Senior security engineer at Meta, working on detection & response. I've spent the last 8+ years across detection engineering, incident response, threat hunting, and cloud — building detection programs from the ground up across federal, healthcare, and now hyperscale infrastructure. These days my focus splits between detection engineering at scale and LLM security: red-teaming the models and agents being deployed everywhere, and figuring out what detection looks like for systems that don't behave deterministically. Based in DC.
This is where most of my time goes now. I'm building AI-powered security operations platforms — RAG pipelines for real-time contextual enrichment, agentic workflows for autonomous investigation and evidence collection, and LLM orchestration for multi-step reasoning and dynamic response. The goal isn't "add AI." It's removing the long tail of manual triage and investigation toil so analysts can spend their time on the calls that actually need human judgment.
It also means thinking about the other side of the equation. LLMs and agents broke a bunch of assumptions security teams used to take for granted — what counts as untrusted input, where the trust boundary lives, what "least privilege" looks like when the thing exercising the privilege is a model making tool calls on its own. The interesting part isn't the high-level threat modeling. It's the specific, reproducible ways these systems fail in production and what you can actually do about them.