Source · History · Diffs
Security Engineer / Detection & Trading Systems
Selected public projects. Security tooling, detection-as-code, CI/CD supply-chain hardening, and applied research. Browse the source, history, and diffs below.
Landing page for my security engineering projects.
Detection rules kept the way code is kept: written once in Sigma, version-controlled, linted and tested in CI, and compiled to whatever SIEM is in front of me. I spend my day tuning rules in Sentinel and Splunk by hand; this is that work done as a pipeline instead of a console...
A GitHub Actions pipeline that gates every push and pull request on four security checks before code is allowed to merge, then reports the run back to a SOC for visibility. The sample app is a small Flask task API; the point of the repo is the pipeline around it.
This picks up where the secure CI/CD pipeline leaves off. That repo proves the *source* is clean. This one proves the *artifact* is - that the container image a cluster is about to run was built by my pipeline, hasn't been tampered with since, and ships with a verifiable bill ...
Pulls indicators from live threat-intel feeds, deduplicates them, extracts the MITRE ATT&CK techniques behind them, turns the result into Wazuh detection rules and CDB lists, and emails an analyst for sign-off before anything goes live. No rule reaches the SIEM without a human...
A working security operations lab that ties endpoint telemetry, alert triage, and automated case handling into a single pipeline. Wazuh handles detection, Shuffle runs the SOAR playbooks, and TheHive is the analyst workspace where cases land already enriched.
Emulate adversary techniques, then prove the detections fire. This is the validation half of detection-as-code: I run ATT&CK techniques against an instrumented Ubuntu endpoint enrolled in my SOC automation lab, and confirm each one raises the alert it's supposed to - mapped to...
Perseus is an AI orchestration platform that routes natural language commands to specialized agents across a self-hosted Proxmox homelab. It integrates multiple LLM providers (Grok/xAI, OpenAI, and local Ollama) with runtime model switching, SSH-based infrastructure management...
Differential JWT verification harness. Feeds the same (token, key, alg-allowlist) triple into N JWT libraries simultaneously and surfaces any disagreement in the valid field. Disagreements at the verification boundary are auth-bypass primitives.
A post-mortem and the supporting evaluation framework for a Kalshi weather-market trading bot that lost money over its first two months of live trading, then was halted, audited, and retired.