• Intro
• Speaking
• Blogs
• Contributions
• Other Fun Stuff

I have worked at startups, large enterprises, FAANG, and the Federal Government, helping customers solve security engineering challenges, as both a consultant, and owner. I enjoy getting to solve large scale challenges with both code and strategy, and enabling engineering teams to move fast without having to worry about security. I deeply care about making the right thing as easy as possible, and the end user experience of security.

I prefer environments that reward creative thinking, strong ownership of problems, and data driven decision making.

While I enjoy going deep on technical problems, I love being able to step back and solve problems at the source vs bandaid fixes.

CloudNativeSecurityCon 2024: Detection Engineering in Kubernetes Environments

📈 Slides

AWS Community Day Midwest: Exploring Amazon Lake

📹 YouTube
📈 Slides
📓 Jupyter Notebook

SANS CloudSecNext 2023: Detective Controls in Kubernetes Environments

📹 Youtube

The Security Engineers Guide To Infrastructure-As-Code

📈 Slides

Exploring the GitHub Advisory Database for fun and (no) profit

In this blog, I downloaded the entire GitHub Advisory Database, and loaded it into Pandas to look for trends across Open Source Vulnerabilities.

Tactical Cloud Audit Log Analysis with DuckDB - AWS CloudTrail \

In this blog, I cover how to load, parse, and interact with AWS CloudTrail logs utilizing DuckDB, a tool that allows you to locally query and interact with larger than memory datasets that still fit on a single device. Its a great tool for needing to query when you don't have a SIEM available, and is faster than Athena with certain data sizes.

Taking the Secrets Manager Lambda Extension for a spin

This blog, I use the AWS Secrets Manager Lambda extension in different Lambda functions, and benchmark how it impacts performance compared to other methods.

Threat Detection on EKS - Comparing Falco and GuardDuty for EKS Protection

I partnered with co-worker and friend Dustin Whited [@dgwhited] to compare Falco and EKS GuardDuty as options for threat detection in EKS environments.

Using Semgrep to find security issues and misconfigurations in AWS Cloud Development Kit projects

In this blog, I combined my love of static code analysis and infrastructure-as-code to find problems in CDK projects in the actual CDK code itself.

Stratus Red Team - added GCP Support and Initial GCP Technique, added an EKS specific technique that eventually made it into the codebase as well

Peirates - added support for detecting AWS as a Cloud Provider when IMDSv2 is in use

Semgrep - added rules for the static analysis of AWS Cloud Development Kit (CDK) projects

Panther-Analysis - added new detection rules for CodeBuild Public Projects on AWS and some initial K8s rules (WIP)

Matano - added a managed enrichment table for the Cybersecurity and Infrastructure Agency Known Exploited Vulnerabilities (AKA CISA KEV), allowing users to help enrich/prioritize vulnerability finding data sources with KEV status.

CfnSweeper - A CLI tool I built for finding AWS resources unmanaged by AWS Cloudformation, built to help engineers clean up AWS resources often left behind from CDK constructs that have removalPolicies that retain the resource by default.