Enhancements

Custom Wazuh decoders & enrichment rules for Keycloak + Shibboleth to correlate authentication flows with authorization policy outcomes—improving triage speed and reducing false positives.

Contact & Availability

Email: [email protected]
GitHub: github.com/tsognong
LinkedIn: linkedin.com/in/tsognong-fidele
Medium: medium.com/@tsognong.fidele

Looking for help deploying or customizing Moodle, Odoo, Keycloak, or Wazuh? I offer consulting for architecture reviews, secure deployments, performance tuning, and feature extensions.

I also collaborate on education infrastructure initiatives via educosmic.tech.

Collaboration & Security Innovation Ecosystem

My primary focus is advancing adaptive security systems through Humifortis and related research. I'm building tools that make real-time, risk-aware security accessible to organizations of all sizes - from startups needing simple, effective threat response to enterprises requiring scalable, multi-layer protection.

🔐 Security & Risk Assessment

• Humifortis risk engine (core platform)
• Adaptive access control & continuous authentication
• Real-time threat detection & enforcement
• Identity lifecycle management (CSSO IAM, Keycloak)

🎓 Education Technology (Secondary)

• Secure learning platforms (Moodle, Odoo)
• Campus security infrastructure
• Observability & compliance (ELK, Wazuh)
• Open-source deployment consulting

Open for: Strategic partnerships on adaptive security research, pilot integrations of Humifortis, academic collaborations on access control optimization, and consulting engagements for identity infrastructure.

Humifortis Project → CSSO IAM →