About me
I kinda have a weird job.
Over 15 years, I’ve built CMDB and CIEM platforms, earned two patents for solving cloud data analysis at scale, and helped organizations secure environments spanning 25,000+ AWS accounts and 10M+ assets.
I build platforms that give developers the autonomy they need while keeping security teams happy. This approach has proven valuable enough to survive two acquisitions and scale to some of the largest cloud deployments in the industry.
The environments I work on tend to break vendors. When off-the-shelf tools can’t handle analyzing millions of assets or traversing IAM policies across thousands of accounts, we build our own. This requires a tricky blend of distributed systems knowledge, cloud expertise, threat modeling, and a willingness to challenge convention.
I’ve spent time on both sides of the table – building security products at vendors as a principal engineer and implementing them at uncommon complexity. This dual perspective helps me understand what actually works in production versus what looks good in a demo.
Finally, cloud security involves a lot of coordination between security teams, engineering teams, and the humans who just want to ship code. I spend my time writing software, designing architectures, and occasionally explaining why “just open port 22 to 0.0.0.0/0” isn’t a great idea.

Some examples of my work include:
- Unblocked developers at a top 10 US bank by driving AWS service approval pipeline – translated banking regulations into technical controls using IAM where it worked, and building software-based guardrails where it didn’t
- Led technical delivery for two cloud security startups – proposal, design, and implementation phases for new products and features
- Built four production CMDBs and one CIEM platform due to existing marketplace tool gaps
- Earned two patents related to cloud data analysis as a principal author – cached summaries for instant permission queries and graph traversal for IAM relationship mapping
- Guided engineering teams through two acquisitions to keep products shipping and programs moving
- First responder to a headline cybersecurity incident, performing forensic collection on over 10PB of object storage
- Delivered CSPM visibility for a SaaS company managing 25k+ AWS accounts and 10k+ Azure subscriptions
- Eliminated long-lived AWS keys using an internal short-term secure token service for local developer machines, Terraform Cloud, and GitHub Actions
- Scaled IAM management across 10,000s of accounts by building a GitOps distribution system
- Enabled secure self-service cloud provisioning solutions for AWS Account/Azure Subscription/GCP to enable operational segmentation strategies