Senior Engineering Leader | Payment Cryptography | Distributed Systems | ex-AWS

I build and scale security-critical, regulated infrastructure where correctness, compliance, and availability are non-negotiable. Most recently I led the architecture and launch of AWS Payment Cryptography, a globally deployed, hardware-backed cryptographic service, taking it from ambiguous customer input to production under strict PCI and regulatory constraints.

I operate at the boundary between deep technical design and durable execution: defining systems, authoring threat models, governing hardware and software designs, and building the operational practices that hold up over time. I stay hands-on in critical paths and set technical direction that scales beyond my direct involvement.

Currently targeting Director of Engineering, VP Engineering, or senior IC roles in fintech, payments, and security-critical infrastructure.

📄 Blog & Website · 💼 LinkedIn

J8k3/CyberChef · J8k3/CyberChef-Payments, AI-assisted development

A fork of GCHQ's CyberChef extended with payment cryptography tooling for engineering, debugging, interoperability testing, and standards exploration. If you've done this work in payments you know the time it takes to test schemes and data structures without a live HSM. That's the gap this fills.

J8k3/CyberChef — the implementation fork. Operations cover EMV (ARQC/ARPC, issuer scripts, MAC), PIN (blocks, DUKPT TDES/AES, IBM 3624, Visa PVV), MAC, card validation, key management (TR-31, TR-34, ECDH, KCV), and HSM command parsing (Thales payShield, Futurex). All operations are explicit, inspectable, and composable. Fully client-side, nothing leaves your browser.

J8k3/CyberChef-Payments — workflow catalog with recipe links, screenshots, chaining patterns, and validation status across all operations.

🌐 Live demo: cyberchef.jacobmarks.com

J8k3/aws-payment-cryptography-hsm-proxy, AI-assisted development

A local proxy that exposes AWS Payment Cryptography through a traditional HSM-style interface, letting existing payment tooling, test harnesses, and integrations work against APC without rewriting against the AWS SDK. Useful for migration work and interoperability testing from environments that already speak HSM idioms.

J8k3/aws-payment-cryptography-mcp, AI-assisted development

A Model Context Protocol server for AWS Payment Cryptography. Companion to the HSM proxy. Exposes APC operations as MCP tools so LLM-driven agents and assistants can perform structured payment cryptography work with proper boundaries.

Led the definition, architecture, and launch of a globally deployed, hardware-backed cryptography-as-a-service platform, a first of its kind in the cloud.

• Authored the foundational threat model and security posture from early customer input through launch and steady-state
• Defined and governed control-plane, data-plane, and hardware designs, maintaining system coherence through technical review
• Established operational and observability practices focused on customer impact and failure modes
• Introduced daily HSM fleet health evaluation, reducing unsellable capacity from ~10% toward ~5%
• Established hardware-backed design patterns later reused across related cryptographic services

Owned core EC2 platform services and led architectural improvements at massive scale.

• Led architectural separation of telemetry and billing systems supporting hundreds of petabytes of customer data
• Owned platform-level reliability and cost tradeoffs across core EC2 infrastructure during periods of rapid scale

Progressed from hands-on engineer into technical and program leadership on systems operating under security and compliance constraints.

• Languages: C# / .NET (primary), Javascript, Python, Rust
• Domains: Payment cryptography, HSM/PCI compliance, distributed systems, key management, cloud infrastructure
• Security: Threat modeling, PCI-DSS, NIST/DoD ATO, hardware security modules
• Leadership: Multi-team engineering orgs, technical direction, engineering management

• aws-ms-deploy-assistant, AWS Labs project (contributions under legacy account @J8K3-zz)
• LightningPDF, fast-loading PDF viewer with merge, rotate, and reorder features; built for speed when reviewing large document volumes (C#)
• document-sorter, PDF document classifier that automatically organizes scanned documents into folders based on keyword matching rules (C#)
• awssescredgen, CLI tooling for AWS SES credential generation (C#)
• speventreceiverman, utility for SharePoint event receiver management (C#)

Note on GitHub accounts: Due to a legacy account recovery issue, my original profile was renamed by GitHub. Current active account: @J8k3. Historical contributions: @J8K3-zz.