CISO at Cadence Health. I work at the intersection of technology, law, and governance—building secure, resilient systems while aligning risk, compliance, and product execution with business and societal outcomes.
An IETF Internet-Draft proposing a phishing-resistant phone number attestation mechanism for multi-factor authentication. Using origin-bound cryptographic challenges similar to WebAuthn, this protocol ensures users only attest phone number ownership to legitimate applications, mitigating SMS-based phishing attacks.
Read DraftIn my 2025 SEV0 talk, I describe how Plaid implemented a pre-incident framework to de-risk major changes, both by catching mistakes early, and increasing responder effectiveness when incidents do happen.
Watch TalkIn my 2024 SEV0 talk, I explain my philosophy on making small incidents a big deal; this decreases inhibitions to report anomalous symptoms, creates better investigation processes, and helps spot larger patterns before they become larger incidents.
Watch TalkI was able to leverage EKS to deploy Spark applications at scale to support Lacework's security analysis workloads. My collaboration with the EKS team resulted in a significant cost savings and reliability improvement for Lacework's batch architecture.
Read MoreAn analysis of Canada's proposed AI Act from the perspective of an AI engineer. Ranked in SSRN's Top-10 lists for Innovation & Regulatory Law & Policy and Innovation & Cyberlaw & Policy articles.
Read MoreI like to work with, invest in, and advise companies that are building the next generation of infrastructure, AI technology, and compliance systems. My focus is on teams shaping how software is built, secured, and governed — not just today, but in the years ahead:
If you're interested in collaborating or just want to connect, feel free to reach out.
LinkedIn