Cybersecurity, AI & data science leader — 20+ years building production cyber-analytics platforms across enterprise, defense, and federal.

I build production-grade cyber data and analytics platforms — applying AI/ML, data science, and cloud engineering to defend networks and turn high-volume telemetry into decisions. Ph.D. in Computer Science, 20+ years across enterprise, defense, and federal environments.

Projects Experience Ethos Tutorials

Focus Areas

AI for Cyber

Offline/air-gapped LLM fine-tuning, MCP & agentic AI workflows, and ML-based anomaly detection on live network telemetry.

Network Defense & Forensics

Real-time situational awareness, threat detection at scale, and cyber-topology visualization for analysts and operators.

Data Science & Pipelines

Large-scale analytics pipelines, cloud data engineering on AWS/GCP, and ML modeling over messy, high-volume data.

Recent Posts

Treating Your Agents as Insiders: Lessons from the GDM AI Control Roadmap

10 min read · June 23, 2026

I build and think a lot about cyber agents — AI systems that read code, call tools, touch infrastructure, and increasingly do real work without a human watching every step. So when Google DeepMind published GDM AI Control Roadmap (v0.1) (Phuong, Jenner, Simon, Ho, Shah, Farquhar & Coull, 2026), it piqued my interest. It’s the clearest articulation I’ve seen of a simple, slightly uncomfortable idea: the most useful framing for securing AI agents is to treat them as a potential insider threat — and to borrow, almost wholesale, the playbook we already use against malicious employees.

Read more →

Anatomy of a Backdoor: The XZ Utils Supply-Chain Attack (CVE-2024-3094)

31 min read · June 13, 2026

On Friday, March 29, 2024, a Microsoft engineer named Andres Freund sent an email to the oss-security mailing list that quietly averted what might have been the most consequential supply-chain compromise in the history of open source. He had been chasing a performance oddity — SSH logins on a Debian test system were running about half a second slower than they should have, and liblzma was burning suspicious amounts of CPU. What he found at the bottom of that rabbit hole was a deliberately planted backdoor in XZ Utils, a compression library that ships in virtually every Linux distribution on Earth.

Read more →

Walkthrough: VulnHub 42Challenge — LFI to Root

8 min read · June 11, 2026

A condensed walkthrough of the 42Challenge boot-to-root box from VulnHub. The fun of this one isn’t a single CVE — it’s chaining a chain of small weaknesses: a client-side filter, a local file include, log poisoning, a backup file, and a little reverse engineering. The methodology generalizes well beyond this box.

Read more →

iSCSI Applications & Security

6 min read · February 8, 2025

iSCSI (Internet Small Computer Systems Interface) is a powerful protocol that allows you to extend storage capabilities over a network. Whether you’re managing a home office setup or a full-fledged data center, iSCSI can help you integrate Network Attached Storage (NAS) devices with hypervisors like VMware ESXi. However, like any network device, iSCSI presents a number of security vulnerabilities and attack surfaces that must be considered. This guide will explore the iSCSI protocol, its applications, and various security considerations to ensure your data remains protected.

Read more →
Commodore 64 home computer
Sooner or later, someone has to row. — Steve Henderson