I am a Principal Engineer with a deep-rooted obsession for security across cloud infrastructure, compliance, and application domains. I don’t just write code: I build tools that keep the digital world a little safer.
My journey has taken me through some incredible security challenges. Here is a snapshot of my focus areas:
- Cloud Security: I've spent years securing AWS environments, from contributing to Cloud Custodian to developing cloud-native HSMs at AWS CloudHSM.
- Vulnerability Management: At AWS Inspector, I built the backbone data store that tracks security flaws in EC2 hosts and Lambda containers.
- Infrastructure & FinOps: Most recently at Take-Two, I bridged the gap between security and operations by building a custom CMDB solution to oversee cloud-deployed assets.
- System Engineering: I enjoy building and maintaining my own computing environment, QuantumQat, which is my custom-tailored, immutable operating system.
- SaaS Delivery: I overcome the challenge of account provisioning and product delivery pipelines, especially when they empower users to understand their own compliance.
When I am not at my desk, I am usually deep in the security community. I believe in continuous learning and giving back to the scene:
- Community Leader: I serve as an organizer and Discord Moderator for RVAsec and help co-author the conference-wide cryptography contest for ShmooCon.
- Active Member: For the last decade, I have been a member of NovaHackers and the HackerAssociation, sharing talks and trading knowledge.
- CTF Competitor: I love the thrill of the hunt. I have taken 1st place in both Wireless and Embedded CTFs at DEF CON.
- DEF CON Black Badge Winner (2024): Part of the winning team for hacking IoT devices.
- CTF Documentation: You can find my research and activity over at CTFdeets.
- Open Source: I enjoy polishing the tools we all use, whether it is enhancing PyKCS11 or refactoring AES implementations for the AWS CloudHSM community.
| Domain | Platforms, Technologies & Capabilities |
|---|---|
| Cloud | AWS (HSM, Inspector, Custodian), Cloud Infrastructure |
| Security | CSPM, Encryption, IoT Hacking, Vulnerability Research |
| DevOps | Account Provisioning, Product Pipelines, SaaS Delivery |
I am always looking for new puzzles to solve and security objectives to tackle. If you want to chat about cloud-native security or exchange CTF tips, let's connect!
