Security Engineer | Platform security, adversarial defense, and attack chain research
Security tools for adversarial eCommerce environments. I build detection systems, WAF automation, and compliance tooling -- solving real operational problems with open-source code.
- Currently building: Commerce Abuse Defense v0.3 -- ML-based anomaly detection for bot scoring
| Project | Description | Stack |
|---|---|---|
| Commerce Abuse Defense | Bot abuse detection and scoring tool with WAF rule generation. 6 detection rules, weighted scoring (0-100), auto-generates Cloudflare and AWS WAF rules. v0.2.1, 60 tests, CI. | Python, Shopify, Cloudflare, AWS WAF |
| K8s Security Baseline | CIS Benchmark v1.8.0 audit automation with RBAC templates, network policies, and SOC 2 control mapping. | Bash, Python, Kubernetes |
| AWS WAF Security Framework | Production Terraform WAF modules for eCommerce. Bot Control, IP Reputation, Rate Limiting, Geo Blocking. Reduced bot traffic from 30%+ to under 3%. | Terraform, AWS WAF, CloudWatch |
Published attack chain analyses documenting real-world eCommerce attack patterns:
- 001: Hidden Product Card-Testing on Shopify -- How attackers discover $0 products via API enumeration and use them for card validation. MITRE ATT&CK T1595, T1190.
- 002: App-Layer Bot Defense Bypass Patterns -- Why client-side bot mitigation is necessary but insufficient. 5 bypass techniques, multi-layer defense architecture.
| Certification | Issuer | Valid |
|---|---|---|
| Certified Ethical Hacker (CEH) | EC-Council | 2025-2028 |
| Terraform Associate (004) | HashiCorp | Current |
| CASE Java (Application Security) | EC-Council | 2024-2027 |
| Degree | Institution | Status |
|---|---|---|
| MS Cybersecurity | Georgia Institute of Technology | Expected 2026 |
