Hi, I’m Stu. I make application security practical.
I lead Application Security at Penguin Random House, helping engineering teams ship secure software and AI systems without slowing them down.
$ whoami
Director of AppSec @ Penguin Random House
$ ls ./expertise
appsec/ ai-security/ automation/ threat-modeling/
$
Leadership at a glance
- 100s of appsGlobal AppSec program
Director of Application Security at Penguin Random House: strategy, governance, secure SDLC, and Application Security Posture Management across multiple regions.
- ~80% fasterAI-assisted MR reviews
Built a Merge Request Security Bot that auto-approves low-risk changes and explains risky ones, cutting review bottlenecks while keeping the four-eyes principle.
- < 1 hourThreat models
STRIDE-based threat modeling strategy backed by a custom threat-register MCP server, built to keep sessions focused and fast.
- AI security in production
Guardrails in AWS Bedrock, security reviews of Claude Cowork and M365 Copilot, and secure MCP architecture validated across Claude Code, GitHub Copilot, and ChatGPT Enterprise.