Background
Who I am
I'm a System Engineer and IAM (Identity & Access Management) Engineer. My work centers on designing and hardening infrastructure, identity systems, and access controls so that the right people and systems get the right access — and nothing more.
On the backend, I spend most of my time in Entra ID, Okta, AWS IAM, and custom IdP integrations — writing policies, auditing access, and building zero trust frameworks that actually hold up under pressure. I automate everything with Terraform, Python, and PowerShell because manual processes don't scale and they breed drift.
On iOS, I build tools like Autheris — a secure 2FA token manager that lives entirely on-device. The goal is to take the same security principles I apply to cloud infrastructure and make them practical in the palm of your hand. This site is where I showcase those projects and point to their dedicated pages. When I'm not building, I write about IAM hardening, authentication patterns, and threat intelligence on the blog.
Latest
Recent posts
Security research, technical deep-dives, and threat intelligence. View all posts →
TrapDoor: A Supply Chain Attack Hitting npm, PyPI, and Cargo at the Same Time
A coordinated supply chain attack codenamed TrapDoor spread credential-stealing malware through 34 malicious packages on npm, PyPI, and Crates.io. The campaign uses postinstall hooks, build scripts, and even AI assistant prompts to steal credentials and maintain persistence on developer machines.
npm Gets 2FA-Gated Publishing: Finally
GitHub shipped staged publishing for npm. It's a 2FA gate that sits between your CI pipeline and the public registry. You can't publish without a human approving it.
Drupal CVE-2026-9082: From Patch to KEV in 48 Hours
CISA added CVE-2026-9082 to its Known Exploited Vulnerabilities catalog 48 hours after Drupal's disclosure. Over 15,000 attack attempts are now targeting Drupal Core's SQL injection flaw.