Career
Work history and experience
Apr 2022 – Present · 4 yrs
Senior Software Engineering Manager · Detection Platform
May 2025 – Present · Remote- ▸ Manage the Detection Platform engineering org, responsible for the systems and pipelines powering threat detection across over 5 million endpoints and 11 million identities.
- ▸ Support R&D of novel detection techniques operating at over 2 million events per second.
- ▸ Own hiring, performance management, and career development for a team ranging from entry-level to principal engineers.
- ▸ Lead development of a SOAR orchestration layer and its integration with our agentic systems.
- ▸ Work with product, threat research, and SOC leadership to define and maintain the multi-year detection infrastructure roadmap.
Developer Tech Lead · Manager · R&D
Jul 2022 – May 2025 · Remote- ▸ Led detection tooling development that improved the SOC's ability to triage and respond to incidents at scale.
- ▸ Built integrations across TIP, malware analysis pipelines, and EDR/M365 enrichment for real-time alert context.
- ▸ Migrated critical workflows to Apache Airflow and AWS Lambda, improving reliability and reducing manual operations.
- ▸ Shipped a detection rule builder and search engine used daily by detection engineers and SOC analysts.
- ▸ Built core APIs and interfaces that underpin Huntress's detection platform.
Senior Threat Operations Developer · R&D
Apr 2022 – Jul 2022 · Remote- ▸ Built tooling for the Threat Operations team to accelerate threat research and expand detection coverage.
Feb 2019 – Jun 2023 · 4 yrs 5 mos
Co-Founder · Advisor
Apr 2022 – Jun 2023 · Remote- ▸ Moved into an advisory role after hiring full-time leadership; continued providing technical and strategic input.
CTO & Co-Founder
Apr 2019 – Apr 2022 · Remote- ▸ Co-founded a cyber threat intelligence company (formerly Vlabs) focused on giving security operators better tooling for detecting complex attacks.
- ▸ Set technical direction, hired the engineering team, and led product R&D across network analysis and threat intelligence.
- ▸ Shipped DynamiteNSM, an open-source NSM platform built on Zeek and Elasticsearch (171 GitHub stars).
- ▸ Maintained integrations with threat feeds and SIEMs; active contributor to the open-source security community.
Senior Software Engineer
Feb 2019 – Apr 2019 · Atlanta Metropolitan Area Feb 2019 – Jun 2021 · 2 yrs 5 mos
Creator & Founder
Feb 2019 – Jun 2021 · Remote- ▸ Built PacketTotal from scratch: a free PCAP analysis engine for network traffic visualization, timeline reconstruction, and artifact extraction.
- ▸ Grew to wide adoption across the security community; acquired June 2021.
- ▸ Designed and built the full stack solo: backend pipeline, analysis engine, and frontend.
Apr 2017 – Feb 2019 · 1 yr 11 mos
Staff Software Engineer · Innovation & Custom Engineering (R&D)
Apr 2017 – Feb 2019 · Remote- ▸ Built forensic tooling within FireEye's Innovation and Custom Engineering (ICE) R&D group, used directly by Mandiant consultants on engagements.
- ▸ Built a Python application that simplified O365 forensic investigations for IR teams, replacing complex manual tooling.
- ▸ Worked with the data science team to automate ML model deployments into production.
- ▸ Contributed to a bootkit detection capability running on AWS Lambda.
Sep 2015 – Apr 2017 · 1 yr 8 mos
Senior Information Security Engineer
Sep 2015 – Apr 2017 · Ballantyne, NC- ▸ Reported directly to the CISO, covering vuln management, incident response, software development, and remediation.
- ▸ Wrote an event forwarder daemon to integrate the endpoint solution with the enterprise SIEM.
- ▸ Built a multi-threaded share scanner to identify PII and sensitive IP on open Windows shares.
- ▸ Consolidated security tools into a centralized ELK-based log management and alerting stack.
- ▸ Led deployment of security controls across corporate infrastructure.
Sep 2014 – Sep 2015 · 1 yr 1 mo
VP, Security Engineer · Specialist
Sep 2014 – Sep 2015 · Charlotte Metro- ▸ Built BI tooling for Global Information Security's recovery group, consolidating security data into board-level metrics and reports.
- ▸ Wrote root-cause analysis and risk quantification algorithms operating across enterprise-scale security datasets.
- ▸ Built an automated phishing email evaluation engine deployed enterprise-wide.
- ▸ Developed a SQL-like query language for automatic security report generation.
- ▸ Built custom reporting and data collection platforms for Global Information Security teams. (Patent: Information Management and Notification System)
- ▸ Managed the GRC platform transition, automating workflows to reduce manual overhead.
Sep 2013 – Sep 2014 · 1 yr 1 mo
Incident Response · Information Security Analyst
Sep 2013 – Sep 2014 · Charlotte Metro- ▸ Monitored and responded to threats using ArcSight, Splunk, and Security Onion in a large financial institution.
- ▸ Built custom ArcSight plugins integrating with multiple network infrastructure APIs.
- ▸ Built a custom API and analyst UI to automate triage tasks and support team collaboration.
- ▸ Performed malware analysis with IDA Pro and Cuckoo Sandbox, and PCAP analysis with Wireshark and custom Python scripts.
- ▸ Helped deploy and configure multiple IDS platforms.
Education
University of North Carolina at Charlotte
Bachelor of Science, Computer Science