About me

I'm a security engineer with 18+ years of combined software engineering and security experience, including 5 years as Principal Application Security Engineer at Exabeam (formerly LogRhythm), a cloud-native SIEM/UEBA SaaS platform. I hold a strong offensive background — OSEP, OSWE, OSCP, and CRTO — that directly informs my defensive architecture decisions.

My work spans CI/CD pipeline hardening, SAST/SCA/DAST automation, cloud IAM review, Infrastructure-as-Code (Terraform, Ansible, Packer), and threat modelling at scale. I'm experienced in mentoring engineering teams on secure-by-design practices and in building AI-assisted security tooling.

Drawn to roles where security is a first-class design concern and where the systems being protected have genuine real-world significance.

Commercial Experience

Exabeam (previously LogRhythm) — Principal Application Security Engineer

August 2021 – present

  • Cloud security assessments covering IAM configuration, network segmentation, and encryption controls — white-box pentest engagements across all company products
  • Managed SAST/SCA/DAST scanning pipelines, secrets scanning, and dependency auditing across cloud-hosted environments with Ansible IaC; enforced mandatory security gates in CI/CD across all product repositories
  • Internal pentests, red team, and purple team engagements — code analysis, assumed-breach scenarios, AV/EDR bypass with custom payloads, lateral movement, and data exfiltration testing; SOC rule and alert development
  • Automated C2 infrastructure provisioning using Ansible IaC for repeatable, auditable deployment of isolated test environments
  • Built an AI-powered security findings triage system that classifies SAST/SCA results, filters false positives at scale, and automatically opens GitHub PRs with AI-generated remediation code
  • Threat modelling via data flow and process flow diagrams; mentored software engineers on OWASP Top 10 and secure coding practices; delivered internal training to embed security as a first-class engineering concern

Plug and Play Design — Head of Technology

November 2014 – August 2021

  • Provisioned and maintained a hosting fleet of 40+ dedicated servers and 30+ virtual servers; monitoring and incident response across the full range
  • Developed internal tooling for automated tasks using Python, Go, Ansible, Terraform, and Packer
  • Managed a team of 4–7 software developers across multiple industry verticals — retail, travel, real estate, events, charity, and SaaS ERP
  • Key technical decision-maker on stack and architecture across all client engagements; translated business requirements into delivery-ready technical specifications

Multiple organisations — Web Development (Java / PHP)

September 2008 – October 2014

Colt Technology Services, GiftsDirect, OSF Global Services, VanRoey Automation NV, Aim4Solution

Certifications

  • OSEP – Offensive Security Experienced Penetration Tester
  • OSWE – Offensive Security Web Expert
  • OSCP – Offensive Security Certified Professional
  • CRTO – Certified Red Team Operator (ZeroPointSecurity)

Pursuing: OSED · CRTL

Education

No formal degree. Equivalent demonstrated through 18+ years of progressive professional experience in software engineering and security engineering. Self-taught engineer with continuous learning via certifications, labs, and hands-on practice.

Professional Standards

All work and research are conducted within authorized environments and sanctioned engagements. Ethical responsibility and legal compliance are foundational to my practice.