Skip to main content

I'm always excited to take on new projects and collaborate with innovative minds.

Location

Cincinnati, Ohio, United States

Social

How I Build

I don't just secure AI—I build with it, and I secure the way I build

AI-augmented engineering with a security engineer's judgment

I ship production systems using AI coding agents daily—inside isolated, reproducible environments with the same threat-modeling, review gates, and audit discipline I bring to client systems. Speed from automation; trust from judgment.

Build Philosophy

How AI-augmented building stays accountable

Correctness > security > speed

AI accelerates the work, but nothing ships on velocity alone. Output is judged on whether it is correct, secure, and maintainable—then fast.

Judgment over volume

Generating code is cheap; deciding what is worth shipping is not. I treat agent output as a proposal to be reviewed, threat-modeled, and tested—never as a finished answer.

Reproducible & reviewable

Every environment and change is defined as code so it can be rebuilt, reviewed, and audited. If it can't be reproduced and explained, it isn't done.

The Build Loop

From idea to shipped—securely

Plan

Spec, constraints, acceptance criteria before any code.

AI-assisted build

Agent-assisted implementation inside an isolated workspace.

Guardrails & review

Threat-model, self-review the diff, run lint/tests.

Ship

Small, atomic commits with a clear, reviewable history.

Verify

Confirm against acceptance criteria; capture evidence.

The Isolated Workspace

Browser-streamed, ephemeral, agent-ready

I develop inside reproducible, browser-isolated workspaces built on Kasm Workspaces with Cursor IDE and Kali/Ubuntu variants. Environments are defined as Docker images and roll out consistently—no local machine sprawl, no snowflake laptops, and a clean blast radius for agent-assisted work.

Browser isolation

Workspaces stream to the browser; the dev environment stays off the local host.

Ephemeral & reproducible

Images are rebuilt from source, so a workspace is disposable and consistent.

Scoped access

Each workspace gets only the access its task needs.

Review gates

Agent-assisted changes are reviewed and tested before they leave the workspace.

Deep dive: the Kasm + Cursor workspace framework

Guardrails & Judgment

Keeping AI-assisted code audit-ready

Threat-model the change

Untrusted input, injection, secrets, and access paths are considered before merge—not after an incident.

Human review of every diff

I read what the agent wrote. Nothing merges that I can't explain and defend in review.

Tests, lint, typecheck

Automated gates run on changes so regressions surface before deploy, not in production.

No secrets in code or logs

Credentials live in env/secret managers; telemetry is structured and redacted.

Stack at a Glance

The tools behind the practice

Cloud & Platform
Microsoft AzureAzure Computer Vision APIAzure Image RecognitionAzure Container Instances (ACI)Azure Blob StorageAzure AIAzure Kubernetes Service (AKS)DockerContainerizationVirtual Machines (VMs)Network SegmentationLoad BalancingFailover ArchitectureGoogle Workspace APIGoogle Drive APIKasm WorkplacesReverse ProxyNvidia GPU Management
Security
Cloud SecurityPrivileged Access Management (PAM)Vulnerability Management (OpenVAS, NESSUS)Audit RemediationPCI DSSNetwork SecurityLDAPKerberosAI SecurityAI Security & AlignmentCompliance Management (HIPAA)Secure File ManagementAccess Control & RBACData Security & PrivacyWebhook SecurityContainer SecurityCustom GuardrailsSecure API DesignBearer Token AuthenticationAudit LoggingSession ManagementCredential EncryptionAuthentication & AuthorizationDevice Login Authentication2FA WorkflowsEphemeral Data HandlingIAM Integration
Development
Python (FastAPI)Python (Flask)TypeScriptNode.jsPlaywrightPower AutomateSharePointAPI IntegrationRESTful API IntegrationAzure DevOpsN8NShell ScriptingWeb Application DevelopmentGoogle SitesOpen Web UILight LLMModel Context Protocol (MCP)WebhooksFirefly AIAPI GatewayAzure CLIAzure Management APIApache GuacamoleSQLitePostgreSQLHealth ChecksAPI DocumentationStreamlit
AI
Generative AILarge Language Models (LLMs)AI Security & EthicsAI for Social ImpactAI-Powered Platform DevelopmentImage ProcessingFacial RecognitionVector StoresCost OptimizationRate LimitingCustom GuardrailsAI Gateway ArchitectureOpenAI APIAnthropic ClaudePerplexityGoogle RAGOllamaCost TrackingReal-time Infrastructure QueryingExecutive Reporting

AI-Augmented Build Practice

I operate AI coding agents daily—and apply the same threat-modeling to my own toolchain that I bring to client systems. My public build activity lives on Cursor.

View my build practice on Cursor

Let's Build Securely Together

If you need secure AI, IAM/PAM, or resilient automation built the way it's described here—reproducible, reviewed, and audit-ready—let's talk.