Investigating supply chain threats across Github runners with OCSF
What would the perfect Friday security alert look like — and why doesn't it exist? A breakdown of the systems that have to work before any alert can be truly actionable.
Read more →About me
Senior Security Engineer with experience building detection & response programs, application security practices, and cloud security architectures from the ground up.
Skills
GH Analyzer
Analyzes a GitHub repository's workflow files for supply chain security risks. Takes a local repo path (or clones from URL) and outputs a security audit report.
Read more →The Realities of Alert Prioritization
Why textbook alert prioritization frameworks fail in production, and what actually works when you're a team of three staring at 200 daily alerts
Read more →