New York City Metropolitan Area
Security moves fast. I move faster. I lead in the detection engineering and security automation space — building the systems, pipelines, and AI-powered workflows that turn raw signals into decisive action. My focus is on making security teams operate at a level that manual processes simply can't reach. I've spent my career at the intersection of threat detection, intelligent automation, and applied AI. From LLM-integrated triage systems to cloud-scale log pipelines to analyst workflow automation, I build the infrastructure that makes security organizations measurably more effective — and I ship it. I think about security tooling the way a product leader thinks about software. It has to work for the analyst, the manager, and the CISO. The best detection system in the world means nothing if it doesn't fit the way people actually work. Detection engineering. Automation. AI. That's where I live.
• Built SOAR automation that runs the full incident lifecycle — triage to closure. Tines featured • Replaced a third-party phishing tool entirely with a custom-built analysis pipeline. • Designed logging architecture end-to-end — scales to our needs, cuts costs significantly. • Integrating LLMs into detection and response workflows to reduce toil and move faster. • Lead security investigations, endpoint protection, and threat intelligence operations. • Build and tune detection content across identity, endpoint, cloud, and network.
Code42 Technology Advisory Board Provide guidance, recommendations, and influence within: - Strategic Guidance - Threat Landscape - Industry Trends - Innovation and R&D - Product Development - Customer Insights
Built the insider threat programme from scratch — custom UEBA modules, behavioural baselines, and anomaly detection across the enterprise workforce. Automated EDR log ingestion to SIEM in real time using Python and Helium — closing a critical visibility gap. Deployed an enterprise data classification platform enabling risk reduction and regulatory compliance (GDPR, PCI). Automated log accumulation, tool integrations, and alert pipelines using Python, PowerShell, and Bash.
Led AppSec assessments for enterprise clients handling PCI and sensitive data — static/dynamic analysis, threat modelling, and penetration testing. Delivered actionable findings to client engineering teams, not just reports.
Implemented Securonix SIEM for a major client — enabling real-time advanced threat detection including cloud telemetry. Led AppSec assessments across internally and externally facing applications (OWASP Top 10, CWE/SANS Top 26). Built a unified compliance framework spanning NIST, PCI, SOX, COBIT, and GDPR for a global enterprise client. Contributed to IAM delivery using SailPoint and CyberArk.