Director of
Security Engineering.
Over two decades of experience building security programs that bridge the gap between executive strategy and engineering execution, from government agencies to high-growth SaaS.
What I Do
Engineering Leadership
Turning security strategy into engineering reality. Staff and budget ownership, building teams, and embedding security into the development lifecycle across distributed organizations.
Information Security
Designing and implementing security programs grounded in ISO 27001, SOC 2, and vulnerability management, from policy to production controls.
Advisory & Consulting
Senior advisory across industries: interim CISO engagements, security architecture reviews, and hands-on guidance for organizations building their security posture.
Technical Insights
View All Articles
Three Trust Primitives, One Attack: What May 11 asks your security organization to become
On May 11 between 19:20 and 19:26 UTC, 84 malicious @tanstack/* npm versions shipped with valid SLSA Build Level 3 provenance. The signatures verified. The OIDC binding was real. The...
Tips & Tricks: CI/CD Hardening and the Security Operating Model
Practical takeaways from the May 2026 TanStack compromise. How to harden CI/CD trust primitives, and how to resize the operating model around modern security artefacts....
May 2026Vulnerability management is a coordination problem. Here is what existing SaaS and automation can do about it.
A small Slack-native vulnerability coordination workflow POC built on free-tier SaaS, with Postgres as the spine, n8n as deterministic glue, and an LLM constrained to...
May 2026Lessons from a Security Incident (GrafanaCON 2026)
A walkthrough of the April 2025 CI/CD incident at Grafana Labs - one small misconfiguration, fast detection thanks to canary tokens, and why preparation beats...
Let's talk security.
Available for consulting engagements, advisory roles, and speaking opportunities. Let's find the right fit.