Who am I?

I’ve been in application security for a little over six years. Most of that has been at Penguin Random House, where I’ve moved up the AppSec ladder from senior engineer to where I am now: Director of Application Security.

A main priority for me right now is obviously AI. I lead AI security strategy, which sounds cool – but is very challenging, mostly because security directly conflicts with the value that AI brings: Speed.

I’ve also spent a chunk of the last few years building out an enterprise ASPM, an AI-assisted security bot, and a custom MCP server for threat modeling that takes a half-day workshop down to under an hour.

I’m a builder and developer at heart. The work I’m proudest of is not a security strategy deck – it’s the small thing that quietly removes friction for an engineer. A bot that auto-approves low-risk diffs. A custom, enterprise ASPM that pulls from seven sources so nobody has to chase tickets across them. A home grown scanner that finds vulnerable WordPress plugins across hundreds of sites without lighting them up. That kind of thing.

Before tech, I spent four years as a Senior Aviation Meteorologist in the U.S. Navy, briefing pilots all over the world. It sounds dramatic, but mostly it taught me to read inputs honestly, communicate clearly, and not lose my head when the picture changes.

Outside of work I’ve got four kids, so most of my “free time” gets repurposed. What’s left I usually spend writing small tools, reading too many AI articles, or rabbit-holing on something I have no business spending the weekend on!