Systems / Solutions Engineer working across data protection, Windows automation, detection engineering, and governed AI agents. My projects connect production infrastructure experience with practical Python, PowerShell, RAG, and security engineering.
[Interactive Domain Map] - the diagram below is a static version of the same map.
Security / Detection / Programming
YARA rules · Powershell
Python · C2 · OWASP
│
── BRIDGE ──┤── BRIDGE ──
YARA pre-restore│ YARA → prompt injection
malware-aware DR│ pattern defense for LLMs
│
Backup & DR ───────┼─────── Local LLM / RAG
Veeam VBR │ LangGraph · ChromaDB
Network Security │ BM25+RRF · Ollama
Systems Architecture │ offline-first
│
── BRIDGE ──┤── BRIDGE ──
VBR data → AI or SIEM │ topology = policy enforcement
remediation agents │ Agentic compliance & governance
│
AI Safety | Agent Governance
CyClaw · Agentic AI drift detection
SHA-256 integrity · MCP server
│
Automation / Sysadmin (substrate)
PowerShell· SCCM · HCI · VMware
Azure · AWS · Edge · Hyper-V
- Secure local AI: offline-first RAG, agent governance, policy-enforced workflows, prompt-injection defenses, and MCP-based tooling.
- Data protection and recovery: Veeam operations, malware-aware restore workflows, health-check automation, and resilient infrastructure lifecycle management.
- Detection engineering: YARA rules, ransomware indicators, suspicious infrastructure detection, and SIEM-ready output.
- Windows and platform automation: PowerShell, Python, SCCM, WinRM, VMware, APIs, and operational tooling designed for real environments rather than immaculate demo laptops.
The common thread: security policy should be enforced by system design, not merely requested in a prompt or buried in a runbook.
CyClaw · Governed, offline-first RAG agent
A local AI agent built around the principle that architecture should enforce policy. CyClaw uses LangGraph topology, hybrid retrieval, integrity checks, scoped tooling, and auditable execution to reduce reliance on prompt-only safeguards.
Python LangGraph FastAPI ChromaDB BM25 + RRF SQLite MCP Local LLMs
Why it matters: organizations need useful AI systems that can operate around sensitive data, constrained networks, and explicit governance requirements without quietly turning every control into a polite suggestion.
Veeam YARA Scanner · Malware-aware recovery inspection
PowerShell and YARA tooling for detecting .onion infrastructure, cryptocurrency payment indicators, and command-and-control patterns in recovery data, with structured output suitable for investigation and SIEM workflows.
PowerShell YARA Veeam JSON Forensics Detection Engineering
SCCM Veeam Proxy Patching · Safe infrastructure maintenance
Coordinates Veeam proxy availability with SCCM patching so maintenance can proceed without casually rebooting infrastructure beneath active backup jobs, a surprisingly popular human pastime.
PowerShell SCCM WinRM VMware Veeam
| Project | Focus | Primary stack |
|---|---|---|
| Veeam HealthCheck Simplifier | Parses health-check results, identifies remediation work, and streamlines operational follow-up. | Python Veeam Automation |
| Azure AI Agent Instructions | Enterprise agent instruction patterns covering source hierarchy, grounding, and hallucination resistance. | Azure OpenAI Copilot Studio |
| Insight Extractor | Extracts structured findings, themes, and actionable insights from large text inputs. | Python NLP Automation |
| PolyMarket Mimic Trader | Event-driven research project for trader ranking, risk controls, simulation, and ledgered execution. | Python asyncio GraphQL SQLite |
| Scrape-n-Email | Resilient scraping and digest delivery with testable parsing and safer CSV/email handling. | Python BeautifulSoup SMTP |
| Windows Admin Cheat Sheet | Practical Windows administration references and repeatable operational commands. | Windows PowerShell Sysadmin |
production constraint
↓
explicit threat / failure model
↓
architecture-enforced controls
↓
auditable automation
↓
operator-friendly outcome
I tend to optimize for:
- Local-first operation where privacy, cost, latency, or network isolation matter.
- Defense in depth rather than a single magical control with an impressive acronym.
- Dry-run modes, validation, logging, and rollback-aware workflows.
- Useful interfaces for operators, not just technically correct code that demands its own priesthood.
- Clear documentation and reproducibility so projects can be evaluated beyond screenshots and claims.
How the project areas connect
Security / Detection
YARA · ransomware indicators · OWASP
│
malware-aware DR │ injection-pattern defense
│
Data Protection ─────────┼───────── Local AI / RAG
Veeam · recovery │ LangGraph · hybrid retrieval
proxy lifecycle │ local models · MCP
│
operational data │ topology-enforced governance
│
Automation Layer
Python · PowerShell · SCCM · WinRM · APIs
The projects are not separate hobby bins. Detection logic informs recovery inspection and AI input defenses; infrastructure telemetry informs automation; and governance patterns from agent systems influence how write-capable operational tools are scoped and audited.
- Expanding CyClaw's governed agentic coding and local-model support.
- Improving policy enforcement, evaluation, observability, and offline deployment paths.
- Turning hard-won infrastructure and recovery patterns into reusable security automation.
Atlanta, GA · Infrastructure · Data Protection · Security · Applied AI
Building systems that remain useful after the demo ends.