I'm a technically curious solutions engineer. Or maybe I'm a smooth-talking AppSec engineer. Either way, I have been in the DevSecOps space for over 9 years, and have a career that reflects a strong commitment to empowering developers with effective application security tools.
I currently specialise in advancing application security through innovative runtime analysis technology. My work focuses on promoting more accurate and integrated approaches like IAST, RASP and ADR, enabling organisations to embed true DevSecOps within their SDLC.
My previous work leveraged Docker and Kubernetes to build state-of-the-art lab environments to educate developers on secure coding. Whether I’m delivering complex technical solutions into a wide range of customers or working directly on engineering projects, my ethos is always one of curiosity and empathy. I thrive on experiential learning — digging into complex details head-on, learning through trial and error, and iterating quickly to deliver high-impact, real-world solutions.
The projects you see here are a combination of personal research and side-projects that support my wider role as a Solutions Engineer, including experimental environments in Kubernetes and custom tool integrations written in Python.
- Application security, including secure coding and secure design/archecture
- DevSecOps and cloud security
- Kubernetes, kubernetes operators
- Security observability and runtime analysis
- Observability tooling:
- Fluent-Bit
- OpenTelemetry
- Falco
- Modsecurity
- Grafana
- OpenSearch
- Kubernetes:
- AWS EKS Auto-Mode
- Helm and GitOps
- AI:
- Amazon Bedrock
- MCP Servers
- Open source security and observability tooling
- Applicaion security resources