I've spent 15+ years building threat pictures and leading high-tempo end-to-end threat investigations and disruption operations for a U.S. Intelligence Agency — assembling and directing analysts, operators, and international partners across four continents based on what each case required. I've hunted physical and digital threats from nation-state, insider, ogranized criminal, and terrorist actors. I've led investigations from the field to the boardroom, briefed senior leaders under time pressure, and coordinated with the FBI, protective services teams, and internatioal partners to stop real harm before it happened.

Seeking remote roles in corporate security, threat intelligence, protective intelligence, insider threat, global risk management, and trust and safety.

THREAT Matrix and WARDEN are designed to work together as a practitioner ecosystem. THREAT Matrix provides the shared vocabulary: actor profiles, behavioral patterns, tactic progressions, Cyber-Physical Nexus indicators, and detection and response guidance across four target domains. WARDEN operationalizes that vocabulary into active threat monitoring, severity scoring, and structured escalation pathways that support analysts and operations personnel in making informed, defensible decisions. See how these tools connect

THREAT Matrix — Designed as a community-driven open-source taxonomy covering how threat actors plan and execute physical adversarial action against people, facilities, organizations, and critical infrastructure. Four matrices, four threat phases, 154 tactics, and 27 actor profiles spanning seven threat categories — from fixated individuals and nation-state actors to malicious insiders, corporate espionage operatives, and organized criminal groups. Cyber-Physical Nexus tagging reflects the convergence of digital and physical threat vectors across every phase of an operation. Detection and response guidance, behavioral indicators, and countermeasures ship per matrix, deepening the framework from taxonomy to operational detection resource with every release. MIT licensed, built to give the industry a shared standard.

WARDEN — One open-source framework for the full spectrum of personnel threat: external actors targeting employees and executives, insider risk signals originating from within, and everything in between. Scored threat model for consistent severity assessment across all threat types, tiered escalation logic to support and guide analysts and operations personnel in making timely and defensible decisions, and Source Acquisition intake with source attribution and chain-of-custody tracking so intelligence holds up when cases reach HR, legal, or law enforcement. WARDEN gives practitioners the platform to operationalize investigations at scale.

AI-Native Builder

Main Stack: Claude Code · Claude CoWork · Daniel Miessler's Personal AI Infrastructure (PAI) · Nano Banana · Midjourney · Ideogram

   Agents: 27
   Skills: 63
   Workflows: 334
   Hooks: 27
   API/CLI/MCP Channels: 8

CTI Analysis, Building, and Testing Environment

Stack: Wazuh SIEM/XDR · MISP threat intel platform · Suricata IDS · Zeek NSM · Neo4J knowledge graph · ChromaDB vector store · n8n automation · Logstash pipelines · Metasploitable2 · REMnux

Protective intelligence. Insider Threat. Cyber Threat Intelligence. OSINT. Trust and Safety.

LinkedIn · McLean, VA