Founder | Cybersecurity Professional | AI-Assisted Development & Governance

Solo founder and cybersecurity practitioner. My path has moved through different environments, but the constant has been building systems and understanding how they work. I design software and tools to solve real problems, then refine them through direct use. LabList started as a personal solution for tracking hands-on work and continues to evolve through that process.
I build web applications, think in systems, and treat security as foundational rather than optional. I enjoy analyzing risk and evaluating mitigations across supply chain, architecture, third-party trust boundaries, and the governance frameworks that hold them together. I'm targeting roles in GRC, AI governance, and compliance where this thinking compounds.
Always building. Always learning. Always improving.
BACKGROUND
Entry-level technical roles keep asking for years of experience, which a flat resume can claim but not prove. The alternatives are a bland, easily forgotten GitHub repo, or buying a domain and building a static portfolio yourself. LabList streamlines that. It unifies projects, certifications, and labs in one professional portfolio that validates each resume point and stays easy to maintain, with some entries kept current automatically, so people can focus on what moves the needle, building real experience. LabList is the living proof of experience behind a resume. I built the full stack solo on Next.js and Supabase, from auth and Stripe billing to a guided writeup wizard and a defense-in-depth security model.
02/04/2026 — ongoing
A Claude Code plugin that turns senior DevSecOps judgment into enforceable rules grounded in primary sources. Every rule cites a sub-rule identifier from OWASP ASVS, NIST, ISO, MITRE, or an RFC. Built for developers using AI heavily who want their work to actually meet industry standards by default.
05/04/2026 — ongoing
CompTIA — active
View certification →Covered material such as SAST and DAST tools for assessing API security. Understanding need for API inventory audits to determine what APIs are communicating and where. Determining if they are running outdated versions and if they are even still used. Discussed the need for secure API Gateways and the necessity of ensuring Authentication and Authorization when accessing APIs. While the course was short it provided actionable tips and general knowledge that was helpful and generated further interest for me to continue to pursue more information on API security.
View full writeup →Audit skills/code-quality/ — WS4 Target 14 (Build Step 5, Commit 16/22) — closes Build Step 5; Audit skills/discovery/ — WS4 Target 11 (Build Step 4, Commit 13/22) — closes Build Step 4; Audit skills/project-management/ — WS4 Target 10 (Build Step 4, Commit 12/22)
View full writeup →My view: AI will be largely responsible for the bulk of code going forward. I’ll defend that in a minute, but I should disclose something first. I’m not a software engineer. I have experience in languages like Python and SQL from classes I’ve taken, but fingers to keyboard coding isn’t my bread and butter. My domain is security, and software engineering itself isn’t my desired goal. I respect the work software engineers do and I commend their skills. That being said, I do see a shift happening....
View full writeup →Audit skills/security-input-validation/ — WS4 Target 4 (Build Step 3, Commit 6/22) — closes Build Step 3; Amend CLAUDE.md §2 with communication discipline + file research-security hook bug; Audit skills/security-output-encoding/ — WS4 Target 3 (Build Step 3, Commit 5/22)
View full writeup →Operationalize security-auditor agent + coordinate boundary discipline (WS3 Build Step 3, Commit 4/6); Operationalize red-team agent + apply smoke-test refinements (WS3 Build Step 4, Commit 5/6); Freshen status docs to reflect Phase 6 pause + framework-hardening progress
View full writeup →