Hello, I’m

Nishantha
Jayawardhana

Cybersecurity student and founder-developer of security-first software platforms, from an AI-powered scam-protection service to COPPA-isolated EdTech. I design systems where security is the architecture, not an afterthought.

01. About

I’m a cybersecurity student pursuing a B.S. in Information Assurance & Cyber Defense at Eastern Michigan University (expected April 2027), with an A.A.S. in Network Security from Macomb Community College (Summa Cum Laude, GPA 3.85). Before going back to school full-time, I spent three years in enterprise IT for K-12 school districts, managing Active Directory, servers, backup systems, firewalls, and networks across multi-school environments.

Today I build and ship production software platforms as a solo developer, with security engineering at the core: hardened authentication (NIST 800-63B / OWASP ASVS), multi-tenant data isolation, AI safety guardrails, threat modeling, and DevSecOps pipelines. I’m a National Cyber League Silver Bracket finisher and an alum of the Macomb CC Cybersecurity Club.

Away from the keyboard, I recharge by meditating, camping, and traveling. I like thinking differently, and I love starting new projects and seeing them through to the finish.

02. Projects

Seclum · AI-Native Security Platform

A live consumer scam-protection platform: users submit suspicious URLs and SMS messages and get AI-reasoned verdicts with human-readable explanations. Six hardened reasoning agents on the Anthropic Claude API with prompt-injection guards and a global spend kill-switch. Privacy-by-design: input is SHA-256 hashed at the Cloudflare edge, with hash-only persistence and GDPR export/delete. ~35,000 lines of TypeScript with full test suites.

  • TypeScript
  • Next.js
  • Cloudflare Workers
  • Claude API
  • Postgres
  • Pulumi

Angstroma · Accessibility-Compliance SaaS

Multi-tenant B2B web-accessibility platform: a .NET 10 API, a Next.js management portal, and a ~17KB embeddable widget delivering 74 accessibility tools. Backend-for-frontend auth where tokens never reach the browser (Argon2id, RS256 JWTs, passkeys). Hardened through an owner-authorized penetration test: every finding remediated, including a CVSS 8.2 IDOR, and pinned with ~50 security regression tests. Controls mapped to SOC 2, ISO 27001, OWASP ASVS L2, and WCAG 2.2 AA.

  • C# / .NET 10
  • Next.js
  • WebAuthn
  • EF Core
  • Playwright

Graventis · Enterprise EdTech / LMS Platform

An education platform of 10 Next.js apps backed by two .NET APIs (~1,290 endpoints). COPPA-compliant children’s-data isolation with a physically separate PII database, a fail-closed 8-gate AI security gateway, and a NIST 800-63B authentication stack with TOTP/WebAuthn MFA, Entra ID SSO, and SAML 2.0. ~3,000 automated tests and a DevSecOps pipeline with CodeQL, nonce-based CSP, and SLSA Level 3 build provenance.

  • .NET 10
  • Next.js
  • Azure
  • SAML / SSO
  • Stripe
  • CodeQL

PrepPilot · AI Career-Coach iOS App

AI-powered interview-practice and career-coaching app shipped to Apple TestFlight, backed by Cloudflare Workers and D1. Sign in with Apple verified end-to-end on the backend, rotating hashed refresh tokens with family reuse detection, AES-GCM encryption at rest, and a credit-based monetization engine integrated with RevenueCat and Apple in-app purchases.

  • React Native
  • Expo
  • Cloudflare Workers
  • D1
  • RevenueCat

03. Experience

  1. 2025 to Present

    Web Administrator @ Buddothpado International Meditation Center

    Manage five production websites for the organization and its affiliated foundations, covering design, maintenance, performance optimization, and security hardening.

  2. 2023 to May 2025

    Information Technology Specialist @ Clio Area Schools

    Lead IT specialist for two schools in a six-school district. Managed Active Directory, Google Workspace, and Azure environments including security configurations; ran district backup/recovery with Microsoft DPM; deployed physical and virtual servers (SCCM, file/print, phone systems); administered Lightspeed firewalls, Ruckus wireless, and Cisco switching; automated deployments with PowerShell.

  3. 2022 to 2023

    IT Repair Technician @ Clare-Gladwin RESD

    Dedicated technician for a five-school district. Installed and repaired device fleets; administered secure access with NetIQ iManager and Google Admin (permissions, MFA); managed devices with ZENworks and IBM MaaS360; tracked inventory in Snipe-IT.

04. Skills

Security

  • Threat modeling
  • OWASP Top 10 / ASVS
  • NIST 800-63B & CSF
  • Pen testing & remediation
  • Nmap
  • Wireshark
  • Prompt-injection defense
  • WAF
  • CSP
  • SAST (CodeQL, semgrep)
  • gitleaks

Identity & Auth

  • Active Directory
  • Entra ID (Azure AD)
  • Google Workspace
  • MFA / TOTP
  • WebAuthn / passkeys
  • SAML 2.0
  • OAuth / OIDC
  • JWT (RS256)
  • Argon2id

Cloud & Infrastructure

  • Azure
  • Cloudflare Workers
  • Cloudflare WAF
  • Vercel
  • Pulumi IaC
  • GitHub Actions
  • SCCM
  • Microsoft DPM
  • Key Vault

Development

  • TypeScript
  • C# / .NET
  • Python
  • PowerShell
  • SQL / PostgreSQL
  • React / Next.js
  • React Native
  • Node.js

Systems & Networking

  • Windows Server
  • Kali Linux
  • Ubuntu
  • macOS
  • Cisco switches
  • Ruckus wireless
  • Lightspeed firewall
  • Network design

Awards & Activities

  • NCL Silver Bracket (2020)
  • Summa Cum Laude
  • Dean’s List ×4
  • IYMC Pre-Finalist
  • Cybersecurity Club

05. Contact

Open to security engineering and software opportunities. Want to work together or just say hello? My inbox is always open.