I build the vulnerability-management tools I wish existed — then ship them the way a vendor would: Store-certified, code-signed, and run through my own security gauntlet.
The case studies are the heart of this site: real problems I hit, the root cause, the engineering, and the proof — including the problems where no off-the-shelf answer existed and I had to invent one.
A Windows desktop app for VM teams: which findings are about to breach SLA, who owns the assets, and what got done about it. Store-certified, IV code-signed.
read more →
Five problems, written the way I hit them: millions of findings on one desktop, ownership routing, zero-day exposure answers in seconds, the attack surface nobody scans, and letting operators customize ticket fields without handing them an injection vector.
read more →
A compliance gauntlet I built, with pass/fail criteria and evidence artifacts, plus RFC 6962 Merkle logs, DSSE/in-toto provenance, and a real disclosure policy.
read more →
The remediation pipeline and test infrastructure around the analyzer: idempotent ticketing, an encrypted dispatch layer, and a full mock-ServiceNow environment.
read more →Security tooling is where I go deepest — but I build across the whole stack, from a local-AI homelab to desktop tools. Same builder's instinct, different canvases.
A self-hosted, all-AMD workstation (no CUDA): local LLMs at 100% GPU on ROCm, image generation, and MCP agents that drive Blender and Unreal directly. Getting there meant root-causing a bleeding-edge RDNA4 bug that had inference silently falling back to CPU — and fixing it.
Ollama · ROCm · LM Studio · gpt-oss / Qwen / Llama-vision · MCP
A release-signing tool built as frameless, translucent "bubble" windows that dock to any screen edge; when the pipeline is ready, the final bubble runs a live signing ceremony that pauses, pulsing, for the physical YubiKey touch. A QThread step engine cleanly separates the automated steps from the human-in-the-loop ones.
Python · PySide6 / PyQt6 · QThread · Authenticode / YubiKey
A developer with a vulnerability-management background and a builder's restlessness — happiest in a terminal, chasing a problem until the solution is simple and holds up.
I'm Elliot — a vulnerability-management analyst who kept hitting gaps no product filled, so I built the tools that would. I came up the formal way — a summa cum laude cyber degree, Security+, CEH — but I learn fastest by building, and I validate everything against the source instead of taking it on faith. I get genuinely obsessed with a hard problem: I'll rough out three approaches, throw two away, and keep refining until what's left is simple, honest, and holds up under its own edge cases. When nothing off the shelf fits, I don't wait for a vendor — I design and ship my own.
My mind runs constantly, and in parallel — pulled toward the unmapped, the unbuilt, the edge just past where the herd stops. What once read as an inability to hold a single thread turned out to be the capacity to hold many at once: I carry contingencies for scenarios that haven't happened yet, and a clear line to the outcome I'm steering toward.
How I work:
Where I'm strongest:
Underneath it all is a genuine love of the craft — the discovery, the learning, the building — which is why the work spills across security, local AI, and infrastructure alike. More on my background, certifications, and working principles on the about page.
Open to new roles in vulnerability management, security tooling, and security software engineering. Email is the best way to reach me, and I'm happy to give a live demo on request.