About
I'm a Senior InfoSec Engineer at Cloud.gov focused on cloud platform security, identity federation, and compliance automation. I spend my days designing security controls that enable teams instead of blocking them — and too many nights in my homelab breaking things to understand how they work.
My work centers on designing security controls for multi-tenant cloud platforms — network segmentation, identity federation, compliance automation, and CI/CD security tooling. The goal: make the secure path the easy path so teams can deploy safely without fighting security controls.
The Journey
20 years of breaking things and learning how to fix them.
2023 – Present: Senior InfoSec Engineer, Cloud.gov
Shaping cloud security architecture and federal compliance posture for a FedRAMP Moderate platform.
Contributing to the NIST 800-53 Rev 4 → Rev 5 transition. All those years of breaking things turned out
to be decent preparation.
2023: Lead HPC Site Reliability Engineer, NIH
Supporting high-performance computing clusters for molecular dynamics research. Got to burn in 8-way H100
nodes and help configure NVLink — genuinely fun work.
2021 – 2023: Enterprise VM Lead, NIH OCIO
Led vulnerability management across 100,000+ assets and 27 Institutes. The hardest part wasn't the tech —
it was convincing 27 different IT teams to move at the same speed. Log4j SME, CISA BOD 22-01.
2018 – 2021: Security Engineering Lead, NHGRI
Securing research infrastructure for ~2,200 endpoints — including million-dollar genomic sequencers that
scientists would revolt over if you tried to patch them during a sequencing run.
2014 – 2017: IT Infrastructure & Service Desk Leadership
Moved through several infrastructure and support roles in the NIH ecosystem, gravitating toward the security
engineering work that would define the next chapter.
2005 – 2014: Independent IT Consultant, Harrisburg PA
Nearly a decade of fixing broken computers for anyone who'd hire me. Evolved from "my computer won't start"
house calls into small-business infrastructure management. To this day, when a bad CVE drops, I grab pastries
from my local Spanish bakery as a thank-you for the response team.
How I Think About Security
I believe security should enable work, not block it. The best controls? Users never notice them because they just work. Nobody cares about your perfect firewall rules if they can't deploy their app.
Technical excellence is not enough. You can design the most elegant network segmentation in the world, but if developers can't deploy their code, they'll find a workaround. Make the secure path the easy path.
Automation isn't about replacing people. It's about freeing them to do interesting work instead of clicking buttons. I spent months learning Terraform so teams could manage firewall rules as code. Best investment I've made.
AI security is about governance, not just tech. The hard problems aren't the models — they're the humans, policies, and processes around them. Just like every other security problem I've worked on.
If security slows teams down, they'll work around it. If compliance feels like busywork, it won't get done right. Good security is invisible until you need it.
When I'm Not Working
You'll find me in my homelab, which has grown from a single Raspberry Pi in 2015 to a Dell PowerEdge R910, a fleet of Pis, and way too many containers. I run my own Wazuh SIEM, self-hosted Bitwarden, and whatever else I'm experimenting with that week.
I'm also deep into AI/LLM experimentation — not just using ChatGPT, but running local models, building agents, and figuring out how to secure these systems in production. See what I'm building on the projects page.
Fair warning: I've burned out a GPU pushing local LLM inference too hard. Also took down my home network for hours trying VLAN segmentation "just to see how it works." Breaking things in my homelab so I don't break them anywhere else is the whole point.
Favorite debugging method: rubber duck debugging — with an actual rubber duck. I've also deployed a RITA (rubber chicken) for particularly stubborn bugs.
Connect
I love connecting with folks who geek out about cloud security, identity federation, compliance automation, or AI infrastructure security. Whether you're building something cool, stuck on a problem, or just want to talk homelab setups — reach out.