A short version.
I started in forensic systems at Carnegie Mellon's CERT, broke Tor protocol headers on a budget, ran detection engineering inside a global bank's fusion center, and now build agentic security tools that act on findings instead of just generating them. I care about the bit-level details and the boardroom-level consequences, and I get restless when work happens at neither.
Protocol first. I model invariants and side-channels before reaching for tools. Tor wasn't an exploit; it was an assumption violated.
Forensically sound automation. If a system takes an action, the evidence has to hold up like a federal witness report. Hashes, snapshots, reproducible state.
Governable autonomy. Autonomy is a dial, not a switch. Strategic approval gates beat micro-approvals every time — the latter just teaches operators to rubber-stamp.
Telemetry over intuition. Detection engineering is a data problem. Gut calls are for the first 30 seconds of triage, not the postmortem.
Translate, don't dilute. A bit-level artifact and a C-level risk decision are the same fact in two registers. I'd rather work in both than abandon either.
Boring beats clever. Typed interfaces, least-privilege IAM, ephemeral sandboxes. Most of what makes a system secure is also what makes it dull to read.
Building AttackBench, an autonomous pentesting platform with cryptographic evidence chains and APTS-aligned governance. Reading research on protocol-aware fuzzing and the failure modes of agentic systems under cognitive load.