series 5 parts
Overseer-in-the-loop
Practically implementing Auto Mode for your agent loops - the agent loop, the action classifier, policy-as-code sandboxing, and the red-team results, one layer at a time.
Hi, I’m Matthew. I write software that secures cloud providers and AI agents, with AI agents.
Most days I’m securing AI agents, building them to do security work, and building the benchmarks that make sure they’re both secure and effective at their jobs - then leveling up other teams to do the same.
Sometimes I still get time to do interesting things around identity and cloud security problems. I help organize fwd:cloudsec 2026 and sit on the CVE AI working group. I write up things I learned the hard way - sometimes work-related, sometimes just because I got curious. Feedback welcome.
Series
All series →Longer arcs I’m building out a part at a time - read in order, or jump in.
Recent writing
All posts →One-off posts. I blog infrequently and poorly, but this is what I’ve got. Might be based on something outdated by the time you read it.
c7n
Rationalizing Cloud Custodian Orchestration
Cloud Custodian is a powerful cloud service provider management tool that has occupied a considerable percentage of my professional headspace.
Continue reading → golangUsing Terraform to Write Terraform for Software-Vended Infrastructure Blocks
A general thread running through the Terraform value proposition is creating a culture of clearly defined and source-controlled infrastructure artifacts.
Continue reading → database managementUsing Github Actions to ship RDS schema migrations without exposing your instance to the internet
GitHub Actions has become many teams’ go-to code-building and container-shipping solution. With its support for chained workflows, your commits to the main…
Continue reading →