Security Engineer | Platform security, adversarial defense, and attack chain research
Security tools and AIOps infrastructure for real operational environments. I build detection systems, AI-powered monitoring pipelines, and WAF automation -- solving real problems with open-source code.
- Currently building: Argus-Ops -- AI-powered K8s monitoring CLI with full detect -> diagnose -> fix pipeline
- Currently building: Commerce Abuse Defense -- ML-based anomaly detection for bot scoring
- Contributing to: OWASP Nettacker (4.8K+ stars) -- automated pentesting framework, CVE detection modules and framework improvements
- Contributing to: PentAGI (8.4K+ stars) -- autonomous AI pentesting, 14 contributions merged (78% merge rate): security hardening, data race fixes, browser tool robustness, test coverage
- Contributing to: Strix (20.6K+ stars) -- AI pentesting agents, reconnaissance skill docs and bug triage
| Project | Description | Stack |
|---|---|---|
| Argus-Ops | AI-powered infrastructure monitoring CLI. Full AIOps loop: detect -> AI diagnose -> propose fix -> approve -> execute -> verify. Pluggable LLM via LiteLLM (OpenAI, Anthropic, Ollama, 100+ providers). v0.1.0, 51 tests, CI. | Python, Kubernetes, LiteLLM, Click |
| Commerce Abuse Defense | Bot abuse detection and scoring tool with WAF rule generation. 6 detection rules, weighted scoring (0-100), auto-generates Cloudflare and AWS WAF rules. v0.2.1, 60 tests, CI. | Python, Shopify, Cloudflare, AWS WAF |
| K8s Security Baseline | CIS Benchmark v1.8.0 audit automation with RBAC templates, network policies, and SOC 2 control mapping. | Bash, Python, Kubernetes |
| AWS WAF Security Framework | Production Terraform WAF modules for eCommerce. Bot Control, IP Reputation, Rate Limiting, Geo Blocking. Reduced bot traffic from 30%+ to under 3%. | Terraform, AWS WAF, CloudWatch |
Published attack chain analyses documenting real-world eCommerce attack patterns:
- 001: Hidden Product Card-Testing on Shopify -- How attackers discover $0 products via API enumeration and use them for card validation. MITRE ATT&CK T1595, T1190.
- 002: App-Layer Bot Defense Bypass Patterns -- Why client-side bot mitigation is necessary but insufficient. 5 bypass techniques, multi-layer defense architecture.
Active contributor to security-focused open-source projects. Listed as a contributor in PentAGI v1.2.0 release.
| Project | Stars | Contributions | Stack |
|---|---|---|---|
| OWASP Nettacker | 4.8K+ | CISA KEV CVE detection modules, YAML module schema fixes, framework improvements | Python, YAML, Poetry |
| PentAGI | 8.4K+ | 14 contributions merged across 18 PRs (78% merge rate). Key fixes: OAuth CSRF prevention (#120), goroutine leak & data race fix (#126), http.DefaultClient mutation guard (#151), browser tool graceful degradation (#150), error propagation (#152), TLS hardening, search tool test coverage, resource leak prevention | Go, TypeScript, GraphQL |
| Strix | 20.6K+ | Reconnaissance skill docs, Discord badge fix, Windows compatibility, bug triage | Python, Docker, LLM |
| Certification | Issuer | Valid |
|---|---|---|
| Certified Ethical Hacker (CEH) | EC-Council | 2025-2028 |
| Terraform Associate (004) | HashiCorp | Current |
| CASE Java (Application Security) | EC-Council | 2024-2027 |
| Degree | Institution | Status |
|---|---|---|
| MS Cybersecurity | Georgia Institute of Technology | Expected 2026 |
