Security, code, and open roads.
I lead a team of AppSec engineers and spend my days finding the cracks in software before someone else does. Threat modeling, code review, and the kind of vulnerability research that makes developers uncomfortable in a productive way.
This blog is where I think out loud. Expect writeups on AppSec topics: OWASP, secure design patterns, pentest findings, the occasional rant about authentication done wrong. I also cover the broader cybersecurity landscape when something interesting or underreported crosses my radar.
When I'm not behind a keyboard, I'm on a motorcycle. Two wheels, backcountry discovering, no Teams notifications. It's the best context switch I've found.
Find me on GitHub, or just subscribe to the RSS feed and skip the noise.