Director of
Security Engineering.
Over two decades of experience building security programs that bridge the gap between executive strategy and engineering execution, from government agencies to high-growth SaaS.
What I Do
Engineering Leadership
Turning security strategy into engineering reality. Staff and budget ownership, building teams, and embedding security into the development lifecycle across distributed organizations.
Information Security
Designing and implementing security programs grounded in ISO 27001, SOC 2, and vulnerability management, from policy to production controls.
Advisory & Consulting
Senior advisory across industries: interim CISO engagements, security architecture reviews, and hands-on guidance for organizations building their security posture.
Technical Insights
View All Articles
Security Is a Product, Not a Gate
For years we said security is a process, not a product. That was right, and it still is. What changed is that the modern security team now ships products to...
Why Security Leadership Needs T-Shaped Thinking
Specialist-only career models no longer fit modern security organizations. T-shape, depth in one specialty and fluency across the others, is the floor of the modern...
May 2026Three Trust Primitives, One Attack: What May 11 asks your security organization to become
On May 11 between 19:20 and 19:26 UTC, 84 malicious @tanstack/* npm versions shipped with valid SLSA Build Level 3 provenance. The signatures verified. The...
May 2026Tips & Tricks: CI/CD Hardening and the Security Operating Model
Practical takeaways from the May 2026 TanStack compromise. How to harden CI/CD trust primitives, and how to resize the operating model around modern security artefacts....
Let's talk security.
Available for consulting engagements, advisory roles, and speaking opportunities. Let's find the right fit.