Cloud infrastructure, security, and enterprise strategy. 4+ years advising Fortune 500 clients at AWS and JPMorgan. I build things — professionally and for fun.
Pursuing M.S. in Cybersecurity and Information Assurance. Completing coursework in network security, cloud security, and information governance via WGU's competency-based model.
Designed AWS infrastructure for mission-critical banking applications under strict SOC 2 and PCI-DSS compliance. Built multi-region VPC architectures with Terraform. Managed KMS, Secrets Manager, and IAM for sensitive financial data across multi-AZ deployments.
Primary trusted technical advisor for 100+ B2B enterprise clients across the full cloud adoption lifecycle. Led architecture workshops, whiteboarding sessions, and executive-level presentations. Developed reference architectures and automation that improved client self-service capabilities.
L2/L3 enterprise support for 800+ Fortune 500 clients in 24x7 on-call capacity. Consistently top 10% for CSAT and MTTR. Built Python and Bash automation tools to reduce manual toil and accelerate incident response.
Frontline technical support diagnosing and resolving customer connectivity issues across DSL, cable, and fiber infrastructure. Maintained SLA compliance across high-volume queues.
Full-featured daily planning app with task priorities, study timer, idea capture, water tracking, and cross-device sync. Built with Claude as a reasoning partner — shipped as a non-native developer.
View app →Created and published a workshop on the AWS Workshops platform to accelerate enterprise adoption of Amazon Q and generative AI capabilities. Led multiple customer sessions.
Designed and deployed this portfolio on Cloudflare Pages with Terraform-managed infrastructure. Built and compared both a Cloudflare and an AWS variant to understand the deployment tradeoffs firsthand.
GitHub →Picked it up and immediately started thinking about what needed to change. Same thing I do with infrastructure — understand the system first, then improve it.
Windscreen, bar ends, mirrors, red accents, suspension dialed in. Still ongoing — there's always something to tune, upgrade, or understand better. That's the point.
Went from skeptic to hands-on builder. Today's Plan is a real deployed app. This site is another. The pattern is the same as the motorcycle — you learn by doing, not by reading about it.
WGU competency-based program. Network security, cloud security, information governance. Treating it the same way I've approached everything else — as deeply as it takes.
Maps every hop between you and a destination — diagnose where packets are being dropped, delayed, or rerouted.
Fixes a flaw in classic traceroute — uses consistent flow IDs so ECMP load balancers don't return misleading paths. More accurate on modern networks.
NAT-aware multipath traceroute that detects ECMP load balancing across different network paths — standard traceroute misses this entirely.
Combines ping and traceroute into a live continuously-updating view — shows per-hop packet loss and latency in real time. Better than either tool alone.
Query DNS servers directly — look up A, AAAA, MX, TXT, NS, CNAME records, trace delegation chains, and debug propagation issues.
Windows DNS query tool — look up records and switch between resolvers to verify DNS across different nameservers.
Traces the full DNS delegation chain from root servers down to the authoritative nameserver — useful for debugging misconfigured zones.
Make raw HTTP/HTTPS requests from the command line — inspect headers, test endpoints, debug APIs, and verify TLS without a browser.
Human-friendly HTTP client — cleaner syntax than curl, colored output, JSON-aware. Better for API debugging and testing REST endpoints interactively.
Measures actual network throughput between two points — find out how much bandwidth you really have, not what the spec says.
The TCP/IP swiss army knife — open raw connections, test port reachability, transfer files, create simple servers and proxies.
More powerful than netcat — bidirectional data relay between almost any two endpoints: TCP, UDP, UNIX sockets, SSL, files, stdin.
Python library for crafting, sending, and dissecting network packets at any layer — build custom protocols, fuzz inputs, and test network behavior.
Show active connections, listening ports, and socket states — confirm a service is bound to the right port and interface.
Real-time bandwidth monitoring per connection (iftop) or per process (nethogs) — find out exactly what's consuming your network.
Basic reachability and latency. pathping (Windows) combines ping and tracert — shows per-hop latency and packet loss percentages together.
Capture live network traffic at the packet level — the deepest diagnostic available. Prove what's actually on the wire vs. what the app thinks is happening.
GUI packet analyzer (Wireshark) and its CLI equivalent (tshark) — dissect protocols at every layer, filter traffic, follow TCP streams, and inspect TLS handshakes.
grep for network traffic — search packet payloads with regex patterns. Useful for finding specific strings in HTTP or unencrypted traffic.
Captures and reassembles TCP streams into readable files — reconstructs full HTTP sessions and data transfers from a packet capture.
From the nmap project — send custom TCP, UDP, ICMP, and ARP packets. More control than ping for testing specific ports and protocols.
Network scanner — discover hosts, open ports, services, OS fingerprints, and run vulnerability scripts. The first tool in any security assessment.
Web server scanner — checks for dangerous files, outdated software, misconfigurations, and common vulnerabilities across thousands of signatures.
Web application security scanner — automated and manual testing for XSS, SQL injection, CSRF, and OWASP Top 10 vulnerabilities.
Full vulnerability management platform — scan networks for CVEs, misconfigurations, and compliance issues. Open source alternative to Nessus.
Web application penetration testing platform — intercept and modify HTTP/S traffic, fuzz parameters, scan for vulnerabilities, and replay requests.
Penetration testing framework — exploit known vulnerabilities, test defenses, and validate patching. Essential to understand even if you're on the defensive side.
Tests SSL/TLS configurations — finds weak ciphers, expired certs, BEAST, POODLE, Heartbleed, and other TLS vulnerabilities from the command line.
Fast TLS/SSL analyzer — scans cipher suites, certificate validity, OCSP stapling, and protocol support. Scriptable and good for automation.
Inspect TLS handshakes, verify certificates, and test SSL connections at the raw protocol level — the most direct way to debug TLS issues.
Monitors log files and automatically bans IPs that show malicious behavior — brute force SSH, HTTP attacks, and anything you can write a regex for.
AWS security best practices assessment tool — audits hundreds of controls across CIS, NIST, SOC2, PCI-DSS, and GDPR frameworks against your AWS account.
Multi-cloud security auditing tool — assesses AWS, GCP, and Azure configurations and surfaces misconfigurations as a browsable HTML report.
Query cloud infrastructure with SQL — run SELECT statements against AWS, GCP, and Azure resources. Powerful for auditing and compliance checks.
Securely stores and rotates AWS credentials — vaults credentials in the OS keychain and injects temporary STS tokens so you never store long-lived keys in plaintext.
Scans git history and filesystems for secrets — API keys, passwords, and credentials accidentally committed to repos. Run before every push to a public repo.
Git hook that prevents committing secrets — scans staged files for patterns matching AWS keys, passwords, and custom patterns before every commit.
Modern, fast, minimal VPN — simpler than OpenVPN, faster than IPsec, and small enough to audit. The protocol the industry is converging on.
Battle-tested SSL/TLS VPN — widely deployed in enterprise environments. More complex than WireGuard but extremely configurable and well-understood.
Encrypt and forward traffic through an SSH connection — local port forwarding, remote forwarding, dynamic SOCKS proxy. Built into every server.
Transparent proxy VPN over SSH — routes traffic through an SSH connection without needing root on the remote server or installing VPN software.
Wraps any plain TCP service in TLS — add SSL to a service that doesn't support it natively without modifying the application.
Full programmatic access to every AWS service — provision resources, query state, and automate operations without touching the console.
Define infrastructure as code and apply it consistently across environments. Plan before you apply — see exactly what will change before anything touches production.
Direct Python SDK for AWS — build automation, custom tooling, and anything the CLI doesn't expose cleanly.
Google Cloud's command-line interface — manage compute, storage, networking, and IAM across GCP projects.
Primary reference for every AWS service — API specs, CLI reference, Well-Architected guides, and whitepapers. Knowing how to navigate it fast is a skill in itself.
Google Cloud reference docs — product guides, API references, and the architecture center with reference patterns.
Microsoft Azure's command-line interface — manage VMs, networking, storage, and IAM across Azure subscriptions. Familiar patterns for anyone who knows AWS CLI or gcloud.
Microsoft's reference docs for Azure — product guides, architecture center, Well-Architected Framework, and the Azure CLI reference. Particularly relevant for hybrid and enterprise environments.
Open to new opportunities, architecture conversations, and interesting problems. Based in Austin — available remotely or in person.
Download resume