Background
Who I am
I'm a System Engineer and IAM (Identity & Access Management) Engineer. My work centers on designing and hardening infrastructure, identity systems, and access controls so that the right people and systems get the right access — and nothing more.
On the backend, I spend most of my time in Entra ID, Okta, AWS IAM, and custom IdP integrations — writing policies, auditing access, and building zero trust frameworks that actually hold up under pressure. I automate everything with Terraform, Python, and PowerShell because manual processes don't scale and they breed drift.
On iOS, I build tools like Autheris — a secure 2FA token manager that lives entirely on-device. The goal is to take the same security principles I apply to cloud infrastructure and make them practical in the palm of your hand. This site is where I showcase those projects and point to their dedicated pages. When I'm not building, I write about IAM hardening, authentication patterns, and threat intelligence on the blog.
Latest
Recent posts
Security research, technical deep-dives, and threat intelligence. View all posts →
jscrambler npm Package Compromised: Rust Infostealer Drops in Preinstall Hook
The jscrambler npm package was compromised on July 11, 2026. Version 8.14.0 contained a preinstall hook that dropped a Rust-based infostealer targeting developer credentials, cloud keys, and AI tool configurations.
Progress Tells ShareFile Customers: Shut Down Storage Zone Controllers Now
Progress Software just issued an emergency shutdown order for all ShareFile Storage Zone Controllers. No patch exists yet. If you are running one of these, it needs to go offline immediately.
Microsoft Entra Passkey Vishing: When Phishing-Resistant Auth Becomes the Lure
Threat actor O-UNC-066 is weaponizing Microsoft's own passkey enrollment campaigns. Vishing calls direct victims to fake Entra passkey registration flows that enroll attacker-controlled keys instead.