Background
Who I am
I'm a System Engineer and IAM (Identity & Access Management) Engineer. My work centers on designing and hardening infrastructure, identity systems, and access controls so that the right people and systems get the right access — and nothing more.
On the backend, I spend most of my time in Entra ID, Okta, AWS IAM, and custom IdP integrations — writing policies, auditing access, and building zero trust frameworks that actually hold up under pressure. I automate everything with Terraform, Python, and PowerShell because manual processes don't scale and they breed drift.
On iOS, I build tools like Autheris — a secure 2FA token manager that lives entirely on-device. The goal is to take the same security principles I apply to cloud infrastructure and make them practical in the palm of your hand. This site is where I showcase those projects and point to their dedicated pages. When I'm not building, I write about IAM hardening, authentication patterns, and threat intelligence on the blog.
Latest
Recent posts
Security research, technical deep-dives, and threat intelligence. View all posts →
Attackers Use LLM Agent for Post-Exploitation After Marimo CVE-2026-39987 Exploit
A threat actor used an LLM agent to conduct post-exploitation after compromising a Marimo notebook via CVE-2026-39987. The end-to-end attack chain lasted just over an hour, with the attacker exfiltrating a full PostgreSQL database in under two minutes.
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
CVE-2026-35616 in FortiClient EMS is being actively exploited to deploy credential-stealing malware. The attackers abuse the management infrastructure itself to push malware to every managed endpoint.
Ghost CMS CVE-2026-26980: SQL Injection Used to Hijack 700+ Sites
Ghost CMS patched CVE-2026-26980 in February. Attackers are exploiting the SQL injection vulnerability at scale to hijack sites and inject ClickFix malware. Over 700 sites have been compromised so far.