By day, I lead security engineering and architecture. I've built security programs from scratch, designed cloud-native architectures across AWS and Azure, and worked through the compliance alphabet — SOC 2, ISO 27001, NIST, HIPAA, the rest. Right now I'm deep in post-quantum cryptographic readiness and zero trust.

On my own time, I do independent vulnerability research. I've found and reported issues in open-source infrastructure, cryptographic libraries, and government tools. You can see some of that here.

I also speak about this stuff — BSides SF, BlackHat MEA, OWASP Global AppSec — mostly about post-quantum crypto and building security tools that actually help developers.

I care about the place where AI meets security. I'm building autonomous agents for vulnerability research, and thinking about the bigger questions — how do we use AI to make security scalable, help engineers spend their time on what actually matters, and build systems that hold up when things go sideways.