Software Engineer | Backend Systems & Application Security
Software engineer with a growing focus on application security, auditing code and infrastructure for real-world vulnerabilities, hardening production systems, and building tools that surface security risk before attackers do. Background spans backend API architecture, containerized deployments (Docker), CI/CD pipelines, and CMS/CRM systems built on Laravel and Livewire. Currently building OSINT and security-auditing tools (TraceTrellis, SIGIL, VaultCheck) to deepen hands-on AppSec experience alongside years of production backend engineering.
Systems Engineering & Security Case Studies
TraceTrellis
A full-stack OSINT platform that aggregates 16 data sources in parallel, breach records, domain security posture, SSL, open ports, and more.
SIGIL
A manifest-driven infrastructure hardening engine for LEMP stacks. Generates auditable, reproducible hardening scripts from a declarative YAML manifest.
VAULTCHECK
A CLI tool that audits the hygiene and risk posture of how secrets and environment variables are managed, reasoning about the full lifecycle of how secrets enter, drift, leak, and go stale.
Latest Writing
Getting Started with DVLA: Run a Vulnerable Laravel Security Lab Locally with Docker
Set up DVLA, a deliberately vulnerable Laravel 12 app, locally in under 15 minutes. This guide covers the Docker environment, credentials, and the eight vulnerability modules you'll exploit throughout the ArtisanBreach series.
Stop Leaking Secrets: Audit Your .env Files with VaultCheck
Most .env problems go unnoticed until something breaks or worse, leaks. VaultCheck is a PHP CLI tool that audits your environment files and git history for exposed secrets, missing keys, and bad permissions. Run one command and get a prioritized list of what to fix.
Areas of Proficiency
Application Engineering
Static and dynamic analysis across the PHP/Laravel stack, including type-juggling bypasses, Eloquent mass-assignment flaws, IDOR, and access-control failures. Tooling includes PHPStan/Larastan, Psalm taint analysis, and Nuclei. Direct incident response experience: detection and remediation of a production backdoor with C2 infrastructure, followed by custom file-integrity tooling and nginx hardening across multiple live sites.
Backend Engineering
A decade of production PHP and Laravel development, with Livewire for reactive interfaces. Recurring work includes custom CMS/CRM builds, authentication systems, secure API integrations, and infrastructure management across Linode VPS environments (nginx, PHP-FPM). I build with the assumption that production systems fail through chains of individually defensible decisions, not single obvious mistakes, which shapes how I approach both development and review.





