AI Security Engineer
AI-Driven Penetration Testing, Red Teaming & Self-Hosted Infrastructure Security
Get In Touch
I'm an IT professional turned AI security researcher with 1.5 years of hands-on enterprise IT experience (endpoint operations, system deployment, and ticketing system administration) and a growing track record in AI-driven penetration testing and red teaming. My most recent work focuses on multi-agent AI pentesting systems, OWASP-aligned black-box assessments, and benchmarking frontier LLMs against security workloads.
Outside of my day job, I maintain a self-hosted homelab on Ubuntu 24.04 with zero trust networking, containerized services, and automated security monitoring. I'm currently pursuing CompTIA Network+ certification and building toward a career in AI security and frontier red teaming.
Based in McBain, Michigan, I'm always looking for opportunities to expand my skills in AI security, red teaming, and self-hosted infrastructure hardening.
Configured an open-source multi-agent AI pentesting system (Strix) with GLM-5.2 (753B MoE) via an OpenAI-compatible API. Benchmarked against Claude Code and Opus 4.8 (Semgrep IDOR: 39% F1 vs 32%; CyBT-CTF: 28/59 tied with Opus), then ran a black-box assessment of OWASP Juice Shop producing 26 validated findings across 7 vulnerability classes (5 critical, 5 high, 16 medium) with full remediation report aligned to OWASP WSTG/PTES/OSSTMM.
Designed and deployed the company's first centralized IT ticketing system, establishing structured workflows for issue tracking and prioritization. Improved visibility into support demand and response efficiency.
Developed backend automation to deliver real-time ticket status notifications to end users. Reduced manual follow-up and improved communication throughout the support process.
Built and configured a Microsoft Deployment Toolkit server to standardize and automate Windows workstation imaging. Reduced setup time and ensured consistent system configuration across all devices.
Built a Python desktop application that automates NIST-traceable pressure sensor calibration in a cleanroom environment. Integrates three bench instruments via VISA/SCPI (Additel pressure controller, Keysight multimeter + power supply), runs automated test sequences with pass/fail validation, performs 30-second leak tests, and generates NIST certificate PDFs from DOCX templates. Reduced calibration time from 30+ minutes manual per sensor to a fully automated sequence.
A fast, mobile-first lookup site for Michigan fishing regulations. Search 1,150+ named waterbodies across all 83 Michigan counties by lake, stream, or species. Features an interactive choropleth county map with click-for-details panels, species filtering, and historical DNR survey data integration. Built from the official DNR 2026 Fishing Regulations PDF with automated PDF parsing, Wikipedia waterbody enrichment, and CI/CD auto-deploy on data updates.
Self-hosted infrastructure running on Ubuntu 24.04 (VPS) with zero trust networking, containerized services, and security monitoring. Every service is built, configured, and maintained from scratch.
Static frontend hosting
Zero trust VPN + ACLs
UFW + Fail2Ban + systemd
Container runtime
Reverse proxy + TLS
Full-stack portfolio with GitHub Pages front-end, Cloudflare DNS, Node.js contact API on a VPS backend (Caddy reverse proxy + systemd), and self-hosted analytics with SQLite. Every component built and deployed from scratch.
Implemented zero trust networking with Tailscale (WireGuard-based mesh VPN). Identity-based ACLs restrict service access by device and user. Tailscale Serve exposes services securely without opening public ports. All infrastructure access routes through the mesh.
Hardened Ubuntu VPS with defense-in-depth: UFW firewall rules, Fail2Ban intrusion prevention, SSH key-only authentication, automatic security updates, and Caddy reverse proxy with TLS termination. Services run under dedicated user accounts with least-privilege access.
Deployed and manage multiple Docker containers on the VPS including qBittorrent and FileBrowser. Services are network-isolated, accessed exclusively through Tailscale mesh VPN. Managed via systemd with proper user isolation and resource controls.
Built a comprehensive security audit script in Python that scans SSH hardening, firewall status, open ports, SSL certificates, failed logins, pending updates, and system resources. Generates multi-format reports (JSON, Markdown, plain text) for documentation and remediation tracking.
Deployed Hermes Agent (by Nous Research) for infrastructure automation and monitoring. Agents handle device pairing, service management, security checks, and scheduled tasks — demonstrating AI-assisted IT operations and automated workflows.
Built a self-hosted, cookie-free analytics system tracking page views and referrers without third-party scripts. SQLite backend with authenticated stats dashboard. No Google Analytics — privacy by design.
Deployed a multi-layer SSH honeypot for intrusion detection and threat intelligence. Endlessh tarpits attackers on port 22 while Cowrie captures attacks on port 2223 with a fake emulated shell. Isolated Docker network with egress-restricted iptables rules, automated JSONL log analysis, SMS alerting via msmtp, and weekly digest emails with attack summaries and source IP analysis.
Currently Pursuing
Expected 2026
Hands-On Assessment
26 Validated Findings
Strix + GLM-5.2
Multi-Agent Pentesting
FlowPress
Industrial Calibration
Interested in automation solutions, IT consulting, or collaboration on tech projects? I'm always open to discussing new opportunities and ideas. Feel free to reach out via email or connect with me on LinkedIn.