resume

Systems work across AI security, platform delivery, and cloud architecture.

I work best when the system is bigger than one feature: releases need guardrails, AI workflows need evidence, security findings need practical fixes, and architecture decisions need to survive production pressure.

View artifactsDownload CVContact
SignalArizona State University, B.S. Computer Science, 2019 - 2023.
SignalDevOps engineering experience at Dyson with cloud delivery, CI/CD, observability, and Kubernetes operating habits.
SignalCybersecurity engineering experience at Twilio across application risk, control design, evidence handling, and remediation workflow.
SignalBuilds AI systems with operational controls included: evals, traces, policy checks, logging, rollback, and cost visibility.
SignalRuns authorized bug bounty research around access control, mobile/API behavior, auth edge cases, and triage-ready evidence.

timeline

Experience

Recent work is written around the parts that matter after launch: ownership, observability, control design, and recovery.

2024 - 2025

Cybersecurity EngineerTwilio

Security engineering work across application flows, cloud risk, control design, and evidence handling, with emphasis on turning technical findings into remediation paths engineers could own.

  • Reviewed authentication, authorization, data exposure, and abuse-case paths through the lens of how services behave in production.
  • Helped convert security observations into practical guardrails, runbooks, and fix language instead of leaving teams with vague risk statements.
  • Worked with telemetry, service ownership, incident context, and release realities while keeping private details out of public artifacts.
  • Kept security communication bounded: what is affected, what is proven, what is not claimed, and what should change.
2023 - 2024

DevOps EngineerDyson

Cloud and delivery work around deployment pipelines, Kubernetes operations, build hygiene, observability, and the production habits that make services safer to change.

  • Worked on CI/CD and environment workflows with attention to release promotion, repeatability, rollback, and operational readiness.
  • Supported container and Kubernetes-style operations with service visibility, practical runbooks, and ownership boundaries.
  • Improved the quality of troubleshooting signals across application and infrastructure layers so issues were easier to isolate.
  • Built documentation and handoff notes around real operator questions: what changed, what failed, who owns it, and how to recover.
2024 - Present

Vulnerability ResearcherBug Bounty and HackerOne Programs

Authorized vulnerability research outside day-to-day work, focused on access-control boundaries, mobile/API behavior, auth state transitions, and proof packages that can survive triage.

  • Builds attacker/victim/object matrices for authorization testing instead of stopping at one-off suspicious responses.
  • Separates local-only behavior, expected denial, backend impact, and reportable exposure before writing a claim.
  • Focuses on access control, auth state transitions, exposed cloud capabilities, mobile/API surfaces, and business workflow abuse.
  • Turns raw testing into triage-ready evidence: request pairs, denied controls, impact narrative, remediation notes, and clear non-claims.
  • Keeps public portfolio material sanitized: no target secrets, private reports, unsafe technical detail, or customer data.

degree

Education

  • 2019 - 2023

    B.S. Computer Science, Arizona State University

    Bachelor of Science in Computer Science, Arizona State University. Computer Science foundation in software engineering, data structures, algorithms, systems thinking, and the discipline behind building maintainable production software.

capabilities

Capability map

The profile is strongest as a combination: secure architecture, production platform work, and AI systems with enough telemetry and policy to be trusted in the real world.

AI / LLM

  • OpenAI API
  • RAG
  • Agents
  • Prompt risk
  • Evals
  • Trace review
  • LLMOps
  • Tool governance

Security

  • Threat modeling
  • OWASP
  • Pentest evidence
  • Access control
  • API security
  • Hardening
  • HackerOne

Cloud / DevOps

  • Kubernetes
  • Docker
  • CI/CD
  • Observability
  • IaC
  • SLOs
  • Release and rollback

Architecture

  • Solution design
  • IAM
  • Service boundaries
  • Runbooks
  • ADRs
  • Risk registers
  • Stakeholder handoff

proof links

Work that backs the resume

  • secure AI architectureAI Security Control Plane

    A production-oriented design for routing model traffic through identity-aware policy, retrieval checks, tool permissions, eval gates, logs, and replayable incidents.

    Open artifact
  • platform deliveryKubernetes Delivery Platform

    A delivery model for services that need predictable builds, Kubernetes readiness, progressive rollout, observability, ownership, and rollback instructions.

    Open artifact
  • authorized security researchPentest Evidence Workflows

    A report-building workflow that turns scoped testing into defensible evidence: request pairs, object-boundary checks, denied controls, impact notes, and remediation language.

    Open artifact