Background
Who I am
I'm a System Engineer and IAM (Identity & Access Management) Engineer. My work centers on designing and hardening infrastructure, identity systems, and access controls so that the right people and systems get the right access — and nothing more.
On the backend, I spend most of my time in Entra ID, Okta, AWS IAM, and custom IdP integrations — writing policies, auditing access, and building zero trust frameworks that actually hold up under pressure. I automate everything with Terraform, Python, and PowerShell because manual processes don't scale and they breed drift.
On iOS, I build tools like Autheris — a secure 2FA token manager that lives entirely on-device. The goal is to take the same security principles I apply to cloud infrastructure and make them practical in the palm of your hand. This site is where I showcase those projects and point to their dedicated pages. When I'm not building, I write about IAM hardening, authentication patterns, and threat intelligence on the blog.
Latest
Recent posts
Security research, technical deep-dives, and threat intelligence. View all posts →
CISA's GitHub Leak Postmortem: What Actually Went Wrong
CISA published a postmortem on the GitHub leak that exposed AWS GovCloud credentials for six months. The contractor ignored nine automated alerts. CISA took 48+ hours to rotate keys after notification. The report is worth reading.
n8n Token Exchange Flaw Lets Attackers Log In As Other Users
n8n patched a bug in their Enterprise token exchange feature that let attackers log in as other users without passwords. The flaw ignored the JWT issuer claim, matching users on subject alone. Strix's AI security agent found it.
Scattered Spider Hackers Plead Guilty on Day 1 of Trial
Two key members of Scattered Spider pleaded guilty in UK court this week. The group hit Transport for London, MGM Resorts, Caesars, and dozens more. $115 million in ransom payments, 120 network intrusions, and they are still in their early twenties.