I work in security engineering and incident response, focused on understanding how real systems fail under attack and building systems that surface meaningful signal from noisy telemetry.
My work sits at the intersection of security, operations, and applied AI engineering, where investigation, automation, and machine learning come together to improve decision-making under real-world constraints.
- Building LLM-powered systems for summarization, classification, and decision support across high-volume telemetry
- Developing retrieval-augmented generation (RAG) pipelines over structured and unstructured data
- Designing ML models for anomaly detection, triage, and prioritization in noisy, real-world datasets
- Focused on production-oriented AI systems: APIs, pipelines, and decision-support workflows under real-world constraints
- Applying security-driven thinking, including threat modeling, adversary simulation, and resilient system design
- Improving observability, telemetry quality, and signal extraction in complex distributed environments
- Designing policy-driven, auditable controls that integrate directly into engineering workflows
NLP-driven system for security alert triage (Python, Jupyter)
- Applies text classification, feature extraction, and structured model evaluation to improve alert triage
- Designed to support analyst decision-making with transparent, reproducible workflows
- Focused on measurable signal quality over black-box automation
➡️ https://github.com/texasbe2trill/AlertSage
AI-powered knowledge system for extracting insight from personal reading data (Python, Streamlit, NLP, LLMs)
- Transforms KoboReader.sqlite into structured, queryable intelligence across highlights, notes, and reading behavior
- Implements NLP and LLM-based pipelines for summarization, classification, and pattern detection
- Designed as a local-first AI system with transparent, explainable outputs
➡️ https://github.com/texasbe2trill/KoNotes
Policy-as-code system for secure workflows and access decisioning (Go, CLI)
- Defines and enforces access policies across services and sensitive resources using version-controlled policy definitions
- Evaluates requests with deterministic outcomes (allow, deny, require_approval) for consistent, auditable decisions
- Standardizes how access and privilege boundaries are enforced across engineering environments
- Produces traceable decision artifacts supporting audit, compliance, and incident investigation
- CLI workflows for policy validation, simulation, and impact analysis before deployment
➡️ https://github.com/texasbe2trill/policyforge
Context-aware macOS security assessment tool (Python, CLI)
- Performs fast trust evaluation across applications, launch items, and system controls
- Reduces false positives by recognizing legitimate vendor and administrative patterns
- Built for practitioners who need accurate, explainable results under time pressure
➡️ https://github.com/texasbe2trill/macos-trust
- Languages: Python, Go, R, Bash, Swift
- AI Systems & Machine Learning: PyTorch, NLP, embeddings, LLMs, RAG, model evaluation, applied statistics
- Security Engineering: Threat modeling, incident response, adversary simulation
- Governance & Controls: Policy-as-code, control design, risk-based decisioning, auditability, compliance alignment (NIST, ISO, SOC 2)
- Systems: Linux, APIs, distributed systems, observability, telemetry, automation
I build security, governance, and AI systems with a focus on:
- Evidence-driven decisions — signals, models, and controls should be measurable, testable, and auditable
- Engineering-aligned governance — controls should integrate into real workflows
- Operational resilience — systems must hold up during incidents, audits, and scale
- Practical simplicity — solutions should be understandable, enforceable, and maintainable
