Founder of Gulf Coast Cyber, helping industrial operators adopt AI safely — security assessments, governance, training, and custom implementation. Founder of the Council for Industrial AI Safety (CIAS), an industry body setting governance standards for AI in critical infrastructure. Previously spent a decade at Lockheed Martin red teaming classified weapons platforms, followed by building the AI Red Team function at Thomson Reuters. NOVA Award recipient. Peer-reviewed author and active vulnerability researcher with confirmed findings in libarchive, FreeType, and DjVuLibre.
Foundational white paper from CIAS on AI safety governance for industrial operators — because after is too late. Covers risk frameworks, operational boundaries, and incident response for ML systems in environments where failure means vapor clouds, not error messages.
Vulnerability disclosure infrastructure was built for humans on both ends. That’s ending. This paper proposes vuln-intake.json — a machine-readable intake protocol for when AI agents are doing the finding and the triaging. Includes a working protocol spec, reference architecture, and analysis of the volume problem heading toward bug bounty platforms.
35.7 billion test executions, three confirmed findings including an RCE, 15 domain-specific harnesses built in under 30 minutes — all on a single desktop workstation. How coordinated AI agents are changing the economics of vulnerability research, and what it means for industrial AI safety.
A Domain Specific Language for Digital Forensics and Incident Response Analysis — PhD Dissertation, University of New Orleans, December 2019. Designed and implemented a domain-specific language (DSL) enabling analysts to express complex forensic investigation workflows in a declarative, composable format — bridging the gap between ad-hoc investigation scripts and formal incident response frameworks.
Language-based Integration of Digital Forensics & Incident Response — ARES/UK 2019, ACM. Presented a language-based approach to integrating disparate DFIR tools and workflows into a unified pipeline, reducing analyst cognitive load and enabling reproducible investigation artifacts across toolchains.
Nugget: A Digital Forensics Language — Digital Investigation, 2018. Introduced Nugget, a purpose-built DSL for digital forensics that enables analysts to write investigations as executable, auditable scripts — improving repeatability, collaboration, and chain-of-custody integrity.
SCARF: A Container-Based Approach to Cloud-Scale Digital Forensic Processing — Digital Investigation, 2017. Proposed SCARF, a Docker-based architecture for scaling forensic workload processing across cloud infrastructure — enabling forensic teams to handle evidence volumes that exceed on-premises capacity without sacrificing evidence integrity.
Red Crawling for Perimeter Intelligence — Lockheed Martin Journal of Software Engineering, 2016. Applied web crawling techniques to external-facing infrastructure discovery, turning passive reconnaissance into structured perimeter intelligence for defensive security operations.
Dynamic Bytecode Instrumentation for Mobile Security — Lockheed Martin Journal of Software Engineering, 2015. Explored runtime bytecode instrumentation techniques for analyzing and securing mobile applications — enabling dynamic analysis of app behavior without requiring source code access.
Dynamic Aspect-Oriented Bytecode Instrumentation — MS Thesis, University of New Orleans, March 2015. Developed a dynamic aspect-oriented framework for bytecode instrumentation that enabled runtime monitoring and modification of application behavior — with applications in security analysis and runtime verification.
AI Safety for Industrial Operations — 5-day on-site intensive for engineers, operators, and HSE professionals. Covers AI fundamentals, the AI attack surface, data security, safe deployment in safety-critical environments, and organizational governance. Built from offensive security experience — we teach what actually goes wrong, not theory. Details →
The AI Attack Surface: A Red Team Perspective
How AI systems actually get broken. Prompt injection, data poisoning, adversarial ML, and AI-powered social engineering.
Before the Incident
AI safety governance for critical infrastructure. Frameworks, operational boundaries, and incident response — before regulators force your hand.
Agentic Vulnerability Research
35 billion test executions, three findings, one RCE. How coordinated AI agents are changing the economics of security research.
Shadow AI in Industrial Operations
Your engineers are already using AI without policies. What’s at risk and how to get ahead of it.
Securing Industrial AI Deployments
Practical guidance for bringing AI into safety-critical environments without introducing new risk.
Available for advisory board roles and consulting engagements in industrial AI safety, AI security, offensive security automation, and vulnerability research programs.
PhD, Engineering and Applied Sciences — University of New Orleans, 2019. Applied Engineering.
MS, Computer Science — University of New Orleans, 2015. Mobile Device Security.
BS, Computer Science — University of Louisiana, 2012. Artificial Intelligence and Cognitive Science.