Background
Who I am
I'm a System Engineer and IAM (Identity & Access Management) Engineer. My work centers on designing and hardening infrastructure, identity systems, and access controls so that the right people and systems get the right access — and nothing more.
On the backend, I spend most of my time in Entra ID, Okta, AWS IAM, and custom IdP integrations — writing policies, auditing access, and building zero trust frameworks that actually hold up under pressure. I automate everything with Terraform, Python, and PowerShell because manual processes don't scale and they breed drift.
On iOS, I build tools like Autheris — a secure 2FA token manager that lives entirely on-device. The goal is to take the same security principles I apply to cloud infrastructure and make them practical in the palm of your hand. This site is where I showcase those projects and point to their dedicated pages. When I'm not building, I write about IAM hardening, authentication patterns, and threat intelligence on the blog.
Latest
Recent posts
Security research, technical deep-dives, and threat intelligence. View all posts →
MFA Prompt Bombing: Why Your Second Factor Isn't Saving You
MFA was supposed to stop credential theft. Now attackers are overwhelming users with push notifications until someone hits approve. Uber fell victim in 2022. Microsoft saw it last year. If your defense relies on humans staying alert through a phone buzzing every few seconds, you have a problem.
TrapDoor: A Supply Chain Attack Hitting npm, PyPI, and Cargo at the Same Time
A coordinated supply chain attack codenamed TrapDoor spread credential-stealing malware through 34 malicious packages on npm, PyPI, and Crates.io. The campaign uses postinstall hooks, build scripts, and even AI assistant prompts to steal credentials and maintain persistence on developer machines.
npm Gets 2FA-Gated Publishing: Finally
GitHub shipped staged publishing for npm. It's a 2FA gate that sits between your CI pipeline and the public registry. You can't publish without a human approving it.