Capability proof for AI security engineering.

A flagship research report turning AI security job-market noise into evidence about roles, skills, control gaps, hiring signals, and the emerging AI security engineering discipline.

A compact, action-oriented field guide for AI security engineering practitioners working in fast-moving environments.

A practical AI product-security framework for agentic systems, governance evidence, excessive agency, RAG authorization, and continuous threat modeling.

A practical field handbook for turning AI security from policy language into executable engineering work, control evidence, and operator-ready workflows.

A compact methodology for connecting AI inventory, threat modeling, prompt injection, agent permissions, RAG authorization, AI supply chain, evidence, and governance.

A lightweight operating model for turning AI governance into ownership, evidence, controls, and delivery decisions.

A program-buildout case study focused on making product security measurable, fundable, and useful to engineering and customer conversations.

A product-security research model for browser-native applications, extension bridges, native sidecars, privileged pages, postMessage flows, host-object exposure, persistence, credential surfaces, and governed automation boundaries.

A pre-Splunk consulting project applying SAST, DAST, linting, secrets extraction, AST transforms, automated refactoring, and genetic-programming research across hundreds of GitHub-hosted B2B API repositories.

DFIR response to Operation Aurora at Adobe and Google; criminal attribution for FBI wanted financial fraud cases; FBI cybercrime academy instruction.

A Splunk-based IAM monitoring and executive reporting project across Disney access-control and identity systems for campuses and offices.

A paid consulting engagement using LLM-assisted attack trees, MITRE ATT&CK mapping, ServiceNow asset inventory, enterprise architecture context, synthetic logs, and Splunk SPL detections.

Technical hospitality marketing, destination data, inventory normalization, and direct-booking support for independent hotels.

PCI DSS Level 3 scoping, gap analysis, and compliance program delivery for a forex trading and payment processing platform.

3x Salesforce Data.com Rainmaker recognition for OSINT-driven B2B contact mining, normalization, and ABM outreach campaign delivery for a performance advertising platform.

Clinical and cognitive-assessment technology delivery for Australian Defence Force-linked workflows, emphasizing data integrity, privacy, workflow reliability, evidence, and customer trust.

Technology leadership for an iGaming platform, spanning delivery ownership, platform operations, engineering coordination, regulated gaming constraints, data workflows, and security-aware execution.

ISO 27001 information security management system audit, gap analysis, and management consulting for a regulated iGaming platform.

A cyber-workforce research program featured at RSA Conference, bSides NYC, and Infosecurity Europe, translated into a talent-intelligence and ATS workflow layer.

A book about the stories that shape how people think, build, and govern AI security.

A feature-length documentary exploring the internet, collective consciousness, digital culture, creators, and the social meaning of networked life.

Synthetic biology research and public imagination around engineered living systems, bio-design, crowdfunding, regulation, and the boundaries of technological possibility.

A book, audiobook, and program translating entrepreneurial growth into a structured journey from inspiration to global impact.

A multilingual collection of 78 animal-based fairy tales and fables, each paired with a tarot-inspired illustrated card and written for modern moral complexity.

Implementing practical AI control evidence for ISO 42001, NIST AI RMF, AIMS, agent identities, permissions, red teaming, privacy, and output evaluation.

Migrating brittle AI automation experiments into governed, Git-based, containerized agent workflows with schemas, verification, scoring, and acceptance gates.

A product-security architecture for governing browser extensions, Tauri sidecars, MITM interception, local AI, schema normalization, agent authority, and audit-ready automation.

A browser-extension AI runtime embedding WebLLM, Transformers, persistent offscreen workers, WASM engines, Puppeteer-core automation, MITM-style interception, schema normalization, and WSS listeners.

A browser-native AI automation platform embedding WebLLM, WASM modules, Puppeteer-core-style automation, page injections, tool registries, request capture, and authenticated-context workflows.

A WASM-first AI/security backend architecture using Rust engines, Supabase Edge Functions, PostgREST, canonical schemas, scoring engines, extraction pipelines, and evidence-ready APIs.

A browser-native AI workspace using schema-rendered panels, Preact/React UI surfaces, data-driven tool registries, Chrome extension newtab/sidepanel UX, and low-bloat local-first product design.

A Git-backed agentic software delivery system using workflow graphs, code remediation agents, evaluator agents, acceptance criteria, audit trails, issue linkage, and AI-assisted engineering controls.

Repository-mining and code-intelligence work applying static analysis, secrets detection, AST parsing, schema extraction, dependency review, and automated remediation patterns across developer ecosystems.

A browser, desktop, and web platform for harvesting ATS jobs, normalizing job data, scoring fit, tracking applications, and automating career workflows across Greenhouse, Lever, Ashby, Workable, and related systems.

A Sales AI platform combining personality intelligence, email discovery, CRM enrichment, LinkedIn context, cold outbound automation, and agentic sales workflows.

A Hunter.io-style contact intelligence platform using browser-local lookup, company/domain mining, Tranco-scale datasets, H1B/public data, GitHub/arXiv signals, LinkedIn URL discovery, and email-pattern prediction.

A fit-scoring and recruiting-intelligence system modeling role fit, team fit, culture fit, company fit, psychographic fit, nearest-neighbor similarity, and explainable candidate-job matching.

A behavioral interview and self-discovery platform built from 6,000+ interview questions, 30,000 company analyses, STAR scoring, NLP clustering, LLM judges, and iterative coaching loops.

A private AI collaboration stack combining Mattermost, a custom MFE app, Ollama, LocalAI, GitLab service workflows, model benchmarking, audit trails, and ISO 42001 / OWASP-aligned agentic delivery controls.

A macOS-first Rust/Tauri sidecar with MITM proxying, 164 schema normalizers/adapters, streaming WSS processing, and LLM chat interception pipelines.

A native AI sidecar architecture using Tauri, Rust, MITM proxying, WebSocket bridges, 160+ adapters, Apple-native APIs, VPN/network capabilities, and a dynamic capability mesh across devices and clients.

A product-security assessment of browser trust boundaries, privileged page handling, native bridge exposure, and persistence pathways.

A labor-market intelligence engine analyzing AI security, product security, AppSec, governance, and emerging agentic-system roles across thousands of ATS job descriptions.

A product-security assessment of browser trust boundaries, privileged pages, native bridges, persistence pathways, and agentic automation authority.

A psychometric product engine combining LIWC-compatible text analysis, 300+ dictionaries, WASM/Go/Rust runtimes, personality prediction, survey frameworks, LMS packaging, and LLM-generated coaching reports.

Large-scale connected-device analytics using Forescout Device Cloud, Elastic, Kibana, and security-research workflows to turn millions of device records into report-ready security evidence.

Device Cloud research on connected medical-device segmentation, insecure protocols, default credentials, legacy systems, and clinical-network exposure.

Device Cloud research identifying the riskiest IoT devices across financial services, government, healthcare, manufacturing, and retail.

Device Cloud research on financial-services device risk, flat networks, IoT/OT proximity, POS exposure, Windows lifecycle risk, and segmentation gaps.

Device Cloud and research-backed analysis of OT, IoT, industrial, unmanaged, and cyber-physical systems as enterprise attack surfaces.

Offensive security research into connected-device risk, enterprise exposure, and real-world exploitability, later featured in WIRED coverage.

A public security research program turning SIEM deployment analysis, cloud detection patterns, architecture innovation, and SOC maturity findings into RSA, Infosecurity Europe, and CloudNativeSecurityCon-ready narratives.

Architecture innovation work redesigning SIEM reference architectures, standardizing detection taxonomy, validating Exchange content, and turning hundreds of enterprise deployments into maturity patterns.

Linux Foundation / Cloud Native SecurityCon research on enterprise cloud detections, cloud SOC maturity, ATT&CK-aligned motives, and the growing importance of cloud-native telemetry in SIEM programs.

A three-framework workforce-development product suite combining EMPOWER psychometrics, CORE interview intelligence, RISE self-authoring, SCORM/xAPI/LTI packaging, university pilots, and AI-generated coaching reports.

Building a scalable, evidence-driven product security function for a global enterprise software platform.

Turning a sprawling marketplace security problem into a repeatable app certification, review, and trust program.

Established and directed a live Smart IoT Building security research lab spanning robotics, HVAC, ICS/SCADA, and SOC-style command center operations.

A security response operating model for urgent product, customer, vulnerability, and research-driven risk events in enterprise device-security environments.

Advanced security research across ProdSec, AppSec, AI risk management, and AI voice threat modeling at enterprise SaaS scale.

A control-architecture and evidence-readiness effort translating FedRAMP Moderate requirements into policy, standards, technical controls, operational procedures, and audit-ready proof.

Leading product and engineering for a 2B-page open-source intelligence platform using high-throughput crawling, PostgreSQL-scale ingest, ML, NLP, clustering, search analytics, and graph visualization.

A technical marketing and machine-learning project generating high-value niche multileg flight itineraries to support affiliate growth, search demand capture, and travel-content expansion.

A travel-data quality project cleaning geographic waypoints, inventory metadata, and GDS-linked destination structures to improve search, booking, routing, and content reliability.

A maritime Southeast Asia research journey and book using the mimic octopus as a living metaphor for adaptation, identity, deception, and the search for true self.

A 2025 leadership book by David Wolf that turns purpose, decision-making, and systems thinking into a practical operating frame for builders and operators.