Skip to content
View batuhan-satilmis's full-sized avatar

Block or report batuhan-satilmis

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
batuhan-satilmis/README.md

Hi, I'm Batuhan Satilmis 👋

Application Security Engineer · IT Security Consultant · GRC Analyst

📍 San Francisco Bay Area · Open to remote and hybrid 🌐 forsmantech.com · 💼 LinkedIn · ✉️ batuhan@satilmis.me

About

Application-security-focused practitioner. I design, build, and harden production SaaS against the OWASP Top 10 — RBAC, JWT auth, Supabase Row-Level Security, field-level encryption, CSP/CSRF defenses, audit logging — and translate the result into NIST CSF / SOC 2 / HIPAA strategy that engineering and executive audiences both understand.

Currently founder & security consultant at Forsman Technology & Consulting, where I built the Forsman CRM — a multi-tenant SaaS platform implementing the full OWASP Top 10 control set — and deliver NIST CSF–aligned posture assessments, Zero Trust roadmaps, and HIPAA-aware integrations for SMB clients.

  • 🎓 B.A.S. Information Security & Assurance — University of Hawaii, West Oahu
  • 🛡️ CompTIA Security+ certified
  • 📰 Author of 5 published industry briefs on Industrial Control Systems & critical infrastructure cybersecurity

Focus Areas

Application Security              NIST CSF · ISO 27001 · SOC 2 · HIPAA
OWASP Top 10 & ASVS               GRC · Risk Assessment · Threat Modeling
Secure SDLC · Secure Code Review  RBAC · IAM · Zero Trust Architecture
Vulnerability Management          Cloud Security (AWS, Azure)
Incident Response                 Python Security Tooling & Automation

Featured Projects

Repository What it is
forsman-crm-showcase Architecture, threat model, and OWASP control mapping for a production multi-tenant SaaS I designed and built. No source code — by design.
owasp-saas-hardening-guide Practical, code-first walkthroughs of every OWASP Top 10 risk in Node.js + React SaaS, with reference fixes and tests.
threat-modeling-framework STRIDE worksheets, MITRE ATT&CK mappings, and a small Python tool to generate risk registers from .yaml threat models.
security-audit-toolkit Python toolkit that audits AWS / Azure / Microsoft 365 configurations against NIST CSF and CIS benchmarks; outputs prioritized remediation.
incident-response-playbook NIST 800-61–aligned runbooks for cloud credential compromise, data exfiltration, ransomware, and BEC, with executive-summary templates.
property-finder Full-stack React + Firebase app with hardened auth, RBAC, and encrypted API calls.

Tech Stack

Languages: Python · JavaScript / Node.js · TypeScript · SQL · C# Frameworks & Runtime: React · Express · Vite · Tailwind Data: PostgreSQL · Supabase (Row-Level Security) · Firebase Cloud: AWS · Microsoft Azure / Entra ID · Vercel · Railway Security tooling: Burp Suite · OWASP ZAP · Nmap · Wireshark · Splunk (foundational) IT / IAM: Active Directory · Microsoft 365 · Google Workspace · ITSM (KBOX)

Certifications

  • 🛡️ CompTIA Security+
  • 🤖 IBM Applied AI Specialization (Coursera)
  • 🧪 Python Essentials 1 & 2 (Cisco Networking Academy)
  • 💻 Full-Stack Engineer (Codecademy)

Open To

Application Security Engineer · IT Security Consultant · GRC Analyst · Security Engineer roles in the SF Bay Area and remote.

Reach me on LinkedIn or at batuhan@satilmis.me.

Pinned Loading

  1. forsman-crm-showcase forsman-crm-showcase Public

    Architecture, threat model, and OWASP control mapping for the Forsman CRM — a production multi-tenant SaaS I designed and built.

  2. owasp-saas-hardening-guide owasp-saas-hardening-guide Public

    Practical, code-first walkthroughs of every OWASP Top 10 risk in Node.js + Express + React, with vulnerable / fixed examples and tests.

  3. api-security-checklist api-security-checklist Public

    Practical, code-first checklist for hardening REST APIs — auth, RBAC, input validation, webhooks, SSRF. Companion to my OWASP SaaS Hardening Guide.

  4. threat-modeling-framework threat-modeling-framework Public

    STRIDE worksheets, MITRE ATT&CK mappings, and example threat models for SaaS features. Designed to make threat modeling a 30-minute habit.

    Python

  5. security-audit-toolkit security-audit-toolkit Public

    Python toolkit that audits AWS / M365 / Supabase configurations against NIST CSF and CIS Benchmarks. Outputs prioritized remediation reports.

    Python

  6. soc2-readiness-tracker soc2-readiness-tracker Public

    File-based SOC 2 readiness tracker that produces an executive readiness report from a YAML control inventory. Python CLI, 5-tier TSC coverage.

    Python