Director of
Security Engineering.
Over two decades of experience building security programs that bridge the gap between executive strategy and engineering execution, from government agencies to high-growth SaaS.
What I Do
Engineering Leadership
Turning security strategy into engineering reality. Staff and budget ownership, building teams, and embedding security into the development lifecycle across distributed organizations.
Information Security
Designing and implementing security programs grounded in ISO 27001, SOC 2, and vulnerability management, from policy to production controls.
Advisory & Consulting
Senior advisory across industries: interim CISO engagements, security architecture reviews, and hands-on guidance for organizations building their security posture.
Technical Insights
View All Articles
Why Security Leadership Needs T-Shaped Thinking
Specialist-only career models no longer fit modern security organizations. T-shape, depth in one specialty and fluency across the others, is the floor of the modern leadership profile, and AI is...
Three Trust Primitives, One Attack: What May 11 asks your security organization to become
On May 11 between 19:20 and 19:26 UTC, 84 malicious @tanstack/* npm versions shipped with valid SLSA Build Level 3 provenance. The signatures verified. The...
May 2026Tips & Tricks: CI/CD Hardening and the Security Operating Model
Practical takeaways from the May 2026 TanStack compromise. How to harden CI/CD trust primitives, and how to resize the operating model around modern security artefacts....
May 2026Vulnerability management is a coordination problem. Here is what existing SaaS and automation can do about it.
A small Slack-native vulnerability coordination workflow POC built on free-tier SaaS, with Postgres as the spine, n8n as deterministic glue, and an LLM constrained to...
Let's talk security.
Available for consulting engagements, advisory roles, and speaking opportunities. Let's find the right fit.