Human Centered Cyber
I'm a cybersecurity engineer working at the intersection of LLM-powered cyber deception and behavior-science security awareness. I build security programs in regulated industries — healthcare, banking, lottery — and I write and speak about the places where friends, trust, and adversaries meet.
Writing
Essays on security culture, deception ops, and behavioral influence.
Announcing Project Clementine — an open-source, LLM-powered web-app pentesting orchestrator that correlates application findings with AWS misconfigurations through a knowledge graph. Named after a very small bird with very large opinions.
ReadDARE failed for the same reason most security awareness training fails — both treat behavior change as an individual problem. Public health figured out decades ago that it's a community one.
ReadA natural history diorama is a sealed glass box containing a world that doesn't exist — and yet, for a second, your brain says place. Deception operations work the same way. This is a post about the craft of building worlds convincing enough that attackers forget they're standing in a museum.
ReadSpeaking
Recent and upcoming talks on AI-enhanced social engineering.
Talk
Large language models have changed both sides of the social-engineering table. Attackers use them to industrialize pretexting; defenders can use them to run cyber deception at a scale and fidelity that was impossible a few years ago. This talk walks through the current state of AI-enhanced social engineering, the design principles behind believable LLM-driven decoys, and how blue teams can turn the same tools loose on adversaries — drawing on research from Project Ossian and behavior-science-driven awareness programs.
Delivered at
Elsewhere
Looking for a speaker, a writer, or a second opinion on a security program?
Find me on LinkedIn · Read more →
