Skip to content
SecurityStu

Hi, I’m Stu. I make application security practical.

I lead Application Security at Penguin Random House, helping engineering teams ship secure software and AI systems without slowing them down.

$ whoami

Director of AppSec @ Penguin Random House

$ ls ./expertise

appsec/ ai-security/ automation/ threat-modeling/

$

Portrait of Stu

Leadership at a glance

  • 100s of apps
    Global AppSec program

    Director of Application Security at Penguin Random House: strategy, governance, secure SDLC, and Application Security Posture Management across multiple regions.

  • ~80% faster
    AI-assisted MR reviews

    Built a Merge Request Security Bot that auto-approves low-risk changes and explains risky ones, cutting review bottlenecks while keeping the four-eyes principle.

  • < 1 hour
    Threat models

    STRIDE-based threat modeling strategy backed by a custom threat-register MCP server, built to keep sessions focused and fast.

  • AI security in production

    Guardrails in AWS Bedrock, security reviews of Claude Cowork and M365 Copilot, and secure MCP architecture validated across Claude Code, GitHub Copilot, and ChatGPT Enterprise.

Explore