Skip to content
View Oluwatobi-Mustapha's full-sized avatar
9 followers · 0 following

Achievements

Achievement: YOLOAchievement: Pair ExtraordinaireAchievement: Pull Sharkx2Achievement: Quickdraw

Achievements

Achievement: YOLOAchievement: Pair ExtraordinaireAchievement: Pull Sharkx2Achievement: Quickdraw

Block or report Oluwatobi-Mustapha

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
Oluwatobi-Mustapha/README.md

Hi, I'm Oluwatobi Mustapha

Cloud IAM Security Engineer | Non-Human Identity | OSS Contributor

I build and secure IAM systems across cloud and distributed environments, with a focus on least-privilege architecture for both human and machine identities.

Member of the AWS Community Builders and The Identity Underground.

Open Source Contributions

I contribute security fixes to enterprise identity infrastructure and cloud governance projects.

  • Keycloak Improved fine-grained admin permissions by closing policy-evaluation gaps around protected group memberships, and contributed fixes across OIDC and OID4VCI flows.
  • Home Assistant Core Improved Google Sheets authentication reliability by fixing OAuth error handling so invalid credentials trigger secure re-authentication while transient provider failures retry safely.
  • Authentik Fixed an OAuth2 credential-decoding flaw that broke authentication when secrets contained special characters, restoring reliable sign-in for automated workflows.
  • Better Auth Delivered security patches that closed OTP bypass paths and tightened cryptographic validation to reduce session takeover risk.
  • Cloud Custodian Fixed an AWS IAM monitoring blind spot so legitimate AccessDenied events surface correctly during multi-account compliance and security audits.

My full open-source contribution log

Projects

  • Boundary - AWS JIT Access Broker A just-in-time access vending engine that reduces provisioning time from days to seconds while generating artifacts needed for SOC 2 audit evidence.
  • Identrail - Machine Identity Security A machine identity security platform for cloud and Kubernetes environments focused on discovering workload identities, analyzing risky access paths, and reducing identity exposure.
  • IAM Logic Fuzzer A security testing tool that surfaces hidden privilege escalation paths in IAM policies and helps validate controls against CIS AWS benchmarks.

Core Stack

Infrastructure
AWS Kubernetes Microsoft Azure

Engineering
Go Python Terraform

Identity
Cedar Microsoft Entra ID SPIFFE HashiCorp Vault

Certifications

AWS Certified Security - Specialty badge
AWS Certified Security - Specialty 		HashiCorp Terraform Associate badge
HashiCorp Terraform Associate
AWS Solutions Architect - Associate badge
AWS Solutions Architect - Associate 		CompTIA Security+ badge
CompTIA Security+

Open to Work

Cloud IAM and Security Engineering roles.

LinkedIn

Email: oluwatobimustapha539@gmail.com

Pinned Loading

  1. boundary boundary Public

    Serverless Just-In-Time (JIT) access broker for AWS. Features Slack ChatOps, policy-as-code, and automated zero-trust revocation.

    Python 6 1

  2. iam-fuzzer iam-fuzzer Public

    Automated fuzzing tool for identifying AWS IAM logic flaws, and permission boundaries.

    Python 8

  3. identrail identrail Public

    machine identity security platform.

    Go 3

  4. OSS-Contributions OSS-Contributions Public

    A curated list of my merged open-source PRs.

    3