6+ years of cyber operations — malware analysis, incident response, SIGINT. Transitioning into security software engineering with a focus on endpoint security, detection engineering, and macOS platform security.
I'm a malware analyst with over six years of experience in incident response and cyber operations across government and national security environments. Active TS/SCI with advanced GIAC certifications in malware analysis, forensics, and network forensics.
I'm transitioning into security software engineering — building tools that are well-structured, useful, and grounded in real security problems. My focus is on detection pipelines, endpoint security tooling, and backend services that translate analyst workflows into reliable engineering systems.
Currently pursuing a B.S. in Software Engineering at WGU and developing in Python and Go. Next focus: macOS internals and endpoint security frameworks.
Static file analysis pipeline for malware triage. Extracts hashes, printable strings, and IOCs from arbitrary binaries — IPs, URLs, domains, and suspicious file artifacts — using a modular two-pass extraction architecture with deterministic JSON output.
Endpoint artifact and telemetry collection tool for macOS. Gathers security-relevant system state for threat hunting and DFIR purposes — persistence mechanisms, running processes, launch agents and daemons, login items, and suspicious binary indicators. Structured JSON output.
Threat intelligence pipeline that ingests public IOC feeds, normalizes indicators, exposes a query API, and optionally generates detection rule stubs. Designed to consume Statica's extracted IOC output for end-to-end enrichment.
Real-time kernel-level macOS telemetry using Apple's Endpoint Security Framework. Evolution of the DFIR Collector from polling-based collection into true event-driven sensor behavior — the architecture that underlies commercial EDR products.