I've spent 15+ years building threat pictures and leading high-tempo end-to-end threat investigations and disruption operations for a U.S. Intelligence Agency — assembling and directing analysts, operators, and international partners across four continents based on what each case required. I've hunted physical and digital threats from nation-state, insider, organized criminal, and terrorist actors. I've led investigations from the field to the boardroom and briefed senior leaders under time pressure. A trusted partner to the FBI, United Staes Secret Service, Department of State Diplomatic Security, Joint Special Operatins Command, and international security services to stop real harm before it happened.

Seeking remote roles in corporate security, threat intelligence, protective intelligence, insider threat, global risk management, and trust and safety.

THREAT Matrix and WARDEN are designed to work together as a practitioner ecosystem. THREAT Matrix provides the shared vocabulary for the physical-threat domain — mapping what adversaries do, when, and why, so analysts and investigators can recognize patterns in their casework and respond with context: actor profiles, behavioral patterns, lifecycle phase progressions, Cyber-Physical Nexus and AI-Initiated-Physical tags, and detection and response guidance across four target matrices. WARDEN operationalizes that vocabulary into active threat monitoring, severity scoring, and structured escalation pathways that support analysts and operations personnel in making informed, defensible decisions. See how these tools connect.

An open, standardized vocabulary for the physical-threat domain. Built for the analysts, investigators, field teams, and engineers across corporate security, law enforcement, and the Intelligence Community — and for the leaders who rely on their work, and the educators and researchers shaping the discipline. The framework maps what adversaries do, when, and why, so analysts and investigators can recognize patterns in their casework and respond with context.

Four target matrices (People, Facilities, Organizations, Infrastructure) across a four-phase Threat Lifecycle (Target Development → Mobilization → Execution → Aftermath). 154 tactics and 27 actor profiles spanning seven threat categories — from fixated individuals and nation-state actors to malicious insiders, corporate espionage operatives, and organized criminal groups (34 tactics live in V1; remainder shipping V1.3–V1.5). A behavioral Detection Mesh maps indicators, countermeasures, and response protocols to every tactic. Cyber-Physical Nexus and AI-Initiated-Physical tags surface online-to-physical mobilization pathways and AI-enabled reconnaissance across tactics. Cross-framework mappings provide interoperability with established cyber and AI-systems adversary frameworks.

MIT-licensed and JSON Schema-validated — built for RAG systems, AI agents, MCP clients, and downstream detection and investigation platforms. Detection and response guidance ships per matrix, deepening the framework from taxonomy to operational detection resource with every release. Native MCP server ships in V2.

One open-source framework for the full spectrum of personnel threat: external actors targeting employees and executives, insider risk signals originating from within, and everything in between. Scored threat model for consistent severity assessment across all threat types, tiered escalation logic to support and guide analysts and operations personnel in making timely and defensible decisions, and Source Acquisition intake with source attribution and chain-of-custody tracking so intelligence holds up when cases reach HR, legal, or law enforcement. WARDEN gives practitioners the platform to operationalize investigations at scale.

AI-Native Builder

Current Main Stack: Claude Code · Claude CoWork · Daniel Miessler's Personal AI Infrastructure (PAI) · Nano Banana · Midjourney · Ideogram

   Agents: 27
   Skills: 63
   Workflows: 334
   Hooks: 27
   API/CLI/MCP Channels: 8

CTI Analysis, Building, and Testing Environment

Stack: Wazuh SIEM/XDR · MISP threat intel platform · Suricata IDS · OPNsense|Zenarmor· Zeek NSM · Neo4J knowledge graph · ChromaDB vector store · Logstash pipelines · Metasploitable2 · REMnux

Protective intelligence. Insider Threat. Cyber Threat Intelligence. OSINT. Trust and Safety.

LinkedIn · McLean, VA