I build security programs, developer tooling, weird automation,
open source software, and increasingly elaborate systems designed to
catch Santa. I'm deeply suspicious of manual processes, and mildly
obsessed with elegant systems.
- OWASP Threat Dragon - open source threat modeling, and yes, objectively the cutest mascot in security
- slide-spec - presentations as structured data, built as and for OSS communities
- garak-repo - visualizing, storing, and comparing Nvidia garak runs
- ts-express-framework - because apparently I needed my own TypeScript framework? 🤡
- Santa Detection Control Center - highly classified seasonal surveillance infrastructure. SERIOUSLY, DO NOT LOOK HERE.
Strong opinions, not strongly held. I reserve the right to merge more informed arguments.
- Most manual processes are bugs with social acceptance
- Over-engineering is fine if you're having fun and nobody gets hurt
- It's ok to not take a stance on
tabs v spaces - UX often improves security outcomes
- Building community is harder than building software, but sometimes more rewarding
- Consistent code is cleaner than "clean" code
- If the workaround has users, it is a product now
- Superstition is silly until someone says "it’s only a one-line fix"