7+ years of cyber operations - malware analysis, incident response, SIGINT. Building security software focused on endpoint security, detection engineering, and macOS platform security.
Security software engineer with 7+ years in cyber operations, malware analysis, and incident response across USAF and national security environments. Active TS/SCI with advanced GIAC certifications in malware analysis, forensics, and network forensics.
I build detection pipelines, endpoint security tooling, and backend services that translate analyst workflows into reliable engineering systems. My focus is macOS platform security, detection engineering, and threat intelligence infrastructure.
Currently shipping Python-based security tooling and pursuing a B.S. in Software Engineering at WGU. Next: Go backend services, Rust systems tooling, macOS Endpoint Security Framework, and Swift systems programming.
Modular macOS forensic artifact collector covering persistence enumeration, process snapshot, code signing validation, TCC permissions, and Unified Log analysis. Zero third-party dependencies, designed for enterprise IR deployment. Structured JSON output.
Static file analysis pipeline for malware triage. Extracts hashes, printable strings, and IOCs from arbitrary binaries — IPs, URLs, domains, and suspicious file artifacts — using a modular two-pass extraction architecture with deterministic JSON output. A zero-dependency Rust port is planned for environments without a Python runtime.
Threat intelligence pipeline that ingests public IOC feeds (AlienVault OTX, abuse.ch, URLhaus), normalizes and stores indicators, correlates across sources for confidence scoring, and generates detection rule stubs from high-confidence IOCs. Includes an LLM-powered triage summary of emerging threat patterns.
Real-time kernel-level macOS telemetry using Apple's Endpoint Security Framework. Evolution of the DFIR Collector from polling-based collection into true event-driven sensor behavior — the architecture that underlies commercial EDR products.