Security

Specialist in security engineering, hardened toolchains, and the hands-on development of defensive software and automated detection engines.

Overview

Security engineer and hands-on developer operating on the principle of “Defensive Integrity.” While many in the field operate as system administrators, I treat security as a rigorous engineering task. I specialise in building the software, custom clients, and hardened toolchains required to move security from a manual audit check to a programmatic certainty.

Hardened Development & Build-Chain Integrity

I treat the build-chain as the primary defensive perimeter. I build on top of reputable platforms—utilizing RHEL or SLES as the base to engineer hardened, immutable environments. drawing on my experience with BastionLinux, I ensure that the host is observable, defensible, and strictly adheres to enterprise security benchmarks before any application is deployed. My approach is tools-first: I develop the specialised environments and automated “as-code” pipelines required to ensure code is defensible before it hits production.

Supply Chain Engineering & SBOM Notary

I prioritise the programmatic transparency of the software supply chain. I utilise Grype and Syft to generate and audit a Software Bill of Materials (SBOM) for every build cycle. This is a development-led strike that ensures every dependency is vetted, accounted for, and programmatically verified against known vulnerabilities to ensure high-stakes governance and provenance.

Detection & Response

Expert in detection engineering, utilising Wazuh and the Grafana LGTM stack (Loki, Mimir) as a programmable telemetry fabric. I build the custom integrations and active-response scripts that transform raw security events into high-fidelity indicators of compromise (IOCs). I treat security telemetry as a data engineering problem, ensuring the “single pane of glass” is driven by observable, auditable code.