Cloud Security
Identity, workloads, posture, network, and detection — IAM & least-privilege, container and workload protection, misconfiguration & compliance, segmentation, and real-time detection & response across the major clouds.
I approach security from the attacker's perspective — surfacing the vulnerabilities that matter, demonstrating their real impact, and building tooling to emulate real-world attacks. My current focus spans cloud, agentic & AI security, and the software supply chain.
I'm a red teamer — a security engineer who thinks from the attacker's chair. I hunt for the weaknesses that matter, prove how far they actually go, and build the tooling to replay real-world attacks, then help close the gaps I find.
I learn by building. My own labs are where I test how attacks actually play out — across cloud identity and credentials, software supply chains, and the fast-moving frontier I care about most: agentic attackers and the security of open-weight models and AI systems. This page is where I keep notes on that work.
Identity, workloads, posture, network, and detection — IAM & least-privilege, container and workload protection, misconfiguration & compliance, segmentation, and real-time detection & response across the major clouds.
The AI attack surface — agentic security, probing open-weight and open-source models, LLM application security, and the MLOps around tuning, retrieval, and observability.
Emulating real adversaries end to end — threat emulation, n-day research, and reverse engineering across platforms to understand failure modes and cut down attack surface.
Repeatable delivery with security built into the path — containerized services, infrastructure as code, and CI/CD pipelines.
The APIs and data flows behind the work — ingestion, ETL and retrieval, model tuning, and the services that tie it together.
Long-form writeups go in the writeups log; shorter references and how-I-think notes live in the knowledge base. Just getting started here — process over disclosure, always.