I'm a security engineer with about eleven years of experience, and I've spent that time moving steadily deeper into platform and infrastructure security. I started in consulting, doing application security, threat modeling, and security automation, then grew into cloud and security architecture. That took me to Salesforce, where I was on the foundational security team designing the controls behind their move to AWS, and then to Twitter, where I helped secure one of the largest Kubernetes platforms in the world.
Now at Block, I work on the foundational platform shared across Square, Cash App, and Afterpay, and I've led a number of org-wide controls there: container image signature verification for our Kubernetes platforms, Golden-AMI enforcement through SCPs across roughly ten thousand AWS accounts, our AWS Lattice service-networking rollout, and hardening our Terraform pipelines.
Recent platform-security work, mostly Kubernetes and cloud:
- kubesplaining
Kubernetes security assessment CLI that maps multi-hop RBAC privilege-escalation paths to cluster takeover.
- rbac-why-can-i
kubectlplugin that traces why an RBAC permission is granted, showing the exact Role/Binding chain. - agentmoat: moves Kubernetes workloads from runc to gVisor to blunt container-escape, safely and reversibly.
- eks-identity-migrator: audits IRSA usage and migrates EKS clusters to Pod Identity with verification and rollback.
- eks-scp: highest-impact AWS Organizations SCPs for EKS, built on the new EKS IAM condition keys.
OSCP | Advanced Cloud Security Practitioner (CSA)
Go | Python | Rego | Terraform | Kubernetes | AWS | OPA/Gatekeeper