TheApathy
local // --:--:--
Hi, I'm TheApathy

Breaking systems,
then hardening them._

Cloud · Offensive · Agentic AI · Systems

I approach security from the attacker's perspective — surfacing the vulnerabilities that matter, demonstrating their real impact, and building tooling to emulate real-world attacks. My current focus spans cloud, agentic & AI security, and the software supply chain.

Cloud Security Adversarial & Agentic AI Red Team & RE Infra & DevOps
01

Who I am

I'm a red teamer — a security engineer who thinks from the attacker's chair. I hunt for the weaknesses that matter, prove how far they actually go, and build the tooling to replay real-world attacks, then help close the gaps I find.

I learn by building. My own labs are where I test how attacks actually play out — across cloud identity and credentials, software supply chains, and the fast-moving frontier I care about most: agentic attackers and the security of open-weight models and AI systems. This page is where I keep notes on that work.

CH_ACloud Security
GCPservice-account keysIAMCSPMremediation
CH_BAI Security
adversarial AIagentic attackersopen-weight modelsopen-source modelsML threats
CH_CRed Team & RE
red teamingvuln researchexploitationC2 infrastructurereverse engineering
CH_DInfra & DevOps
DockerTerraformAnsibleCI/CD
CH_EBuild & Data
PythonGoFlaskFastAPIETLhome labs
CH_FDetection & Response
SIEMthreat huntingincident responselog analysisCDR
02

What I work on

focus
MISSION / 01CLOUDHardened

Cloud Security

Identity, workloads, posture, network, and detection — IAM & least-privilege, container and workload protection, misconfiguration & compliance, segmentation, and real-time detection & response across the major clouds.

IAMCSPMCWPPCDRGCPAWSAzure
INPUT · EXPOSUREOUTPUT · ASSURANCE
MISSION / 02AGENTInference live

Adversarial & Agentic AI

The AI attack surface — agentic security, probing open-weight and open-source models, LLM application security, and the MLOps around tuning, retrieval, and observability.

agentic securityLangChainOpenAIPyTorchCUDA
INPUT · SIGNALOUTPUT · INTELLIGENCE
MISSION / 03REDArmed

Red Team & Reverse Engineering

Emulating real adversaries end to end — threat emulation, n-day research, and reverse engineering across platforms to understand failure modes and cut down attack surface.

red teamreverse engineeringLinuxWindowsmacOSresearch
INPUT · UNKNOWNOUTPUT · ASSURANCE
MISSION / 04OPSPipeline green

Infrastructure & DevOps

Repeatable delivery with security built into the path — containerized services, infrastructure as code, and CI/CD pipelines.

DockerTerraformAnsibleCI/CD
INPUT · CHANGEOUTPUT · CONFIDENCE
MISSION / 05DATADeployable

Backend, Data & MLOps

The APIs and data flows behind the work — ingestion, ETL and retrieval, model tuning, and the services that tie it together.

FlaskFastAPIETLPyTorchAWS
INPUT · COMPLEXITYOUTPUT · CONTROL
03

Writeups & notes

field log

Long-form writeups go in the writeups log; shorter references and how-I-think notes live in the knowledge base. Just getting started here — process over disclosure, always.

04

Have a problem?

secure channel
TheApathy@secure — secure channel
TheApathy@secure:~$