Technical writing, research notes, and selected experience.
Staff engineer building modern Windows endpoint security systems.
Staff software engineer with more than a decade of experience across Windows kernel development, endpoint detection, CNO tooling, malware development, vulnerability research, and agentic AI workflows.
Selected Experience
2025 - Present
IRU
Staff Engineer
Leading the development of a greenfield EDR product, focusing on the Windows Agent and Driver components.
- Architecting a greenfield Windows kernel-mode telemetry driver designed for low-overhead endpoint visibility at production scale.
- Developing the user-mode agent component in modern C++ for resilient threat detection.
- Implementing agentic AI workflows to accelerate driver validation and EDR feature development.
- Establishing foundational engineering and testing paradigms for the new platform.
2022 - Present
Real American Security
Founder / Software Engineer
Independent consultancy and product development focusing on DoD consulting, C++ obfuscation research (ObfTypes), and building a scalable video game analytics platform.
- Built production backend APIs and data-intensive web services in Python and .NET for analytics-driven applications.
- Designed scalable data infrastructure with ClickHouse, Redis, and PostgreSQL to support high-volume ingestion, low-latency access, and large-scale analytical querying.
- Developed data pipelines and backend workflows powering user-facing analytics and application features, with end-to-end ownership across architecture, implementation, deployment, and iteration.
2024 - 2026
Sophos / SecureWorks
Principal Software Engineer
Leading Windows agent and EDR platform work across kernel and user mode, with a focus on exploit-aware telemetry, defensive hardening, and practical platform modernization.
- Architected enterprise EDR capabilities across kernel and user mode
- Established AI-assisted workflows and engineering standards across a large legacy codebase
- Built crash-dump and behavioral-analysis utilities for production defense
2022 - 2024
Raytheon Cyber
Senior CNO Software Engineer
Developed advanced CNO tooling and led research into evasion, anti-analysis, and validation infrastructure across multiple operating systems.
- Built implants, loaders, and supporting command-and-control infrastructure
- Researched hypervisor-based and hardware-assisted evasion techniques
- Introduced automated testing and CI patterns inside constrained environments
2020 - 2022
National Security Agency
Software Engineer / Systems Vulnerability Analyst
Worked across red- and blue-team assessments, supply-chain research, vulnerability analysis, and technical reporting for senior stakeholders.
- Contributed to work referenced in senior-level cyber policy discussions
- Researched SolarWinds-class attack paths and defensive replication strategies
- Performed reverse engineering, application security audits, and tool evaluation
Selected Security Work
ObfTypes
A C++26 header-only library providing compile-time polymorphic variants of standard integral types for signature evasion and anti-analysis.
KernelGuardian (Coming Soon)
Game integrity kernel driver preventing unauthorized memory access and handle stripping in competitive gaming environments.
Lucid Edge
An immersive MMORPG that takes you back to the fantasy of old games. Enter a world on the edge of lucidity, where classic adventure meets modern innovation and every moment feels like a vivid dream.
Technical Writing
View AllMarch 23, 2026
How I Found 3 Router 0-Days and Built an AI-Assisted Firmware Emulation Platform
A disclosure-safe look at using rootless Podman, QEMU user-mode, and AI automation to bring up router firmware in WSL, work through the ugly realities of embedded userspace, and turn 3 findings into a repeatable testing platform.
May 3, 2026
Bypassing Single-Instance Checks: Mutex Manipulation with HueSyncPatch
A technical look at manipulating NT handles to bypass application single-instance enforcement, from an EDR and threat hunting perspective.