Senior Information Security Engineer focused on building tools and automation that help organizations defend against real-world threats. I spend most of my time between security engineering and applied research, figuring out what's broken and then building something to fix it.

Studied software engineering, moved into cybersecurity, and found the space where both skill sets matter most. AI-assisted development has brought the builder side back out in a big way.

🔬 Threat Terminal is my current research project. It's an interactive platform that studies how well humans detect AI-generated phishing when linguistic quality is no longer a reliable signal. Players classify 1,000 AI-generated emails across six attack vectors (urgency, authority impersonation, credential harvesting, hyper-personalization, pretexting, and fluent prose) while the platform collects pseudonymous research data. The study protocol is published on Zenodo. Source code · Research overview

🛡️ Enterprise-Zapp scans Entra ID tenants for orphaned apps, risky service principals, and misconfigured app registrations. It produces a risk-rated inventory so security teams can clean up what they didn't know was there.

🃏 Threat-Intel-Tarot turns 78 real adversary profiles from MITRE ATT&CK into a tarot card deck. It's a creative way to explore TTPs, export ATT&CK Navigator layers, and make threat intelligence more approachable.

📚 infosec-resources is an opinionated guide for people breaking into cybersecurity, covering roadmaps, certs, labs, and common mistakes.

I learn the most when I build in the open. Sharing tools and research means other people can poke holes in it, improve it, or use it to solve problems I hadn't thought of. That feedback loop is the whole point.