cloud security / detection engineering / AI security
a passionate security enthusiast and CS student. welcome to my corner of the internet where i document my journey through defensive and cloud security, AI exploitative research, and a couple cool CTFs along the way. if it involves breaking assumptions about how systems behave, i'm probably into it.
most of my time goes into linux environments, cloud infrastructure, detection pipelines, and AI security. i love building things that are hard to break and even harder to exploit. outside of tech i'm either training taekwondo, eating an unreasonable amount of chicken wings, or listening to music way too loud. feel free to reach out if you're into security (or punk rock).
I harden AWS environments against real attack vectors. I work across IAM least-privilege design, S3 misconfigurations, CloudTrail log integrity, and security posture tooling that flags drift before it becomes an incident.
I research how LLMs and agentic systems fail under adversarial conditions. My work spans prompt injection, data exfiltration via tool misuse, and mapping emerging attack patterns to the OWASP GenAI Top 10 and MITRE ATLAS.
I build Splunk detections that hold up in production, not just in a lab. Threat hunting across Windows event logs, Sysmon telemetry, and AD attack chains. Signal-to-noise discipline is non-negotiable.
I analyse adversary TTPs using the MITRE ATT&CK framework, triage vulnerabilities with a CySA+ lens, and run structured OSINT collection via Trace Labs. I connect findings to actionable defensive recommendations.
Working on live cloud infrastructure and security operations at one of the UK's largest investment managers. Real systems, real stakes, commits that actually matter.
Contributing to the Gen AI Threat Intelligence Initiative and Agentic App Security Initiative, building threat models and security guidance for LLM-integrated applications and agentic systems.
Founded and scaled GU HackSoc to 170+ members. Designed and delivered flagship CTF competitions, technical workshops, and industry speaker sessions including a major event with Morgan Stanley featuring a malware analysis talk and custom CTF challenges. Committee member on Tech Society where we co-hosted events with JPMorgan, Morgan Stanley, and SAS.
Triaging and resolving 40+ daily support tickets across Windows/macOS systems, Active Directory account access, Office 365, and network connectivity. Maintained SLA compliance above 90% and reduced repeat tickets by 20% through root-cause analysis and improved user guidance.
Scholarship recipient for this globally distributed, hands-on detection engineering and threat hunting conference. Participated in live lab exercises, threat-hunting workshops, and CTF-style challenges simulating real-world attack and defence scenarios. Worked with detection engineering frameworks, log analysis, query design, and threat-hunting methodologies across simulated enterprise environments.
Selected as 1 of 15 from 11,500+ applicants for BlackRock's Aladdin Technology Spring Week. Led SysOps in a simulated Retrospective Incident Management exercise across Linux systems engineering, configuration management at scale, SRE, and cloud/on-premises infrastructure. Direct exposure to engineering and security at the world's largest asset manager.
Attended the Technology Insight Programme and competed in Morgan Stanley's Cyber Heist simulation, a multi-vector attack scenario on a live financial institution environment. Detected, contained, and neutralised the attack chain to prevent a simulated £60M fraudulent transfer, applying enterprise threat modelling, attack lifecycle analysis, and defensive frameworks end-to-end.
AWS attack simulation and detection framework built around real CloudTrail telemetry. Simulates attacker TTPs across IAM reconnaissance, S3 enumeration, and privilege escalation via PassRole/AssumeRole abuse, then detects those exact behaviours using a rule-based engine with MITRE ATT&CK mapping. Includes a response layer for credential revocation and structured incident reporting.
Production-grade homelab SIEM deployment using Splunk for real-world detection rule development and threat hunting. Detections cover SSH brute-force, file integrity violations, lateral movement patterns, and Active Directory attack chains including Kerberoasting, Golden Ticket, and AS-REP Roasting.
Tool for systematically mapping attack surfaces in LLM-integrated and agentic applications. Cross-references identified risks against OWASP Top 10 for LLMs and the MITRE ATLAS framework, then generates structured threat reports with control recommendations for AI deployment reviews.
Cross-platform monitoring agent tracking DNS queries, file modifications, and unsigned process execution in real time. Python backend feeds a web dashboard with VirusTotal API enrichment on flagged artefacts, structured forensic logging, and alert triage built for lab environments and early-stage detection research.
I'm working on more content covering topics like AI exploits and threat modelling, CTF techniques, and security research methodologies. Stay tuned!
Open to conversations about security engineering, internship opportunities (Summer 2027, US-based), technical writing, and anything in the intersection of cloud, detection, and AI security.
Best reached via email or LinkedIn. I respond in about the time it takes to do 30 pushups, give or take.