╔══════════════════════════════════════════════════════════════════════╗
║ EXECUTIVE PROFILE — CIPRIAN STEFAN PLESCA ║
║ Sovereign AI Architect • Zero-Trust Systems Engineer ║
╚══════════════════════════════════════════════════════════════════════╝
full_name: "Ciprian Stefan Plesca"
title: "Sovereign AI Architect | Zero-Trust Systems Engineer"
entity: "Xolo Go OÜ — Ciprian-Stefan Plesca"
registry_code: "14717109"
vat_number: "EE102156920"
jurisdiction: "Estonia, European Union"
legal_structure: "Partnership (OÜ)"
operational_base: "EU / Remote-First / Globally Deployable"
languages: ["Romanian (Native)", "English (Professional)", "German (Conversational)"]Ciprian Stefan Plesca operates at the intersection of sovereign AI infrastructure, zero-trust security architecture, and enterprise-grade automation — domains where the cost of fragile systems is measured not in downtime but in irreversible loss of trust, capital, or competitive position.
With a practice built on the conviction that security is a design constraint — not a product feature — his work serves a narrow class of principals: founders, operators, and organizations that understand the difference between tools that look secure and systems that are.
His approach is architecture-first. Every engagement begins with threat modelling, not feature selection. Every system is designed to be auditable, sovereign, and capable of operating without dependency on third-party trust anchors.
He is the operator behind five flagship technical systems — spanning AI governance, cryptographic provenance, SecOps command interfaces, and zero-dependency frontend infrastructure — each engineered for institutional trust and commercial readiness.
His company, Xolo Go OÜ, is registered in Estonia within the European Union, VAT-active under EE102156920, and structured for clean international engagement with full compliance lineage.
CAPABILITY SURFACE:
├── Private LLM deployment (self-hosted, air-gap capable)
├── Inference infrastructure on controlled compute
├── Compliance-aware AI pipeline architecture
├── Prompt governance & audit logging systems
├── Data residency enforcement & sovereignty controls
└── AI system threat modelling & red-teaming
MATURITY SIGNAL:
You don't need AI. You need AI you can own, audit, and turn off.
CAPABILITY SURFACE:
├── Identity-first access architecture (BeyondCorp principles)
├── Microsegmentation design for hybrid environments
├── Least-privilege enforcement at every system layer
├── Secure remote access without VPN dependency
├── Continuous verification frameworks (device, identity, context)
└── Zero-trust maturity assessment & remediation roadmap
MATURITY SIGNAL:
The perimeter is dead. Identity is the new firewall.
CAPABILITY SURFACE:
├── Security-by-design for SaaS, APIs, and data platforms
├── Threat modelling (STRIDE, PASTA, LINDDUN)
├── Attack surface analysis & reduction
├── Incident response architecture & playbook design
├── GDPR / NIS2 / DORA-aligned system design
└── Security controls mapping to ISO 27001 / SOC 2 / CIS
MATURITY SIGNAL:
Compliance is the floor. Sovereignty is the ceiling.
CAPABILITY SURFACE:
├── Governance-first automation framework design
├── Role-based execution with audit trails
├── Policy-as-code implementation
├── Workflow orchestration in regulated environments
├── Executive time reclamation systems
└── Human-in-the-loop AI workflow integration
MATURITY SIGNAL:
Automation without governance is technical debt with a timer.
CAPABILITY SURFACE:
├── GitHub ecosystem architecture for institutional trust
├── Technical authority positioning for founders
├── Repository structuring for acquisition readiness
├── Open-source monetisation architecture
└── Digital asset packaging for sponsorship & licensing
MATURITY SIGNAL:
Your GitHub is the first due-diligence surface investors review.
INFRASTRUCTURE
Private Compute · On-premise AI inference · Air-gap deployment
Cloud Posture · AWS / GCP / Azure (governance-first)
Containerisation · Docker · Kubernetes · Helm
IaC · Terraform · Pulumi · Ansible
Networking · WireGuard · Tailscale · SD-WAN
AI / ML SYSTEMS
LLM Deployment · Ollama · LM Studio · vLLM · llama.cpp
Frameworks · LangChain · LlamaIndex · OpenAI-compatible APIs
Vector DBs · Qdrant · Weaviate · Chroma · pgvector
Orchestration · n8n · Flowise · Make · Zapier (governance-audited)
Fine-tuning · LoRA · QLoRA · PEFT pipelines
SECURITY TOOLING
SIEM / Logging · Splunk · Elastic SIEM · Wazuh
Vulnerability · Nessus · OpenVAS · Trivy
Identity · Keycloak · Auth0 · Okta (ZT integration)
Secrets · HashiCorp Vault · SOPS · AWS Secrets Manager
Code Security · Semgrep · Snyk · OWASP Dependency-Check
DEVELOPMENT
Languages · Python · TypeScript · Bash · Rust (systems)
Frontend · React · Next.js · Astro · Vanilla (zero-dep)
APIs · REST · GraphQL · gRPC · WebSockets
Databases · PostgreSQL · Redis · SQLite · DuckDB
CI/CD · GitHub Actions · GitLab CI · ArgoCD
FRAMEWORKS OPERATED AGAINST:
├── ISO/IEC 27001 — Information security management
├── NIST CSF 2.0 — Cybersecurity framework
├── SOC 2 Type II — Trust service criteria
├── GDPR (EU) — Data protection & privacy
├── NIS2 (EU) — Network & information systems security
├── DORA (EU) — Digital operational resilience (financial sector)
├── CIS Benchmarks — Secure configuration baselines
└── OWASP Top 10 — Application security risk reference
POSTURE:
Security controls are not checkbox exercises.
They are engineered constraints built into system architecture.
Security is not a product. It is not a feature. It is a property of a system — one that must be designed in from the first architectural decision, or one that will be missing no matter how many tools are layered on top.
The question is never "can we use AI?" The question is: "who controls the weights, who owns the inference, who can audit the output, and who bears the liability?" Sovereign infrastructure answers all four.
Automation amplifies what already exists. Automate a broken process and you get a faster broken process. Automate a governed process and you get leverage without liability.
Trust is the highest-value, most expensive, and most fragile resource in any technical organisation. Every architectural decision either deposits into or withdraws from the trust account.
Your repository is not a portfolio. It is a trust surface. Every file, every commit message, every README is a signal. The question is whether that signal is noise or authority.
SELECTION CRITERIA:
✦ High-stakes environments where fragile systems carry existential risk
✦ Operators who understand the cost of technical debt before contracting it
✦ Founders building infrastructure, not features
✦ Organisations in regulated sectors requiring compliance-grade architecture
✦ Principals who treat security as a design language, not a budget line
WHAT IS NOT ONBOARDED:
✗ Exploratory calls without defined operational context
✗ Projects optimising for speed over sovereignty
✗ Environments where security is a retrofit, not a foundation
✗ Engagements requiring dependency on untrusted third-party infrastructure
| CHANNEL | ENDPOINT |
|---|---|
| 🌐 Official Gateway | localpulse.pro |
| 📅 Private Briefing | cal.com/ciprian-stefan-plesca |
| 📧 Direct Communication | contact@localpulse.pro |
| 📞 Executive Line | +40 759 687 560 |
→ Full Contact & Access Protocols
╔═════════════════════════════════════════════════════════╗
║ Xolo Go OÜ · Estonia · Reg. 14717109 ║
║ EU VAT EE102156920 · localpulse.pro ║
╚═════════════════════════════════════════════════════════╝