$ whoami
Senior Infrastructure Security Engineer
10+ years securing cloud & hybrid environments across architecture, IAM, AppSec, and automation.
I'm a Senior Infrastructure Security Engineer with over a decade of hands-on experience hardening cloud and hybrid environments. My work spans cloud security architecture, identity and access management, application security reviews, and security automation across AWS, Azure, and GCP.
My focus: bridging the gap between engineering velocity and security rigor to design platforms that are secure by default, compliant by design, and resilient under pressure.
Detection engineering and SIEM/SOAR integration across AWS, Azure, and GCP. End-to-end cloud security architecture from landing zone to workload.
Cloud security architecture and identity guardrails. Designing secure-by-default platforms with least-privilege principles baked in from day one.
Navigating complex regulatory landscapes. I design controls and evidence workflows that satisfy auditors while minimising engineering overhead.
OWASP-based application security reviews and Burp Suite-driven assessments. Vulnerability triage, remediation guidance, and developer enablement.
Scripting and automating security workflows so engineers can ship fast without cutting corners. Turning manual toil into reliable, repeatable pipelines.
End-to-end VM program design: scanning, prioritisation, SLA tracking, and remediation workflow orchestration across hybrid environments.
A security-hardened fork of Agent Zero adapted for self-hosted corporate deployment. 25 CVEs patched, auth hardening, WebSocket protection, per-agent model selection, and an upstream-mergeable architecture.
Hands-on 3D printing work on a Bambu Lab X1 Carbon, focused on functional parts, fast iteration in Fusion, and reliable print workflows across PLA, PETG, and ABS.
Technical build log of hardening an OpenClaw gateway on AWS, including auth consistency fixes, safe remote access patterns, and repeatable S3/CloudFront deployment operations.
Technical implementation of a Teams-integrated internal security copilot using retrieval over approved policy content, including grounding controls and operational pitfalls.
Reworked log analysis functionality to minimise data scanning, reduce associated expenses, and accelerate security investigation workflows.
What I hardened when deploying Agent Zero in a corporate environment: disabling the RFC endpoint, adding a skill approval workflow, locking down the browser agent, and hardening Docker.
A practical, field-tested checklist for securing self-hosted OpenClaw deployments with clear boundaries, validation steps, and incident-ready controls.
The exact hardening sequence I run before exposing any service: auth, network scope, IAM, secrets, logging, rollback, and post-exposure validation.
What actually held up in my functional print workflow on a Bambu X1 Carbon, and where PLA, PETG, and ABS failed under real usage constraints.
Open to interesting roles, collaborations, and conversations around cloud security, infrastructure hardening, or anything in between.