I break things, then build things that break less.
Security engineer & developer based in the Pacific Northwest —
currently working on offensive-tooling, detection engineering, and the occasional pretty web app.
●available for contract · Q2 2026
→Seattle, WA (UTC-8)
✦OSCP · eWPTX · CISSP
> ls ./components/badge
Badges & Pills
6 variants
pill · teal
pythonrustwiresharknmapburp suite
pill · stack
Next.jsTypeScriptPostgreSQLDockerTailwind
difficulty
EasyMediumHardInsane
> ls ./components/project-card
Project Card
surface · hover: border teal@35
packetline
active
Lightweight TUI packet-capture inspector. Parses pcap streams in Rust, renders protocol trees in a blessed-style terminal UI with regex filter expressions.
Lead the internal red team. Built a continuous-validation harness that replays adversary TTPs against production telemetry nightly and files tickets when coverage regresses.
red teampurple teamdetection engineering
Application Security Engineer ·Halcyon
JUN 2021 — MAR 2024
Shipped the SDL from scratch across 6 product teams. Wrote the threat-modelling handbook, built the pre-merge SAST gates, ran quarterly tabletop exercises with leadership.
appsecthreat modellingsdl
Security Consultant ·NCC Group
AUG 2019 — JUN 2021
Pentesting & code-review engagements across fintech, healthcare, and embedded. Averaged 14 findings per engagement; authored 23 client deliverables.
pentestingcode review
> ls ./components/writeup-card
Writeup Card
CTF · platform · difficulty
HTBwebHard
Hospital — chaining LFI to SYSTEM via GhostScript
A Ghostscript RCE gadget hidden behind an avatar-upload LFI, pivoting through a misconfigured ADCS template to full domain compromise.
Fingerprinting a well-known endpoint agent's injected DLL, mapping its IAT hooks, and evaluating three bypass strategies against its telemetry pipeline.