I've spent 15+ years building threat pictures and leading high-tempo end-to-end threat investigations and disruption operations for a U.S. Intelligence Agency — assembling and directing analysts, operators, and international partners across four continents based on what each case required. I've hunted physical and digital threats from nation-state, insider, organized criminal, and terrorist actors. I've led investigations from the field to the boardroom and briefed senior leaders under time pressure. A trusted partner to the FBI, United Staes Secret Service, Department of State Diplomatic Security, Joint Special Operatins Command, and international security services to stop real harm before it happened.
Seeking remote/hybrid roles in corporate security, threat intelligence, protective intelligence, insider threat, global risk management, and trust and safety.
An open, standardized vocabulary for the physical-threat domain. Built for the analysts, investigators, field teams, and engineers across corporate security, law enforcement, and the Intelligence Community — and for the leaders who rely on their work, and the educators and researchers shaping the discipline. The framework maps what adversaries do, when, and why, so analysts and investigators can recognize patterns in their casework and respond with context.
Four target matrices (People, Facilities, Organizations, Infrastructure) across a four-phase Threat Lifecycle (Target Development → Mobilization → Execution → Aftermath). 154 tactics and 27 actor profiles spanning seven threat categories — from fixated individuals and nation-state actors to malicious insiders, corporate espionage operatives, and organized criminal groups (34 tactics live in V1; remainder shipping V1.3–V1.5). A behavioral Detection Mesh maps indicators, countermeasures, and response protocols to every tactic. Cyber-Physical Nexus and AI-Initiated-Physical tags surface online-to-physical mobilization pathways and AI-enabled reconnaissance across tactics. Cross-framework mappings provide interoperability with established cyber and AI-systems adversary frameworks.
MIT-licensed and JSON Schema-validated — built for RAG systems, AI agents, MCP clients, and downstream detection and investigation platforms. Detection and response guidance ships per matrix, deepening the framework from taxonomy to operational detection resource with every release. Native MCP server ships in V2.
A grocery assistant for the home, and my hands-on project for building practical software with AI. It's an iOS app that knows what food is in the house, learns what the household likes to eat, and pays attention to who's home and when, then prepares grocery orders from the right stores so the kitchen stays stocked. It keeps track of what's on hand from your grocery receipts, a quick note when you run out of something, and how fast each item tends to get used, so it catches what's running low before it's gone.
It also plans around what's coming up, stocking extra when you're hosting a dinner party or have guests staying for the weekend, and easing off when you're traveling. A video walk-through of the kitchen updates it by sight and voice, and a person always reviews the order and pays. Nothing is ever bought automatically.
AI-Native Builder
Current Main Stack: Claude Code · Claude CoWork · Daniel Miessler's Personal AI Infrastructure (PAI) · Nano Banana · Midjourney · Ideogram
Agents: 27
Skills: 63
Workflows: 334
Hooks: 27
API/CLI/MCP Channels: 8
CTI Analysis, Building, and Testing Environment
Stack: Wazuh SIEM/XDR · MISP threat intel platform · Suricata IDS · OPNsense|Zenarmor· Zeek NSM · Neo4J knowledge graph · ChromaDB vector store · Logstash pipelines · Metasploitable2 · REMnux
Protective intelligence. Insider Threat. Cyber Threat Intelligence. OSINT. Trust and Safety.
LinkedIn · McLean, VA


