Vulnerability Threat Management Analyst & Python Developerhttps://tamasczaban.github.io/https://tamasczaban.github.io/projects/08-cz-dev-rag-local-knowledge-base/https://tamasczaban.github.io/projects/08-cz-dev-rag-local-knowledge-base/We started CZ Dev as a two-person software agency. Three months in we had enough client contracts, SOWs, and meeting notes that 'where did we say that?' became a real question. This is what we built to answer it: LightRAG + RAG-Anything on an RTX 3090, Ollama for the models, MCP for Claude Code integration, Tailscale for sharing, and zero data sent to a third-party AI provider.Fri, 24 Apr 2026 00:00:00 GMThttps://tamasczaban.github.io/projects/09-bge-m3-ollama-nan-embeddings-flash-attention/https://tamasczaban.github.io/projects/09-bge-m3-ollama-nan-embeddings-flash-attention/Halfway through building CZ-Dev-RAG I hit a bug that took two days and a dozen wrong theories to track down: BGE-M3 returning NaN embeddings to LightRAG, but only during the merging stage, but only on long inputs, and not reproducible from a curl one-liner. The cause turned out to be a quietly-enabled flash-attention path in Ollama that overflows F16 on dense BERT inputs. Here's the debug trail and what actually fixed it.Fri, 24 Apr 2026 00:00:00 GMThttps://tamasczaban.github.io/projects/cz-dev-rag/https://tamasczaban.github.io/projects/cz-dev-rag/Local, graph-based knowledge base for a two-person software agency. LightRAG + RAG-Anything on an RTX 3090, Windows-native Ollama, BGE-M3 + Qwen2.5-32B for embeddings and entity extraction, a BGE reranker in the retrieval path, Langfuse for tracing, an MCP server so Claude Code can query the KB as a tool, and Tailscale as the only thing standing between the world and our client contracts. Public code, private data.Fri, 24 Apr 2026 00:00:00 GMThttps://tamasczaban.github.io/projects/06-kev-explorer-epss-cvss/https://tamasczaban.github.io/projects/06-kev-explorer-epss-cvss/CVSS tells you how severe a CVE theoretically is. KEV tells you whether it's been exploited. EPSS tells you how likely it is to be exploited. Here's how I joined all three into a single React dashboard that deploys as a static site and refreshes itself nightly via GitHub Actions.Sun, 12 Apr 2026 00:00:00 GMThttps://tamasczaban.github.io/projects/07-advisory-composer-multichannel/https://tamasczaban.github.io/projects/07-advisory-composer-multichannel/Vulnerability disclosure inside a company is always multi-channel — email to owners, Slack to teams, a PR comment on the dependency bump, a CSV for the audit log. Same data, four formats. Here's how I built a browser-only tool that does all four from a single lockfile upload.Sun, 12 Apr 2026 00:00:00 GMThttps://tamasczaban.github.io/projects/advisory-composer/https://tamasczaban.github.io/projects/advisory-composer/Browser tool that takes any lockfile — npm, pip, Go, Cargo, CycloneDX SBOM — queries OSV.dev and EPSS, and generates formatted security advisories for four channels in one pass: email drafts, Slack Block Kit JSON, GitHub PR comment markdown, and CSV exports. Pure client-side, zero backend, EPSS-weighted prioritisation.Sun, 12 Apr 2026 00:00:00 GMThttps://tamasczaban.github.io/projects/kev-explorer/https://tamasczaban.github.io/projects/kev-explorer/Interactive dashboard over the 1,559 vulnerabilities in CISA's Known Exploited Vulnerabilities catalogue, enriched with EPSS exploit-probability scores. Build-time ETL joins KEV + EPSS nightly, filters URL-sync for shareable views, drill-down fetches live NVD data. Built with React, TypeScript, Recharts, and GitHub Actions.Sun, 12 Apr 2026 00:00:00 GMThttps://tamasczaban.github.io/projects/vital-registry-v2/https://tamasczaban.github.io/projects/vital-registry-v2/Full React migration of Vital Registry, the production CRM built with my brother for our Mum's BEMER medical device rental business. Same Firebase + Stripe backbone, redesigned UI, dev/UAT/prod deployment pipeline, and live at vital-registry.com/contracts.Wed, 01 Apr 2026 00:00:00 GMThttps://tamasczaban.github.io/projects/cve-feed-dashboard/https://tamasczaban.github.io/projects/cve-feed-dashboard/Live CVE feed dashboard built with Streamlit and the NVD API v2, enriched with EPSS exploit-prediction scores. Features a dark terminal aesthetic, log-scale EPSS vs CVSS scatter, colour-coded HTML vulnerability table, 1-hour cache, CSV export, and 27 Playwright end-to-end tests.Sun, 15 Mar 2026 00:00:00 GMThttps://tamasczaban.github.io/projects/vuln-prioritization-scorer/https://tamasczaban.github.io/projects/vuln-prioritization-scorer/Streamlit app that enriches CVE lists with live NVD (CVSS v3) and FIRST EPSS (exploit probability) data, scores via a configurable 4-factor composite formula (CVSS + EPSS + exposure tier + age decay), and exports ranked HTML/CSV reports.Sun, 15 Mar 2026 00:00:00 GMThttps://tamasczaban.github.io/projects/vulnerability-email-composer/https://tamasczaban.github.io/projects/vulnerability-email-composer/Streamlit tool that takes scanner exports and an email template, applies 3-layer hierarchical filtering, and sends personalised per-app-manager vulnerability notifications with individual filtered attachments. Used during Apache Tika and Oracle HTTP Server L0 incidents to hit 48-hour remediation deadlines.Thu, 12 Mar 2026 00:00:00 GMThttps://tamasczaban.github.io/projects/05-two-tier-parquet-caching/https://tamasczaban.github.io/projects/05-two-tier-parquet-caching/SQL queries that take minutes. Stakeholder requirements that change weekly. No sprint planning. Here's the caching architecture I built to handle all three.Tue, 10 Mar 2026 00:00:00 GMThttps://tamasczaban.github.io/projects/citi-firewall-vulnerability-dashboard/https://tamasczaban.github.io/projects/citi-firewall-vulnerability-dashboard/Internal Streamlit dashboard aggregating vulnerability data across firewalls and load balancers, with a manifest-based multi-file Parquet cache, graceful degradation, connection pooling, and real-time Plotly visualisations. Built solo, with no sprint planning, under continuously shifting stakeholder requirements.Sun, 01 Mar 2026 00:00:00 GMThttps://tamasczaban.github.io/projects/czdev/https://tamasczaban.github.io/projects/czdev/Co-founded with my brother Zsombor. Custom software for founders who've outgrown spreadsheets and no-code. Four shipped case studies across production CRM, security tooling, and vulnerability automation. Design-led frontend, Python backend, full-stack delivery.Sun, 01 Mar 2026 00:00:00 GMThttps://tamasczaban.github.io/projects/citi-gem-dashboard/https://tamasczaban.github.io/projects/citi-gem-dashboard/Internal vulnerability tracking dashboard built with Python, Streamlit, and Pandas for Citi's global security team.Tue, 01 Apr 2025 00:00:00 GMThttps://tamasczaban.github.io/projects/04-from-data-analyst-to-security/https://tamasczaban.github.io/projects/04-from-data-analyst-to-security/Moving from BI and data analysis into vulnerability management wasn't a pivot — it was the same skills in a different domain. Here's what I learned.Sat, 01 Mar 2025 00:00:00 GMThttps://tamasczaban.github.io/projects/01-streamlit-for-internal-tools/https://tamasczaban.github.io/projects/01-streamlit-for-internal-tools/Streamlit lets you ship a real, interactive web app in a fraction of the time it takes with a traditional stack. Here's why I keep reaching for it.Mon, 10 Feb 2025 00:00:00 GMThttps://tamasczaban.github.io/projects/03-python-vulnerability-reporting/https://tamasczaban.github.io/projects/03-python-vulnerability-reporting/Manual security reporting is slow, error-prone, and nobody's favourite Friday afternoon task. Here's how I replaced it with a Python pipeline at Citi.Mon, 20 Jan 2025 00:00:00 GMThttps://tamasczaban.github.io/projects/02-sql-to-power-bi/https://tamasczaban.github.io/projects/02-sql-to-power-bi/Pulling data straight from a database into Power BI works — until it doesn't. Here's the pattern I use to keep reports fast, clean, and maintainable.Tue, 15 Oct 2024 00:00:00 GMThttps://tamasczaban.github.io/projects/vital-registry/https://tamasczaban.github.io/projects/vital-registry/The v1 of Vital Registry: a production full-stack CRM built with my brother for our Mum's BEMER medical device rental business. Streamlit frontend over Firebase Firestore, Stripe billing, Google/Facebook OAuth, client-side PDF contract generation, dual inventory (B2C + B2B cross-rentals), multi-entity billing, and 391 passing tests.Mon, 01 Jan 2024 00:00:00 GMThttps://tamasczaban.github.io/projects/olympic-games-dashboard/https://tamasczaban.github.io/projects/olympic-games-dashboard/Historical summer Olympics performance dashboard built with SQL Server and Power BI — filterable by country, with medal counts, age group breakdowns, and competitor-level drill-through.Thu, 01 Sep 2022 00:00:00 GMThttps://tamasczaban.github.io/projects/daily-steps-tracker/https://tamasczaban.github.io/projects/daily-steps-tracker/Personal fitness analytics dashboard in Power BI, tracking daily step counts with running vs walking breakdowns using a custom DAX data model.Wed, 01 Jun 2022 00:00:00 GMThttps://tamasczaban.github.io/projects/movies-correlation-analysis/https://tamasczaban.github.io/projects/movies-correlation-analysis/Python-based statistical analysis of what drives box office revenue, using Pandas, Seaborn, and Matplotlib on a Kaggle movies dataset.Tue, 01 Mar 2022 00:00:00 GMThttps://tamasczaban.github.io/projects/sales-management-dashboard/https://tamasczaban.github.io/projects/sales-management-dashboard/Interactive Power BI dashboard giving sales leadership a high-level overview of product sales by client over time, with budget vs actuals comparison.Sat, 01 Jan 2022 00:00:00 GMT