About Me

I'm a cybersecurity engineer with a background in data analytics, specializing in threat intelligence, detection engineering, and security automation. I design and implement tools that surface malicious behavior, reduce analyst overhead, and turn noisy telemetry into actionable insight.

My recent work spans protocol behavior analysis in Go, enrichment tooling and alert triage automation in Python, and exploratory use of machine learning to support behavioral detection at scale. I'm especially drawn to the intersection of large dataset analysis and threat visibility—where malicious patterns often hide in plain sight.

I believe the best security solutions scale, adapt, and clarify. Whether I'm digging into packet captures, building analysis pipelines, or reverse-engineering telemetry flows, I aim to make complex systems more observable and threats more visible.

Outside of work, I write fiction, brew beer, and read anything with a strong narrative thread—whether it's fantasy epics or cybersecurity research papers. I'm a systems thinker at heart, always drawn to patterns, stories, and the deeper structures behind how things work. That same curiosity drives how I build, learn, and solve problems. I live in Utah with my beautiful wife and my dog, who takes her role as Chief Morale Officer very seriously.

Core Tools & Technologies

Programming & Scripting

  • Python
  • Go
  • SQL
  • Machine Learning

Infrastructure & Workflow

  • Git
  • AWS (S3, IAM)
  • Docker
  • Bot Management

Telemetry & Security Focus

  • Detection Engineering
  • Security Telemetry
  • Threat Intel
  • Automation

Projects

This section highlights what I've built, what I'm building, and where I'm headed next. I'm especially interested in projects that combine automation with real-world detection challenges.

Now: Expanding functionality of Snortgen and x-weird-for.
Next: Red Team environment setup and practice for PenTest+ and token validation and passing project in Python.

Snortgen

A command-line tool for interactively generating Snort IDS rules with built-in input validation, auto-incremented SIDs, and support for advanced modifiers like content matching, PCRE, and metadata. Dockerized and designed for quick, reliable rule creation in security workflows.

View on GitHub

x-weird-for

A Python-based CLI tool for detecting anomalous HTTP headers using a hybrid of machine learning (Isolation Forest) and custom heuristics. Designed for security analysts, it parses raw headers, extracts behavioral features, and flags suspicious patterns for further inspection. Useful for detecting evasion techniques, malformed requests, and potential reconnaissance activity.

View on GitHub

HTTP/1.1 Server in Go

A minimalist HTTP server written in Go that builds HTTP functionality from raw TCP sockets. Implements chunked transfer encoding, trailer headers, and custom routing without relying on the standard `net/http` package. Great for learning internals and building controlled, testable backend behavior from the ground up.

View on GitHub

Coming Soon!

This is a temporary placeholder for upcoming projects I am migrating and publishing. These will include security tooling, detection logic, and analysis workflows.

View on GitHub

Blog

Boot.dev Hackathon: x-weird-for

How I built an HTTP header anomaly detector using ML + custom heuristics in 72 hours. Commpleted MVP with plans to build out heuristics, UI, and model metrics in the future.

Read more on LinkedIn

And finally, Millie

This is my dog, Millie. She has never met an attacker, never seen a vector. She diligently stands guard against birds and slammed car doors. She's a terrible analyst but the best work bud I could ask for. She thanks you for being here.

Millie the dog
Chief Morale Officer