Background
Who I am
I'm a System Engineer and IAM (Identity & Access Management) Engineer. My work centers on designing and hardening infrastructure, identity systems, and access controls so that the right people and systems get the right access — and nothing more.
On the backend, I spend most of my time in Entra ID, Okta, AWS IAM, and custom IdP integrations — writing policies, auditing access, and building zero trust frameworks that actually hold up under pressure. I automate everything with Terraform, Python, and PowerShell because manual processes don't scale and they breed drift.
On iOS, I build tools like Autheris — a secure 2FA token manager that lives entirely on-device. The goal is to take the same security principles I apply to cloud infrastructure and make them practical in the palm of your hand. This site is where I showcase those projects and point to their dedicated pages. When I'm not building, I write about IAM hardening, authentication patterns, and threat intelligence on the blog.
Latest
Recent posts
Security research, technical deep-dives, and threat intelligence. View all posts →
Vibe Coding Security: Enterprise Defense Against Shadow Builder Exposures [2026]
2,000+ publicly accessible vibe-coded applications holding sensitive corporate data. Shadow Builders are bypassing every security control you've built. This is the enterprise defense playbook for a problem most organizations haven't acknowledged exists yet.
OpenAI Codex Tokens Stolen via npm Package with 29K Weekly Downloads
A 29K weekly-download npm package has been silently stealing OpenAI Codex authentication tokens for a month. The malicious code is only in the npm build—GitHub looks clean. Refresh tokens don't expire; stolen once, valid forever.
PAN-OS CVE-2026-0257: Authentication Bypass Under Active Exploitation
Palo Alto Networks confirmed active exploitation of CVE-2026-0257, an authentication bypass in PAN-OS GlobalProtect. CISA added it to the KEV catalog with a June 1 remediation deadline for federal agencies.