I engineer AI-powered security systems that think, detect, and respond β so humans don't have to chase every alert.
I sit at the intersection of Software Engineering, Agentic AI, Cybersecurity, Compliance Engineering, and Mainframe Development. My work focuses on four core areas:
π€ AI Security β Hardening LLMs and multi-agent systems against prompt injection, model poisoning, and adversarial attacks using the OWASP LLM Top 10 as the playbook.
π‘οΈ GRC Automation β Writing the pipelines that replace manual audit busywork with continuous control monitoring, automated evidence harvesting, and real-time compliance drift detection β across NIST, SOC 2, ISO 27001, GDPR, HIPAA, PCI-DSS, and CMMC.
βοΈ Security Engineering β Writing the automation that patches vulnerabilities, hunts threats, and locks down cloud environments β using Python, Go, PowerShell, and Bash.
π₯οΈ Mainframe Engineering β Programming IBM z/OS at the metal level β COBOL, Assembler, JCL, REXX, and Python on Z β on the platform that quietly processes over $10 trillion in transactions every day. While most engineers debate frameworks, I'm in the registers.
- Agent Firewall - Default-deny stdio proxy for production AI agents, mediating MCP tool execution against strict SOC-action catalogs
- Email Triage Agent β Inbox zero, finally β an autonomous email agent that handles the noise so you can focus on what matters.
- TaxFlow AI β AI-powered tax document analysis that automatically processes, analyzes, and extracts insights from financial documents.
- MindBridge AI Operations Hub β Automating the busywork of mental healthcare β so clinicians can focus on people, not paperwork.
- Attack Surface Monitor β Real-time AI agent that continuously maps and scores attack surfaces before attackers find them
- VaultHound β Autonomous credential and secrets leak hunter across git repos, CI/CD pipelines, and cloud configs
- PhishSentinel β LLM-powered phishing detection engine with automated threat classification and triage
- BountyOps β Agentic assistant that accelerates bug bounty operations with intelligent vulnerability triage
- Cyber AI Log Analyst β AI agent that parses, correlates, and surfaces behavioral anomalies buried in security logs
- Prompt Injection Scanner β OWASP LLM01:2025 β Automated red-team scanner for LLM prompt injection vulnerabilities
- NIST RAG Compliance Assistant β Ask NIST 800-53 anything. Get answers, not hallucinations.
- AWS Least Privilege Compliance Checker β Audit AWS IAM policies to enforce least-privilege access
- AWS GRC Evidence Collector β Automate compliance, cut costs, and stay audit-ready 24/7.
- AWS Inactive Key Rotation Auditor β Tool that finds your stale AWS keys before an attacker does.
- AWS Password Policy Auditor β Compliance isn't a checklist β it's a system I engineer.
- AWS Automated Access Review β Automated IAM access reviews, AI-powered reports, deployed in one command.
- AWS Cloud Encryption Evidence β Turning a 3-day audit scramble into a 5-minute command.
- Card Guardian β Award-winning PCI DSS compliance toolkit - Don't let auditors cry (by passing quickly)
- CyberGRC Hub - TOYOTA β TISAX-ready. Risk-aware. Production-grade.
- TrailWarden - CloudTrail Validator β Because bad logs are the blue pill.
- AuditCTL β AuditCTL turns your security policies from PDFs nobody reads into automated rules that run on every git push.
- Trust Ledger - 1Password β Continuous Compliance Engine for Modern Infrastructure
- HIPAA Sentinel β Automated HIPAA Security Rule (Β§164.312) gap assessments for AWS environments
- CCM Engine β Continuous Control Monitoring system with AI-driven alerts when compliance posture drifts
- IAM Org Sync β Intelligent IAM access sync engine with real-time drift detection across org boundaries
- Compliance Harvester β GDPR & SOC 2 evidence harvesting pipeline built for audit-readiness at enterprise scale
- NIST CSF Dashboard β Cloud-native compliance posture dashboard mapped across all NIST CSF domains
- Vulnerability Management Program β End-to-end risk-based vulnerability lifecycle management framework built for enterprise environments
- Programmatic Vulnerability Remediations β PowerShell & Bash scripts for automated, repeatable vulnerability patching at scale
- Threat Hunt: Tor Browser Usage β SIEM-driven hunt detecting dark web tool usage across corporate endpoints
- Threat Hunt: Cargo Hold β Advanced behavioral detection simulation designed to expose lateral movement patterns
- Axios PR #11029 - Network proxy bypass fix, canonicalized edge-case IPv4 formats (shorthand/octal/hex) to ensure robust no_proxy evaluation
- opentag PR #58 - Populated owner/repo metadata to fix project-target binding lookup for GitLab integrations
- FckSignups PR #213 - Added Simple Icons to enhance signup UI clarity and visual consistency
- Agent Beacon PR #237 - Added 18 threat-detection rules across 6 categories, enhancing agent telemetry coverage and detection fidelity
- AetherSDR PR #3709 - AppStream metadata refinement and release packaging, ensuring strict specification compliance for Flathub distribution
- KAI OS PR #30 - 60-second local tour transcript, zero-install architecture mapping (Agent = Process, Tool = Syscall), markdown product proof rendering
- GRCEngClub/claude-grc-engineering PR #67 - US-FINRA framework plugin stub, expanded AI-driven compliance architecture for financial regulatory standards
- GRCEngClub/claude-grc-engineering PR #89 - HIPAA Security Rule framework plugin (Reference depth), expanding AI-driven compliance automation for healthcare data
- wmux PR #280 - Agent-to-agent (A2A) channel architecture, implemented U1 domain types and underlying state persistence layer
- vigil365 PR #2 - Per-alert snooze controls and silent auto-resolve logic for alerting workflows
- IBM Z/OS COBOL Flyer β I write the code that runs your bank β and I built proof.
- IBM Z/OS ASM TSO Debugger β <1% of engineers can do this. Now you've found one.
- IBM Z/OS Fibonacci Assembler β I wrote code that speaks directly to a $10-billion IBM mainframe. While most devs argue about frameworks, I'm in the registers.
- IBM Z/OS PDS Advanced Datasets β While everyone else learned Docker, I learned to run the computers that run the world." π₯οΈπ
- IBM Z/OS Mainframe Scripting β While everyone else learned the cloud, I learned what the cloud runs on.
- IBM Z/OS JCL Debugger β From CC 0008 to CC 0000 β debugging enterprise JCL on IBM z/OS so production never stops.
- IBM Z Xplore REXX β Most engineers avoid mainframes. I ran interactive REXX programs on one from my laptop.
- IBM Z Xplore CODE1 β Python on IBM z/OS Mainframe β Enterprise Python development on the platform that runs the world β because cloud isn't the only game in town.
- IBM Zxplore USS1 β Navigating a $10 trillion-a-day platform through a terminal β one command at a time.
- IBM Zxplore Files1 Mainframe Datasets β From VS Code to IBM Z β mastering z/OS dataset management, JCL automation, and enterprise data operations. CC 0000 β
- IBM Z Mainframe Dev Environment β Connecting modern DevOps tooling to enterprise IBM Z infrastructure β VS Code Β· Zowe Explorer Β· z/OSMF Β· JCL Β· TLS Β· z/OS
- boris-loop - Starter kit for the loops over prompts pattern, distilled into ~100 lines of runnable Python
- Offer Negotiation Simulator β Negotiate like a boss. Walk away with more.


