I work at the intersection of product and security. I've built security programs and led teams that ship security products, from figuring out what to build to getting it into production. Right now I'm focused on AI in security, zero trust, post-quantum cryptography, and cloud.

On my own time, I do independent vulnerability research. I've found and reported issues in open-source infrastructure, cryptographic libraries, and government tools. You can see some of that in my experiments.

I also speak about this stuff — BSides SF, BlackHat MEA, OWASP Global AppSec — mostly about post-quantum crypto and building security tools that actually help developers.

I care about the place where AI meets security. I'm building autonomous agents for vulnerability research, and thinking about the bigger questions. I write about it when something's worth sharing.