Welcome!


Information security leader. Builder. Troubleshooter. Technologist.

I lead professional services teams, solve security problems others avoid, and bring decades of hands-on experience to code, infrastructure, and systems: both modern and forgotten.

My work spans:

  • Leading high-performance application security teams
  • Consulting on web and API security, SDLC, and developer training
  • Diagnosing and remediating legacy system failures
  • Architecting weird but functional systems across software, hardware, and physical interfaces

If you’re looking for someone who understands the code, the people, and the real-world implications, I’m probably your guy.


What I Do

🔐 Application Security Leadership

I run teams that make software better, and safer, without grinding engineering to a halt. I’ve helped organizations shift left, build right, and avoid dumpster fires masked as minimal viable products.

🛠 Professional Services Delivery

I’ve spent years building security vendor space professional services teams. I know the value of clarity, scope control, technical depth, and keeping clients from spiraling into churn.

🧠 Cross-Disciplinary Problem Solving

From firewalls to firmware, from deprecated PHP5 apps to bizarre edge cases in auth flows — I bring clarity to chaos and direction to ambiguity.


I Learn by Doing, Then I Share It

My personal projects often bleed into my professional thinking. I’ve:

These aren’t just hobbies — they sharpen how I approach systems thinking, threat modeling, and technical leadership. Some of that work is on my blog.


Looking for:

  • Director-level leadership roles in application security or professional services
  • Consulting engagements that need real technical credibility and clear client guidance
  • Cross-functional projects where security, development, and legacy tech collide

If you want a collaborator who can lead, deliver, and still write code when needed, let’s talk. If not, I’ll be over here talking to AI.


Quick Links


Latest Posts & Archives