Skip to content
View imusmanmalik's full-sized avatar
🏋️‍♂️
I may be slow to respond.
🏋️‍♂️
I may be slow to respond.
28 followers · 33 following

Achievements

Achievement: YOLOAchievement: Pull Sharkx2Achievement: Starstruckx2Achievement: Quickdraw

Achievements

Achievement: YOLOAchievement: Pull Sharkx2Achievement: Starstruckx2Achievement: Quickdraw

Highlights

Block or report imusmanmalik

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
imusmanmalik/README.md

whoami

name: Usman Malik
experience: 15+ years in Linux/UNIX, Cloud Native, Security
focus:
  - Private cloud for critical infrastructure (energy, regulated, sovereign workloads)
  - Bare metal & virtualization (Ironic, Metal3, metal-operator, KubeVirt, Cloud Hypervisor, KVM)
  - Kubernetes platforms, operators, and edge orchestration
  - L3 networking - BGP-to-Host, unnumbered BGP, ECMP-based load balancers
  - Supply chain security - Sigstore, Cosign, SLSA, SBOM, in-toto
  - DevSecOps, policy-as-code, compliance (ISO 27001, VDS 3473, NIS2, KRITIS)
  - Security research, bug bounty, digital forensics, incident response
  - Open source contributions across CNCF & sovereign cloud (NeoNephos)
education:
  - MSc Digital Investigation & Forensic Computing
fun_fact: "I read RFCs, kernel changelogs, and CVE feeds for fun."

Tech Stack

Languages

Go Rust Python TypeScript Bash Java

Cloud Native & Kubernetes

Kubernetes Helm Argo CD Flux Tekton Carvel Crossplane KRO Radius Backstage Operator SDK Rancher

Private Cloud & Bare Metal

OpenStack NeoNephos Ironic Metal3 metal-operator Cluster API KubeVirt Cloud Hypervisor KVM / QEMU Talos Linux Kairos Tinkerbell Cozystack Proxmox Firecracker Flintlock Bottlerocket Flatcar bootc

Networking

Cilium kube-ovn Calico Istio FRRouting BIRD ExaBGP Linkerd Kuma Kmesh LoxiLB Katran BGP-to-Host Unnumbered BGP BGP L3 DC EVPN VXLAN ECMP + BGP MetalLB HAProxy BlueField DPU

Cloud & Infrastructure

AWS Azure GCP OVHcloud Hetzner Equinix Terraform Ansible Docker Linux Red Hat Ubuntu

Observability

OpenTelemetry Prometheus VictoriaMetrics Mimir Grafana Loki Tempo Pyroscope Vector Fluent Bit Elastic Jaeger Sloth

Databases

PostgreSQL CloudNativePG pgvector TimescaleDB CockroachDB MySQL MongoDB Redis Chroma

Storage

Ceph Rook LINSTOR Piraeus OpenEBS Longhorn Velero MinIO SeaweedFS RustFS Garage

Supply Chain Security

Sigstore Cosign SLSA in-toto SBOM Syft Kyverno OPA Gatekeeper

Security & DevSecOps

Trivy Falco Tetragon eBPF Vault cert-manager External Secrets SOPS Cloud Custodian Constellation Coraza WAF Kata Containers gVisor OWASP Burp Suite Wireshark PKI / mTLS ISO 27001

AI / GenAI Infrastructure

NVIDIA AI Triton vLLM llm-d AIBrix Ollama LocalAI LiteLLM KubeAI KAITO Higress Langfuse K8sGPT HolmesGPT Anthropic OpenAI MCP A2A LangChain

More

Streaming & Messaging

Kafka NATS Redpanda RabbitMQ Pulsar

API Gateways

Kong APISIX Traefik Gateway API Emissary kgateway

Identity & Zero Trust

Keycloak Authentik Authelia Teleport SpiceDB Infisical OpenZiti

Multi-Cluster & Fleet

Karmada Clusternet k0smotron k0rdent KubeVela Fleet Kamaji

Chaos Engineering

Chaos Mesh LitmusChaos Chaos Toolkit PowerfulSeal KubeInvaders

CI/CD & Tooling

GitHub Actions GitLab CI Jenkins Earthly Vim Neovim VS Code

Security Research & Forensics

$ whoami --security

Architect
Critical Infrastructure  # private cloud & platforms for energy / regulated sectors
Bug Bounty Hunter        # responsible disclosure across web & infra targets
Pentester                # network, host, cloud, container & Kubernetes hardening
Digital Forensics        # incident response, container & host forensics, eDiscovery
Threat Modeling          # STRIDE, attack surface mapping, zero-trust architectures
DevSecOps Engineer       # shift-left CI/CD: SAST/DAST, secret scanning, IaC scanning,
                         # image signing (Sigstore/Cosign), SLSA provenance, SBOM (CycloneDX/SPDX),
                         # admission control (Kyverno, OPA/Gatekeeper), runtime (Falco, Tetragon)
Compliance               # ISO 27001, VDS 3473, BSI IT-Grundschutz, NIS2, KRITIS,
                         # ISMS lead, audit prep, risk assessments, SoA, control mapping

GitHub Stats

GitHub stats top languages

Activity Graph

Activity graph

Contribution Snake

github snake

Open Source & Community

Support

If my open source work has helped you, you can support me here.

footer

Pinned Loading

  1. randomizer randomizer Public

    GoLang library for generating cryptographically secure random numbers using the crypto/rand package

    Go 33 1

  2. cloudnative-pg-timescaledb-postgis-containers cloudnative-pg-timescaledb-postgis-containers Public

    Operand images for CloudNativePG containing PostgreSQL with TimescaleDB and PostGIS

    Dockerfile 64 18

  3. kapp-controller kapp-controller Public

    Forked from carvel-dev/kapp-controller

    Continuous delivery and package management for Kubernetes.

    Go

  4. carvel carvel Public

    Forked from carvel-dev/carvel

    Carvel provides a set of reliable, single-purpose, composable tools that aid in your application building, configuration, and deployment to Kubernetes. This repo contains information regarding the …

    HTML

  5. Installing Canonical MicroCloud Installing Canonical MicroCloud
    1 
    # Installing Canonical MicroCloud
    2 
    
              
    
              
    
                3
                
    ## Pre-requisites
    
              
    
              
    
                4
                
    
              
    
              
    
                5
                
    ```shell
    
              
    
          
    
    
    
  
    

    6. 

      
  6. 
  
    
    
    
      
    
        
    
            
          cert-manager-mixin  cert-manager-mixin          Public
        
    
      
    


      
    
        Prometheus Mixin for cert-manager https://cert-manager.io/
      
    

      
    
          
  
  Jsonnet


          
            
    

            15
          
          
            
    

            6
          
      
    
    
    
  
    

    7.