Background
Who I am
I'm a System Engineer and IAM (Identity & Access Management) Engineer. My work centers on designing and hardening infrastructure, identity systems, and access controls so that the right people and systems get the right access — and nothing more.
On the backend, I spend most of my time in Entra ID, Okta, AWS IAM, and custom IdP integrations — writing policies, auditing access, and building zero trust frameworks that actually hold up under pressure. I automate everything with Terraform, Python, and PowerShell because manual processes don't scale and they breed drift.
On iOS, I build tools like Autheris — a secure 2FA token manager that lives entirely on-device. The goal is to take the same security principles I apply to cloud infrastructure and make them practical in the palm of your hand. This site is where I showcase those projects and point to their dedicated pages. When I'm not building, I write about IAM hardening, authentication patterns, and threat intelligence on the blog.
Latest
Recent posts
Security research, technical deep-dives, and threat intelligence. View all posts →
Threat Actors Exploit Critical FortiClient EMS Flaw to Deploy Credential Stealer
CVE-2026-35616 in FortiClient EMS is being actively exploited to deploy credential-stealing malware. The attackers abuse the management infrastructure itself to push malware to every managed endpoint.
Ghost CMS CVE-2026-26980: SQL Injection Used to Hijack 700+ Sites
Ghost CMS patched CVE-2026-26980 in February. Attackers are exploiting the SQL injection vulnerability at scale to hijack sites and inject ClickFix malware. Over 700 sites have been compromised so far.
GlassWorm Botnet Takedown: CrowdStrike Cripples Supply Chain Attack Infrastructure
CrowdStrike, Google, and the Shadowserver Foundation dismantled GlassWorm's C2 infrastructure. The campaign pushed trojanized VS Code extensions and malicious npm packages to harvest developer credentials at scale.