- Reduced medical-device software build times from ~60 minutes to ~5 minutes (~12x) by re-architecting the build pipeline and distributing work across a fleet of self-hosted runners.
- Containerized the build toolchain in Docker for deterministic builds across developer workstations and CI — driving toward full byte-level reproducibility for IEC 62304 verification and FDA submission.
- Implemented SPDX SBOM generation and audit in CI covering every release artifact, aligned with FDA premarket cybersecurity guidance and traceable to upstream CVEs.
- Ran the whole pipeline inside FDA-regulated, IEC 62304-aligned lifecycle constraints — chain-of-custody, access control, traceability, reproducibility, and audit-readiness at every stage — with builds distributed across self-hosted infrastructure under those same controls.
Work
Where I’ve worked and what I’ve shipped.
Independent Research & Applied Security
- Operated distributed scraping infrastructure for a small portfolio of remote clients in ticketing, e-commerce, and competitive intelligence — multi-region collection on the order of millions of events per day, with capture-rate maintained through repeated anti-bot vendor updates.
- Reverse-engineered new anti-bot challenge classes (TLS / TLS-fingerprint, JS challenges, behavioral signals) as they shipped, and rebuilt client collection layers to match without losing throughput.
- Engaged locally with organizations advancing free and open-source software — primarily Futo — on tooling, infra hygiene, and applied-security work in support of FOSS-aligned consumer software.
- Period also covered focused study of regulated-device software lifecycle, build reproducibility, and supply-chain provenance — the foundation that became the EnChannel build-engineering role.
Automatiq
- Owned the scraping platform’s capture rate; the improvements I shipped were credited with roughly $5M in annual revenue.
- Joined as the second platform hire and rebuilt a fragile collection setup — a handful of EC2 boxes — into a distributed platform handling 10M+ collection events a day across Ticketmaster, AXS, and SeatGeek.
- Reverse-engineered Akamai Bot Manager, PerimeterX, and Datadome, and kept collection working through repeated vendor updates that took competitors offline.
- Led the migration from monolithic EC2 to containerized AWS Fargate, cutting infra cost ~60% via auto-scaling and reducing deploy cycles to <5 minutes.
- Co-invented Automatiq’s “transferless” resale primitive (productized as Transferless Delivery) — the company’s IP, built with one other engineer in a matter of days, and one of the things I’m proudest to have shipped there.
- Instead of transferring the ticket out of the seller’s account, it delivers the buyer a secure access link to the live mobile ticket — rotating barcode and all — while the barcode stays in the seller’s primary inventory until it’s scanned at the venue.
- Eliminated the ownership-transfer step that gated competitor business models: near-instant buyer fulfillment with proof-of-delivery logging, scaling to thousands of orders and opening a new revenue line.
- Cut seller-side double-sale and transfer-failure risk in high-volume resale, handled cases full account-to-account transfer couldn’t (hard tickets, partial barcodes, non-ingested POS listings), and integrated with TM Resale and TM+ pending-sale protection.
- Built fault-tolerant, event-driven pipelines on SQS + Lambda + DynamoDB with circuit breakers, exponential backoff, and DLQ-based retry; owned on-call rotation for the scraping platform.
- Stood up observability stack (CloudWatch, Datadog, Logflare), establishing a 1-2 hour post-detection MTTR on a platform that previously had no formal incident-response baseline.
MINDWISE
- Co-founded and architected a real-time threat-intelligence platform protecting cardholder exposure across a portfolio of U.S. financial institutions and major payment processors.
- Identified the Point of Compromise of the Jason’s Deli breach by clustering 170,000+ stolen cards (Joker’s Stash) against merchant-location data; methodology and visualizations published by Krebs on Security.
- Hired and led a team of 4 engineers from initial idea through enterprise rollout; personally authored the core ingestion service in Node.js flagging compromised cards within minutes of appearing on darknet markets via concurrent scrapers capturing listings as they were posted.
- Engineered LexisNexis integration for high-confidence identity resolution, converting partial cardholder data into actionable intel.
- Prevented significant fraud losses for Golden 1 Credit Union through early breach detection.
- Operational partner to the U.S. Postal Service Cybercrime Unit, building vendor-attribution systems with shipping analytics and geospatial triangulation to support federal investigations.
Track4
- Co-founded a threat-intelligence startup and landed First National Bank of Nova Scotia as its first client — the seed that pivoted and grew into MINDWISE.
- Built automated surveillance of the criminal marketplaces where stolen card data changes hands, turning real-time darknet activity into reports the bank could act on before compromised cards were ever exploited.
Gaine Solutions
- Built core components of California’s mandated healthcare provider registry (Sanator Provider Registry) — now the statewide industry standard for cross-agency medical data exchange, per SB137.
- Engineered ETL pipelines and data-quality frameworks over millions of provider records under HIPAA / PII controls; implemented audit trails and governance for secure exchange.
Azorian Cyber Security
- Joined a 3-person red-team cell at 16, executing pentests and web-app vulnerability assessments on enterprise infrastructure with a focus on JavaScript exploitation and auth-bypass classes.
- Built custom Python / .NET tooling for reconnaissance, exploitation, and lateral movement; recovered stolen client assets in multiple engagements by turning adversary infrastructure against the attackers.
Stellar Exploration @ NASA Ames
- Designed and prototyped a Uniform Light Source for infinite-focus lens calibration on a satellite imaging payload (mission-critical component).
- Cross-functional engineering support across electrical and software systems within a 10-engineer team.