AI-First Software Company · Building Products That Ship

Code that
ships, not
decks.

I build production software across fintech, real estate, compliance, CAD/BIM, and AI infrastructure — all powered by local LLMs (zero cloud API costs). 18+ products shipping, each with full observability, security architecture, and real users.

See What's Shipping → Work with me
18+
Production apps shipped
$0
Cloud API costs (local Ollama)
3K+
Knowledge base documents
0
Security breaches
Verified results
PCI DSS 4.0 Level 1 · Zero findings ~$900K/yr · AWS cost reductions 40+ Helm · 40+ CI · 150+ IaC DORA · NIS2 · AI Act · GDPR · PCI 15 min · MTTD
Products shipping in Compliance · 6 platforms Real Estate · Esla.by Trading · Crypto E-commerce · WB-SMP AI/ML · LLM pipelines DevSecOps · SAO + GRC CAD/BIM · BIMcore DevTools · tools.gantman.biz
He's the kind of person every CTO wants on their side. D. F. · Head of Engineering / Deputy CTO, fintech
01

Products shipping

Production
Platform · Real Estate

Esla — AI Real Estate Platform

Telegram Mini-App for Belarus market
Full-stack real estate platform with NLP property search (Russian/Belarusian), automated valuation (AVM), and realtor marketplace. 22 microservices, zero cloud API costs.
  • NLP search via Ollama Qwen3-Coder-30B
  • LightGBM AVM with SHAP explainability
  • Keycloak + Vault + 10 Grafana dashboards
FastAPI React PostgreSQL Ollama
View architecture →
Production
Platform · Trading

Trade — Zero-Tolerance Crypto

Personal trading with security-first architecture
Crypto trading platform where the design goal is preventing catastrophic loss. Independent risk breakers, FIDO2 kill-switches, <60s key revocation.
  • 4-tier drawdown ladder (auto-kill at thresholds)
  • FIDO2/Yubikey-authenticated kill-switch
  • 100% audit trail coverage via journal-shim
Freqtrade Vault Wazuh FIDO2
View architecture →
Development
SaaS · E-commerce

WB-SMP — Wildberries Tools

For sellers on Russia's largest marketplace
B2B SaaS integrating 262 Wildberries API endpoints. Real-time unit economics, automated bid optimization, inventory forecasting, competitive intelligence.
  • 14 WB API hosts integrated (262 endpoints)
  • Auto-bid optimizer with ROAS targeting
  • 14-day inventory forecasting
FastAPI TimescaleDB Celery Vault HSM
View architecture →
Production
Agent · AI/ML

Ollama Decomposition Agent

For large prompt orchestration
Intelligent prompt decomposition for local LLMs. Splits large prompts into semantic sub-tasks, executes in parallel, synthesizes coherent results. 30-50% latency reduction.
  • Semantic splitting at natural boundaries
  • Parallel execution (3 concurrent)
  • Multi-strategy aggregation (auto-select)
Python AsyncIO Tiktoken DeepSeek-R1
View architecture →
Production
Pipeline · Automation

Jobs Finder — AI Job Search

Multi-source scraper with AI ranking
Aggregates jobs from Telegram, LinkedIn, HH.ru and ranks every posting against your CV using local Ollama. Multi-profile support, privacy-first.
  • 3 sources: Telegram, LinkedIn, HH.ru
  • Batch AI ranking (10 jobs per call)
  • Cross-run dedup via SQLite state DB
Python Selenium SQLite qwen3.5:35b
View architecture →
Production
KB · DevSecOps

DSO Knowledge Base

3,163 docs organized by NIST CSF
Comprehensive DevSecOps knowledge base covering all security functions. Agent-queryable via Claude Code. Source-mapped to GitHub reference repositories.
  • 102 categories across 6 NIST CSF functions
  • Agent-queryable (/kb skill integration)
  • 5,000+ internal cross-references
Markdown NIST CSF Obsidian Claude Code
View structure →
Development
ML Infra · GPU

GPU Training Pipeline

QLoRA fine-tuning on RTX 5090
Production-ready QLoRA pipeline for self-hosted LLM fine-tuning. Pre-built Docker images (11.4GB), Helm deployment, k3s integration. 8x faster pod startup.
  • 4-bit quantization (bitsandbytes)
  • Non-root, read-only containers
  • ~$0.15/hour vs $25+/hour cloud GPUs
PyTorch PEFT Helm RTX 5090
View architecture →
Development
Platform · CAD/BIM

BIMcore Engineer

Revit replacement for terabyte-scale models
Next-generation BIM authoring platform in Rust. Handles 100GB models at 60 FPS, 1TB at 30 FPS. Native Revit/IFC import, CRDT-based real-time collaboration.
  • Vulkan 1.3 GPU rendering (on-demand geometry)
  • Columnar bcx format (5-8x smaller files)
  • 96 requirement documents, 50+ ADRs
Rust Vulkan PostgreSQL egui
View architecture →
Production
Pipeline · AI/ML

Universal Knowledge Extractor

LLM training data from any source
Transforms docs, code, Telegram, LinkedIn into ChatML training data. Automatic taxonomy discovery, <2% semantic duplicates, zero credential leaks.
  • 500+ samples/hour via local Ollama
  • Checkpoint & resume in <5 seconds
  • Zero-conversion Axolotl/LLaMA-Factory load
Python Pydantic ChatML qwen3.5:35b
View architecture →
Production
SaaS · Security

AWS PCI-DSS Platform

Multi-tenant compliance management
Enterprise GRC platform with 34+ API endpoints, Row-Level Security, and real-time WebSocket alerts. PCI-DSS, NIST CSF, ISO 27001, SOC 2 coverage.
  • 15+ security models, 4 compliance frameworks
  • Sub-100ms API latency (async throughout)
  • 100% type coverage with Pydantic
FastAPI PostgreSQL WebSocket RLS
View architecture →
Production
Tool · DevSecOps

SAO — Security Audit Orchestrator

Multi-cloud DevSecOps analysis
Unified security audit platform: SBOM generation, attack tree building mapped to MITRE ATT&CK, detection gap analysis, AI-powered risk assessment.
  • AWS, Yandex Cloud, On-Prem support
  • 200+ ATT&CK techniques mapped
  • SARIF + CycloneDX output formats
Python MITRE ATT&CK NIST CSF Ollama
View architecture →
Development
SaaS · Developer Tools

tools.gantman.biz

Freemium developer tool suite
30+ launch tools (100+ Phase 3), no signup required. CyberChef, Hoppscotch, PrivateBin, Trivy, AI/LLM tools. Self-hosted on k3s, $0 cloud costs.
  • 16 tool categories, global CDN
  • Free/Pro/Team tiers (Phase 3)
  • 0% IT tax via Belarus HTP
React k3s ArgoCD Keycloak
View architecture →
Development
Operator · Compliance

K8s Compliance Operator

One-day compliance stack deployment
Helm umbrella deploying Kyverno, Falco, Calico, Vault, Istio via ComplianceProfile CRD. PCI DSS, SOC 2, NIST CSF, ISO 27001, HIPAA, DORA profiles.
  • 6 compliance profiles, 45+ Kyverno policies
  • 30+ Falco runtime rules per profile
  • 8-16 weeks → 1 day deployment
Kubernetes Helm Go Kyverno
View architecture →
Development
Platform · Fintech

DORA Incident Platform

EU financial institution compliance
Real-time incident classification for 40K EU entities. EBA/ESMA/EIOPA criteria, 4h/72h/1mo reporting deadlines, AI-assisted triage with Claude Sonnet.
  • Automated major incident classification
  • EBA-standard JSON/XML/PDF reports
  • Multi-tenant Keycloak + PostgreSQL RLS
FastAPI Kafka Keycloak Claude API
View architecture →
Development
Control Plane · AI

Agentic AI Governance

AI agent authorization & audit
Control-plane overlay intercepting AI agent tool calls. AgentPolicy CRD, human-in-the-loop approval, OSCAL export. EU AI Act Art. 12-14 compliant.
  • SDK middleware or sidecar proxy modes
  • Loki (hot) + S3 WORM (cold) audit trail
  • Singapore MGF + OWASP LLM Top 10
Go kubebuilder Loki OSCAL
View architecture →
Development
Generator · AI Compliance

EU AI Act Doc Generator

Automated Annex IV documentation
Risk classification per Annex III, full documentation suite: model cards, risk assessments, data governance, conformity checklists. 7-year S3 WORM retention.
  • Automated Annex III risk classification
  • 6 Annex IV document types generated
  • Sigstore-signed immutable artifacts
FastAPI React S3 WORM Sigstore
View architecture →
Development
Repository · GRC

Evidence Graph

One evidence, many frameworks
Map single evidence artifact to SOC 2 + PCI DSS + ISO 27001 + DORA + NIS2 simultaneously. Merkle-tree integrity, OSCAL export, Sigstore signing.
  • 500+ controls across 6 frameworks
  • NLP-assisted control suggestion
  • 68% evidence file reduction
FastAPI PostgreSQL OSCAL Merkle
View architecture →
Development
Platform · Air-Gapped

Air-Gap Compliance

Zero-egress regulated networks
Fully offline compliance automation: 356 pre-mirrored OCI images, offline vuln DBs, USB sneakernet delivery. FedRAMP High, CMMC L3, defence-ready.
  • 356 OCI images bundled (~45 GB)
  • HSM-sealed Vault, PKCS#11 transit
  • 10 compliance frameworks supported
Harbor Trivy Wazuh HSM
View architecture →
Technical philosophy: Local-first (Ollama) Security-first (Vault + FIDO2) Full observability $0 API costs
02

What I deliver

Audit

AWS Security Audit

Deep-dive of your AWS estate against CIS Benchmarks, PCI DSS, DORA ICT, and your specific threat model. You get a prioritised roadmap — not a checkbox report.
From $2,500
Delivered in 1 week
  • 40+ security checks across all accounts
  • IAM, network, data exposure analysis
  • Prioritised remediation roadmap
  • Executive summary + technical detail
Compliance

PCI DSS 4.0 Readiness

Gap analysis, scope reduction strategy, and a concrete remediation plan so you pass your QSA audit — the first time. Built on a zero-findings track record.
$6,000 – $8,000
2–3 weeks · All 12 requirements covered
  • Full gap analysis vs. PCI DSS 4.0
  • CDE scoping + tokenization strategy
  • Evidence collection automation
  • QSA pre-audit readiness review
  • 150+ automated compliance checks
Retainer

DevSecOps Retainer

Ongoing security architecture: CI/CD hardening, EKS, SIEM tuning, incident response. Embedded engineering — not advisory hours.
$6,000 – $10,000 / mo
20 hrs/month · Cancel anytime
  • Security review of all architecture changes
  • SIEM alert tuning + rule development
  • Incident response support (1hr SLA)
  • Monthly security posture report
Most-asked for DORA buyers
vCISO+SOC

vCISO + AI-SOC

From $5,000 / mo
scaling to full-stack MDR · 6-month minimum
Embedded security leadership plus a 24/7 SOC where AI handles triage and humans handle decisions. Regulator liaison included — QSAs, NIS2 CSIRTs, regional regulators on request.
Advisory
Quarterly board reviews, risk register, policy
Operational
Hands-on architecture + SOC oversight
Full-Stack
vCISO + 24/7 MDR + IR + audit prep
  • Quarterly board-ready risk reports (DORA Art. 5/6 compatible)
  • 24/7 AI-augmented SOC triage · 15-min MTTD · 1-hr IR SLA
  • Tabletop exercises + purple team validation
  • Regulator liaison: QSA, NIS2 CSIRT, regional regulators
  • Vendor & third-party risk reviews (DORA TPRM)
Bundles available: Compliance-Ready Bundle Startup Foundation Bundle
He doesn't just implement tasks; he designs robust, scalable, and secure infrastructure solutions that become the bedrock of our applications.
A. P. · Solutions Architect, fintech
Highly skilled and reliable professional whose expertise in automation and infrastructure was instrumental to our team's success.
A. V. · InfoSec Architect, fintech
Quoted with permission from public LinkedIn recommendations · full names available on request
03

Compliance products on the roadmap

Coming Q3 2026
Operator · K8s

K8s Compliance Operator

For platform & SRE teams
One Helm chart, one profile flag — PCI, SOC 2, or NIST-ready cluster in minutes.
compliance-operator-cli — security@prod-cluster-01 zsh
$ helm install compliance-operator . \
--namespace security --set profile=pci-dss-4.0
NAME: compliance-operator · STATUS: deployed
✓ 30 Kyverno ClusterPolicies loaded (PCI DSS 4.0)
✓ Calico default-deny network policies applied
✓ Falco runtime detection rules active
✓ Policy Reporter dashboard exposed
# cluster prod-cluster-01 · ready in 47s
Concept preview · CLI scaffold not yet released
  • 30+ Kyverno ClusterPolicies, profile-selectable
  • Calico default-deny + Falco runtime detection
  • Policy Reporter compliance dashboard
OSS · free Pro · $99–500/mo Enterprise · $3K/mo
Join the pilot waitlist →
Coming Q3 2026
Platform · DORA

DORA Incident Classification Platform

For EU financial entities under DORA
Cuts DORA major-incident classification from 60 minutes to 4 — EBA-template ready.
app.gantman.eu/dora/incidents/INC-2604
Manual
Severity
EBA templateSelect…
Time to file~60 min
Auto
SeverityMAJOR
EBA template✓ Initial Notification
Time to file~4 min
Concept preview · Coming Q3 2026
  • Auto-classification against 6 DORA major-incident criteria
  • Initial · Intermediate · Final report templates
  • NCA portal submission queue with human approval
SaaS · $2–10K/mo License · $50–150K Managed · $15K/mo
Join the pilot waitlist →
Coming Q3 2026
Toolkit · AI

Agentic AI Governance Toolkit

For AI/ML platform owners
Declarative agent policies — tool authorization, human-in-loop, OSCAL audit trail by default.
agent-policy.yaml — kubectl edit yaml
# agent-policy.yaml · production-grade governance
apiVersion: ai.governance/v1
kind: AgentPolicy
metadata:
  name: production-agent
spec:
  toolAuthorization:
    allowed:
      - tool: database_query
        scope: read-only
        approval: auto
    denied: [filesystem_write, code_execution]
  humanOversight:
    - trigger: confidence < 0.8
      action: require_approval
  audit: { format: oscal, retention: 180d }
Concept preview · CRD shape representative
  • YAML AgentPolicy with tool allowlists + denylists
  • MCP-compatible action logger (Article 12 / Singapore MGF)
  • OSCAL Assessment Results export for compliance evidence
OSS core Pro · $300/mo Enterprise · $2K/mo
Join the pilot waitlist →
Coming Q4 2026
CLI · AI Act

EU AI Act Documentation Generator

For high-risk AI vendors
Generate Annex IV docs from your model artifacts, in CI, every release.
app.gantman.eu/aiact/credit_scoring_v2
EU AI ACT · ANNEX IV
Technical Documentation
credit_scoring_v2 · high-risk · 2026-Q4
Model Card
Data Governance
Risk Assessment
Conformity Checklist
Concept preview · Coming Q4 2026
  • Annex IV technical documentation (6 sections)
  • Risk classification engine (Article 5 / Annex III)
  • GitLab CI / GitHub Actions integration
Dev · $99/mo Team · $499/mo Enterprise · $2K/mo
Get notified at launch →
Coming Q4 2026
Graph · OSCAL

Multi-Framework Evidence Graph

For GRC & audit teams
Collect evidence once — auto-map to SOC 2, PCI, ISO, DORA, NIS2.
app.gantman.eu/evidence/mfa-policy.json
Evidence-to-framework mappingSOC 2PCI DSSISO 27001DORANIS2EVIDENCEmfa-policy.json
1 artifact → 5 frameworks
Concept preview · Coming Q4 2026
  • OSCAL-native evidence records with control mappings
  • Continuous collection from cloud APIs (Okta, AWS, K8s)
  • One artifact satisfies up to 5 frameworks
Starter · $1K/mo Growth · $3K/mo Enterprise · $8K/mo
Get notified at launch →
Enterprise · contact
Bundle · Air-Gap

Air-Gapped Compliance Platform

For defense, healthcare, OT, isolated networks
Full GRC stack on a tarball — zero outbound calls, regulator-ready.
compliance-airgap-2026.tar.gz — offline tar
# compliance-airgap-2026.tar.gz · offline-only
compliance-airgap/
├── images/           350+ signed containers (Cosign)
├── databases/        Trivy · CVE · CIS bench
├── policies/         Kyverno · OPA · Calico
├── evidence/         collector scripts · OSCAL
├── dashboards/       Grafana exports
└── install.sh       --profile pci-dss-4.0
Concept preview · bundle composition representative
  • 350+ pre-mirrored container images, signed and SBOMed
  • Offline Trivy + CVE + CIS benchmarks bundled
  • Single-script installer with profile selection
License · $150K–$500K perpetual Support · 20% annual Pro services · $2K/day
Schedule briefing →
On the roadmap — talk to me if interested: Cross-Border Data Residency DORA TPRM (EBA) NIS2 Incident Reporter Developer-tier AI Governance Living SBOM + CRA
Tell me what interests you — one email, edit to taste →
04

Measurable results

~$900K
Annual AWS cost reductions delivered
60%
PCI DSS scope reduction via tokenisation
127h
Analyst hours saved per week via SOAR automation
<15m
Mean time to detection across all environments
05

The architect who ships code

I'm Evgeniy Gantman — the guy who builds production software, not PowerPoint decks. 18+ products shipping across fintech, real estate, compliance, CAD/BIM, and AI infrastructure. All powered by local LLMs (Ollama) with zero cloud API costs.

Most architects either design or implement. I do both. 150+ Terragrunt modules, 45 Helm charts, 500+ Wazuh rules — and full-stack apps with React frontends, FastAPI backends, and Kubernetes deployments.

My edge: 15+ years from self-taught sysadmin to CISO-level advisor at a PCI DSS L1 payment processor. BIM coordinator background means I see cross-domain problems others miss. Every product has real observability, real security architecture, and real users.

Based in Israel. Products ship globally.

  • 18+ production apps: compliance, real estate, trading, e-commerce, CAD/BIM, AI/ML
  • Local-first AI: Ollama (Qwen3, DeepSeek-R1) on RTX 5090 — $0 API costs
  • Full-stack: React + FastAPI + PostgreSQL + Kubernetes + Helm
  • Zero-breach track record across fintech, crypto, payment processing
  • PCI DSS 4.0 Level 1 — zero audit findings (all 12 requirements)
  • 3,163-doc knowledge base organized by NIST CSF 2.0
  • Security infrastructure: Vault, Wazuh, FIDO2, Security Onion
  • Multi-region compliance: DORA, NIS2, AI Act, GDPR, PCI DSS, 152-FZ
How I think — three decisions, three reasons
OpenTofu over Terraform
BSL license risk is unacceptable in a regulated PCI environment. Migrated 1,000+ resources with zero state disruption. Same HCL, no vendor lock-in.
Dual-SIEM over single commercial SIEM
Wazuh (host) + Security Onion (network/NDR) eliminates the blind spot a single product creates. $0 licensing, 500+ custom rules, MITRE ATT&CK mapped, every alert cross-correlated.
Teleport JIT over permanent bastion hosts
Zero standing privileges. Time-bounded sessions, certificate-based auth, full audit trail. 85% reduction in standing CDE access — auditors love it.
05

Tech stack

AWS Multi-cloud (incl. CIS) GCP EKS Terraform / OpenTofu Terragrunt ArgoCD Istio / mTLS Wazuh SIEM Security Onion Falco OPA Gatekeeper Kyverno HashiCorp Vault Teleport JIT Cosign / SLSA Trivy Snyk Semgrep n8n SOAR AWS GuardDuty AWS Security Hub AWS Control Tower Prometheus + Grafana Loki Keycloak Python Sigma Rules MITRE ATT&CK PCI DSS 4.0 NIST CSF 2.0 ISO 27001 SOC 2 Ollama / LLM
06

Common questions

What is DORA and when does it apply?
DORA (Digital Operational Resilience Act) is EU Regulation 2022/2554 covering ICT risk management for financial entities — banks, insurers, payment institutions, crypto-asset service providers, and their critical ICT third parties. Compliance applies from 17 January 2025; enforcement and major-incident reporting are now active across the EU.
Who needs PCI DSS Level 1?
Any organisation processing more than 6 million card transactions per brand per year, or any entity Visa or Mastercard explicitly designates as Level 1. Service providers handling cardholder data on behalf of merchants typically default to Level 1 regardless of volume. Annual on-site QSA audit plus quarterly ASV scans are required.
What is a vCISO?
A virtual or fractional CISO — embedded security leadership without the full-time hire. Typical engagement: 20-40 hours per month covering board reporting, regulator liaison (QSA / NIS2 CSIRT), incident response, vendor risk reviews, and security architecture reviews. For Series-B fintechs and 50–500-employee regulated firms it is the standard alternative to a $300K/year CISO hire.
What is NIS2?
NIS2 (Directive (EU) 2022/2555) extends EU cybersecurity obligations to roughly 160,000 entities across 18 sectors — energy, transport, healthcare, digital infrastructure, manufacturing, public administration, and more. National transposition deadline was 17 October 2024; member states are now actively enforcing. Major obligations include risk-management measures, 24-hour early-warning and 72-hour notification on significant incidents, and management-body accountability.
When does the EU AI Act enter into force?
The EU AI Act entered into force 1 August 2024. Prohibited practices applied from 2 February 2025. General-purpose AI obligations apply from 2 August 2025. High-risk system obligations (Annex III, Article 6) and most conformity-assessment requirements apply from 2 August 2026. Annex IV technical documentation for high-risk systems is in scope from August 2026.

Ready to build security
that actually works?

Free 30-minute scoping call. No pitch, no sales deck — just an honest conversation about your security posture and where to start.
I respond within 24h, EU / CIS / GCC time zones.

Book a Free Call → egDevOps@gmail.com
TG @tachys WA +972 553 189 185 LI linkedin.com/in/evgeniy-gantman GH github.com/gantmane