Services

Two ways I raise your bar — and prove it.

Whether you're shipping AI features or the systems underneath them, the standard is the same: correct behavior is the only path the code can take — and it's demonstrable in a harness, not asserted on a slide.

01 · GenAI security 02 · Software & systems
Service 01

Secure the GenAI integration layer

Your agents and assistants touch files, email, tools, and customer data. I map where that trust can be turned against you, attack it with the same harness behind my research, and design the generation-layer controls that stop bad output before it exists.

You leave with findings tied to reproducible tests — not vibes — and a control design your security team can sign off on.

Backed by the ~6.1M-call study
Engagements
Red-team assessment

Adversarial testing of your live agent against prompt-injection and data-exfil paths, with a reproducible harness you keep.

Control design & review

Generation-layer guardrails specified, implemented, and validated — designed to prevent, not to clean up afterward.

Advisory retainer

Ongoing review as your integration surface grows — a principal on call for the decisions that carry risk.

Service 02

Software & systems, to the same bar

Security-grade engineering isn't only for security work. I build production systems where the correct behavior is the only path the code can take — authoritative data, exact math, per-user isolation, an event-sourced audit trail — and prove it holds after the fact.

Best fit for brittle, costly, or compliance-sensitive workflows where "mostly correct" has a real price.

See the mileage app case study
CASE STUDY · MILEAGE

Reimbursement that's correct by construction — and defensible after the fact.

authoritative routing source exact integer money math per-user isolation event-sourced audit

How an engagement runs

01

Fit-call

25 minutes to pressure-test your riskiest point live. You leave with a threat-model sketch either way.

02

Scope

A fixed, written scope with the harness and deliverables named up front — no open-ended meters running.

03

Build & break

I do the work — attack, design, or build — with evidence captured at each step, not summarized at the end.

04

Handoff

Reproducible tests, a control design or working system, and a walkthrough your team can act on and re-run.

Not sure which one you need?

Bring the problem to the fit-call. If it's the wrong fit, I'll tell you — and point you somewhere better.

Book a fit-call See the research