$ whoami▍
Security engineer in Columbus, Ohio. I run the day job — threat hunting, incident response, IAM, third-party risk assessment — and building internal apps and workflow scripts that close the gap between alert and action.
Detection and threat hunting across EDR, DLP, identity, and cloud telemetry. IAM and PAM administration. Cloud security: Azure App Service hardening (Managed Identities, Key Vault, Private Endpoints, Defender) and AWS posture (IAM, S3, KMS, GuardDuty, CloudTrail), plus M365. Application security and OWASP guardrails — including the LLM top ten. Penetration testing and vulnerability assessment. Vendor and third-party risk assessment. And the internal apps and workflow scripts that tie it together: multi-agent LLM pipelines for compliance, IOC enrichment for SOCs, identity automation, and risk management at scale.
// selected_work/
[01 · llm-pipeline]COMPASS — Configuration Assessment Agent
Multi-agent LLM enrichment of CrowdStrike CIS findings against the official benchmark PDF, with human-in-loop approval and automated ServiceNow change tickets.
Risk Register
Enterprise risk management with LangGraph agents — intake, scoring, monitoring, mitigation tracking.
Mail IOC Scanner
Microsoft Graph harvesting + VirusTotal / urlscan.io / AbuseIPDB enrichment for shared mailbox triage.
Event Planner — CrewAI
Multi-agent event-planning web app on CrewAI, demonstrating agent collaboration patterns outside the COMPASS pipeline.
CyberArk Python SDK
REST API wrapper for CyberArk privileged-access workflows, authored from scratch.
Azure Web App Secure Design
Defense-in-depth secure architecture and remediation plan for six critical risk domains on Azure App Service.
Smaller tools and one-off scripts live in /lab.