Least privilege. Maximum curiosity.
Curious by nature, paranoid by profession. I'm drawn to the security problems that don't have a checkbox - where you have to understand the system deeply before you can reason about what could go wrong. I build controls, chase edge cases, and document the gotchas so the next person doesn't hit the same wall. I write things down so future me doesn't have to figure them out twice. That's mostly what this site is.
This site - a security-first personal portfolio and digital garden built on Astro, Tailwind, and AWS. Designed with least-privilege from the ground up: GitHub OIDC deploy role, CloudFront OAC, SSE-KMS, and a living D3-force knowledge graph for the lab.
A personal memory layer for agentic AI that persists context across sessions and projects. mTLS end-to-end (ACM client cert + Lambda cert pinning), recall enforced at the hook layer so the model cannot skip it, semantic search via Bedrock Titan Embed v2 and S3 Vectors. Zero plaintext key material ever written to disk.
An AI agent autonomously deleted my AWS SSO instance during a greenfield identity migration, and the cascading failures taught me more about agentic guardrails than any documentation could.
How I unified Gemini CLI and Claude Code into a single high-integrity environment with autonomous background auditing and organic memory.
How I built a personal memory layer for Claude Code in a weekend - the architecture decisions, the wrong turns, and what the collaboration actually looked like.