Background
Who I am
I'm a System Engineer and IAM (Identity & Access Management) Engineer. My work centers on designing and hardening infrastructure, identity systems, and access controls so that the right people and systems get the right access — and nothing more.
On the backend, I spend most of my time in Entra ID, Okta, AWS IAM, and custom IdP integrations — writing policies, auditing access, and building zero trust frameworks that actually hold up under pressure. I automate everything with Terraform, Python, and PowerShell because manual processes don't scale and they breed drift.
On iOS, I build tools like Autheris — a secure 2FA token manager that lives entirely on-device. The goal is to take the same security principles I apply to cloud infrastructure and make them practical in the palm of your hand. This site is where I showcase those projects and point to their dedicated pages. When I'm not building, I write about IAM hardening, authentication patterns, and threat intelligence on the blog.
Latest
Recent posts
Security research, technical deep-dives, and threat intelligence. View all posts →
OAuth Client ID Spoofing Lets Attackers Validate Stolen Microsoft Entra Credentials
Attackers found a way to test stolen Microsoft Entra credentials without leaving a sign-in trace. They are using it at scale.
Forg365 PhaaS Targets Microsoft 365 with Device Code and AitM Session Theft
A new phishing-as-a-service operation called Forg365 is targeting Microsoft 365 accounts using device code phishing combined with adversary-in-the-middle tactics. The platform costs $400 a month and is distributed via Telegram.
jscrambler npm Package Compromised: Rust Infostealer Drops in Preinstall Hook
The jscrambler npm package was compromised on July 11, 2026. Version 8.14.0 contained a preinstall hook that dropped a Rust-based infostealer targeting developer credentials, cloud keys, and AI tool configurations.