Software Engineer | Backend Systems & Application Security

Software engineer with a growing focus on application security, auditing code and infrastructure for real-world vulnerabilities, hardening production systems, and building tools that surface security risk before attackers do. Background spans backend API architecture, containerized deployments (Docker), CI/CD pipelines, and CMS/CRM systems built on Laravel and Livewire. Currently building OSINT and security-auditing tools (TraceTrellis, SIGIL, VaultCheck) to deepen hands-on AppSec experience alongside years of production backend engineering.

Systems Engineering & Security Case Studies

Latest Writing

Getting Started with DVLA: Run a Vulnerable Laravel Security Lab Locally with Docker

Getting Started with DVLA: Run a Vulnerable Laravel Security Lab Locally with Docker

Set up DVLA, a deliberately vulnerable Laravel 12 app, locally in under 15 minutes. This guide covers the Docker environment, credentials, and the eight vulnerability modules you'll exploit throughout the ArtisanBreach series.

Jul 4, 2026
Stop Leaking Secrets: Audit Your .env Files with VaultCheck

Stop Leaking Secrets: Audit Your .env Files with VaultCheck

Most .env problems go unnoticed until something breaks or worse, leaks. VaultCheck is a PHP CLI tool that audits your environment files and git history for exposed secrets, missing keys, and bad permissions. Run one command and get a prioritized list of what to fix.

Apr 2, 2026

Areas of Proficiency

Application Engineering

Static and dynamic analysis across the PHP/Laravel stack, including type-juggling bypasses, Eloquent mass-assignment flaws, IDOR, and access-control failures. Tooling includes PHPStan/Larastan, Psalm taint analysis, and Nuclei. Direct incident response experience: detection and remediation of a production backdoor with C2 infrastructure, followed by custom file-integrity tooling and nginx hardening across multiple live sites.

Backend Engineering

A decade of production PHP and Laravel development, with Livewire for reactive interfaces. Recurring work includes custom CMS/CRM builds, authentication systems, secure API integrations, and infrastructure management across Linode VPS environments (nginx, PHP-FPM). I build with the assumption that production systems fail through chains of individually defensible decisions, not single obvious mistakes, which shapes how I approach both development and review.

Python
DevOps
MySQL
Laravel
Livewire
Docker
Linux

Secure Application Development

Writing code that treats vulnerability classes as first-class design constraints, not afterthoughts. This means input validation at every trust boundary, mass-assignment and type-juggling defenses baked into the framework layer, and code review that looks for logic flaws OWASP's top ten won't catch on its own.

Database Security & Architecture

Designing scalable database schemas with security baked in: least-privilege access controls, query parameterization to prevent injection, encrypted sensitive fields, and audit-ready logging for compliance-relevant data.

Infrastructure Hardening & DevSecOps

Building the tooling layer that keeps infrastructure honest over time: automated hardening manifests (see SIGIL), file-integrity monitoring, and DevSecOps practices embedded directly into CI/CD pipelines rather than bolted on after deployment.

API Design & Security

Designing and securing APIs for reliable, safe system-to-system communication: OAuth2 and JWT authentication, rate limiting, secrets hygiene (see VaultCheck), and integration with payment, analytics, and third-party platforms.