$ whoami
Cloud Security Engineer // Toronto
15 years from bare metal to securing cloud infrastructure at scale. I build the security tooling and automation that makes secure defaults the easy path for engineering teams. Through defensive.works I publish Weekly Recon and ship open security tooling, hands-on labs, and two cloud security books.
$ ls projects/ -la
Weekly defensive engineering newsletter. One attack walked through, one detection to ship, one defender move, every Tuesday. defensive.works/recon
Intentionally vulnerable AWS environment for practicing cloud pentesting techniques.
GitHub Actions security scanner. 46 checks, 8 categories, graded reports. scan.defensive.works
Continuous external attack surface discovery and vulnerability scanning across AWS accounts.
Hub and Spoke IAM Roles for AWS multi-account security at scale.
Automatically CDK bootstrap all AWS accounts in an Organization.
Detection rules for investigating security events via AWS CloudTrail Lake.
$ cat writing/
IAM credential theft, lateral movement, incident response. Techniques mapped to MITRE ATT&CK with real CloudTrail detection queries.
Supply chain attacks, CI/CD compromise, code signing, container security. Real-world parallels to SolarWinds, Codecov, and tj-actions.
$ cat certs.txt
$ history --career
─────────────────────────────────────────────
$ _