I build the tools and systems that are the backbone of security operations.
I spend most of my time building security tooling, writing detections, and hunting things that don't want to be found. I like making stuff that is actually useful when you are dealing with real threats, mostly around detection engineering, DFIR, and automation across AWS, GCP, and Azure.



Building the tools and systems that everything else runs on: detection pipelines, response tooling, and the platforms that power the whole security operation.
Proactive hunts across global infrastructure to surface sophisticated adversaries that evade automated detection.
Investigation, containment, eradication, and digital forensics when a breach is unfolding.
Turning repetitive defense work into reliable, automated pipelines, from vuln management to detection deployment.