AI Red Teamer & Automation Architect - Portfolio Website
I am an AI Red Teamer and Automation Architect operating at the critical intersection where generative AI innovation meets offensive security. I don't just build agents I systematically identify logical breaking points, data flow leakages, and orchestration vulnerabilities before they manifest as business critical incidents.
I specialize in comprehensive AI security audits. My approach begins with a forensic dive into existing business processes to pinpoint attack surfaces, followed by the development of bespoke automation primarily in Julia, Bash, Bun and Python for adversarial threats.
Case Studies
-
OpSyncAI Red Team Report - Technical analysis of a critical multi-agent orchestrator vulnerability chain (CVSS 9.3) that bypasses intent verification through persona adoption attacks, enabling unauthorized extraction of CRM schemas, weaponization of content engines with stealth payloads, and persistent brand poisoning via axiomatic truth injection.
-
PrismGPT Variable Substitution Jailbreak - Technical dissection of a critical prompt injection vulnerability (CVSS 9.8) that bypasses AI alignment guardrails through semantic obfuscation and token smuggling techniques, demonstrating complete safety protocol deactivation via variable re-mapping attacks.
Open Source
- AutoGenStudio-Custom-Agents - Custom agents for AutoGen Studio with specialized tools and configurations for enhanced human-in-loop conversations.
- AnythingLLM-Custom-Agents - A collection of custom AnythingLLM agents designed for automation and knowledge retrieval workflows.
I follow an evidence-first methodology for all security engagements: TRACE → BREACH → IMPACT → PROOF.
- Adversarial Testing for LLM Systems: Black-box audits of AI agents and multi-agent systems. I don't just find vulnerabilities; I demonstrate business impact through reproducible attack chains.
- Prompt Injection & RAG Risk Analysis: Forensic analysis of Retrieval-Augmented Generation pipelines, mapping trust boundaries where data flows break down.
- Agent Architecture & Trust Boundaries: Identifying handoff failures, tool authorization bypasses, and escalation pathways in autonomous agentic workflows.
- Bespoke Automation & Hardening: Crafting tailored security frameworks in Julia and Python that provide mathematical precision and high-performance probes for logic validation.
- Cloud & DevSecOps: Architecting secure, scalable cloud solutions (AWS, Azure, GCP) using infrastructure-as-code (Terraform/Ansible) to ensure automation scales without expanding the attack surface.
Agentic Security Audits (AI Red Teaming) - Learn More
- Black-box security audits for AI agents and multi-agent systems
- Evidence-first findings with reproducible PoCs (TRACE → BREACH → IMPACT → PROOF)
- No code access or prompt sharing required
- Trust-boundary mapping and OWASP LLM Top 10 alignment
- Accelerated and deep engagement packages available
- Executive Summary: High-level risk narrative and business impact analysis.
- Vulnerability Manifest: Technical deep-dives with reproducible PoCs (Evidence of Breach).
- Trust-Boundary Map: Visualizing the weakest points in your agentic orchestration.
- Remediation Roadmap: Specific code snippets and architectural changes to close the loop.
- The Julia Advantage: High-speed security probes tailored to your specific RAG pipeline logic.
- Schedule a Call - Book a consultation to discuss your audit needs
- Email - Direct contact for inquiries
- B.S. Cybersecurity, Western Governors University
- CompTIA Security+ (2023) - Foundational cybersecurity knowledge and skills.
- CompTIA Network+ (2023) - Expertise in networking concepts and infrastructure.
- CompTIA A+ (2022) - Proficiency in IT hardware and software technologies.
| Category | Technologies |
|---|---|
| Core Languages | Python (Expert), JavaScript/TypeScript (Advanced), Bash/Shell Scripting (Advanced), Julia (Intermediate), PowerShell (Intermediate), Go (Golang) (Intermediate) |
| Web Development | Flask, FastAPI, Django, Express.js, Next.js, React, Tailwind CSS, GraphQL, gRPC, Pydantic, Zustand, TanStack Query |
| Security Frameworks | pwntools, Impacket, Scapy, Requests, Beautiful Soup, Selenium, Playwright, WebSockets, Frida, MobSF |
| Data Engineering | Pandas, NumPy, SQLAlchemy, PySpark, Apache Airflow, Dask, pgvector, ChromaDB, Pinecone, Weaviate, Qdrant |
| Testing Frameworks | pytest, unittest, Robot Framework, Cypress, Postman, Locust, LangSmith, Phoenix (Arize), Ragas |
| Category | Technologies |
|---|---|
| AI Development | LangChain, AutoGen & AG Studio 0.4, Ollama, AnythingLLM, LlamaIndex, Transformers, TensorFlow, PyTorch, Keras, Prompt Engineering, RAGTools.jl, PromptingTools.jl, Tesseract.jl, CrewAI, SuperAGI, Composio, Microsoft Copilot 365, Google Gemini API, Anthropic Claude API, Mistral AI API, Groq, vLLM, LoRA/QLoRA, Unsloth, BentoML, Ray Serve |
| Computer Vision | OpenCV, PyAutoGUI, Puppeteer, Selenium, Playwright, ImageAI, YOLO, DALL-E API, Stable Diffusion API |
| Workflow Automation | Power Automate, N8N, Zapier, Make (Integromat), Apache Airflow, Prefect, Luigi, Task Scheduler, Automator (macOS), AutoHotkey, GitHub Actions (Advanced Patterns) |
| Browser Automation | Puppeteer, Playwright, Selenium, Cypress, WebdriverIO, Nightmare.js, CasperJS, Cheerio |
| Category | Technologies |
|---|---|
| Network Scanning | Nmap, Masscan, Netcat, Nessus, OpenVAS, Autorecon, RustScan, Advanced Port Scanner, Caido |
| Vulnerability Assessment | Burp Suite Professional, OWASP ZAP, Nikto, Wpscan, Sqlmap, Nuclei, Trivy, Bandit, Semgrep, Checkmarx, Acunetix, Snyk, Sonarqube |
| Exploitation Frameworks | Metasploit Framework, Caido, pwntools, Impacket, BeEF, Social-Engineer Toolkit (SET), Empire, eBPF, Falco |
| Password Cracking | Hashcat, John the Ripper, Hydra, THC-Hydra, Medusa |
| Web Application Testing | Burp Suite, OWASP ZAP, DirBuster, FFuF (formerly FFuf), Gobuster, Dirsearch, Arjun, ParamSpider, Nuclei |
| Post-Exploitation | Mimikatz, BloodHound, Sharphound, PowerSploit, Empire, Covenant, Sliver, PoshC2, LinPEAS, WinPEAS, Sherlock, Sherlock2 |
| Wireless Security | Aircrack-ng, Kismet, Wireshark, tcpdump, BetterCAP, Wifite |
| Forensics & Analysis | Volatility, Autopsy, Sleuth Kit, Wireshark, NetworkMiner, FTK, X-Ways Forensics, Bulk Extractor, ExifTool |
| Cloud Security | Prowler, Checkov, CloudSploit, AWS Security Hub, Azure Security Center, Google Cloud Security Command Center, HashiCorp Vault, Doppler, AWS Secrets Manager |
| Category | Technologies |
|---|---|
| Cloud Platforms | AWS (EC2, S3, Lambda, CloudWatch, RDS, VPC, IAM, CloudFormation, ECS, EKS, CloudTrail), Azure (VMs, Blob Storage, Functions, Monitor, AD), GCP (Compute Engine, Cloud Storage, Cloud Functions, BigQuery, Kubernetes Engine) |
| Containerization | Docker, Kubernetes, Podman, Docker Compose, Rancher, Nomad, gVisor, Firecracker |
| Infrastructure as Code | Terraform, Ansible, Pulumi, CloudFormation, Chef, Puppet, SaltStack |
| CI/CD & Build Tools | GitHub Actions, GitLab CI, Jenkins, CircleCI, Argo CD, Flux, Tekton, Maven, Gradle, npm, yarn, OIDC integration |
| Monitoring & Logging | Prometheus, Grafana, ELK Stack (Elasticsearch, Logstash, Kibana), Splunk, Datadog, New Relic, Graylog, Fluentd, Loki, OpenTelemetry (OTel), Jaeger, Tempo |
| Category | Technologies |
|---|---|
| Network Protocols | TCP/IP, UDP, HTTP/HTTPS, DNS, DHCP, SNMP, SSH, FTP/SFTP, SMTP/IMAP/POP3, BGP, OSPF, RIP, VLAN, VXLAN, MPLS |
| Security Protocols | IPSec (including StrongSwan), TLS/SSL, SSH, Kerberos, RADIUS, TACACS+, 802.1X, WPA2/WPA3 |
| Network Devices | Cisco IOS, Juniper JunOS, pfSense, OPNsense, Palo Alto PAN-OS, Fortinet FortiOS, Ubiquiti UniFi, MikroTik RouterOS |
| Network Analysis | Wireshark, tcpdump, NetFlow, sFlow, ntopng, Cacti, PRTG, SolarWinds |
| Certifications & Compliance | NIAP certification processes, NIST SP 800 series, CIS Benchmarks, PCI DSS, HIPAA, GDPR, ISO 27001, SOC 2 |
| Category | Technologies |
|---|---|
| Linux Distributions | Ubuntu 24.04 LTS, Kali Linux, Parrot OS, Debian, Fedora, CentOS, AlmaLinux, Rocky Linux, Arch Linux, Linux Mint, RHEL |
| Windows Systems | Windows 10/11, Windows Server 2016/2019/2022, Windows Preinstallation Environment (WinPE) |
| Virtualization | VMware ESXi/vSphere, VirtualBox, Hyper-V, QEMU, Proxmox VE, Xen, KVM |
| Security Hardening | AppArmor, SELinux, GRSecurity, OpenSCAP, Lynis, CIS-CAT, Bastille Linux, Firejail |
| Container Platforms | Docker, Podman, LXC/LXD, containerd, CRI-O, rkt |
| Category | Technologies |
|---|---|
| Workflow Platforms | N8N, Zapier, Make (Integromat), Power Automate, Tray.io, Workato, Pipedream, Agency Swarm |
| API Management | Postman, Swagger/OpenAPI, Insomnia, Apigee, Kong, Tyk, AWS API Gateway, Azure API Management |
| Collaboration Tools | Slack, Microsoft Teams, Discord, Mattermost, Rocket.Chat, Jira, Confluence, Trello, Asana |
| Database Systems | PostgreSQL, MySQL/MariaDB, MongoDB, Redis, SQLite, Cassandra, DynamoDB, Snowflake, Supabase, Neo4j, InfluxDB |
| Message Brokers | RabbitMQ, Apache Kafka, Amazon SQS, Redis Pub/Sub, NATS, ActiveMQ |