I work across both sides of the security boundary. On the offensive side, I build tooling and run assessments — network enumeration, protocol analysis, red team infrastructure. On the defensive side, I design and operate hardened multi-tenant platforms in production.

That dual exposure isn't incidental. Understanding how systems fail under adversarial pressure is what makes me a better architect — and running real infrastructure is what keeps my threat model grounded.

I write primarily in Go and Python. I care about correctness, auditability, and operational reproducibility.

A concurrent network scanner built for real engagements. Refactored from the ground up in Go: zero external dependencies in the core engine, context-based cancellation, race-detector-clean, and a scriptable CLI consumer. Designed to be extended, not just used.

Concurrent scanning · Custom protocol handling · Clean architecture · CI with govulncheck

VPS provisioning and management platform built on the Proxmox VE API. Handles VM lifecycle, resource isolation, billing, and customer boundaries in a unified control plane. In production at MadeiraHackerSpace.

Proxmox VE · PostgreSQL · REST API · Multi-tenancy · Isolation boundaries

Infrastructure-as-code approach to running Odoo Community as a security-conscious service. Automated deployment, update pipelines, backup orchestration, and hardening applied end-to-end — treating ERP like the attack surface it is.

Docker · CI/CD · Ansible · Privilege separation · Reproducible deployments

• Extending catnet with additional protocol coverage and evasion-aware scanning
• Hardening isolation and privilege separation in multi-tenant environments
• Improving observability and incident response posture for self-hosted platforms
• Contributing to Proxmox tooling and security automation open-source