Skip to content
View jbrotsos's full-sized avatar
13 followers · 14 following

Achievements

Achievement: Pair ExtraordinaireAchievement: YOLOAchievement: QuickdrawAchievement: Pull Sharkx2Achievement: Arctic Code Vault ContributorAchievement: Starstruck

Achievements

Achievement: Pair ExtraordinaireAchievement: YOLOAchievement: QuickdrawAchievement: Pull Sharkx2Achievement: Arctic Code Vault ContributorAchievement: Starstruck

Block or report jbrotsos

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don't include any personal information such as legal names or email addresses. Markdown supported. This note will be visible to only you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
jbrotsos/README.md

👋 Hi, I’m James

I started my career first as a network protocol developer, (which I also have my master degree in) and then moved to a kernel developer, building core os functionalities. Over time, I became increasingly curious on static analyis tools and finding coding flaws while developing. That curiosity eventually led me into application and cloud security, and today I work at Microsoft as a Product Manager focused on code security, DevSecOps, and developer experience.

🔐 From Code to Security

My engineering background shapes how I think about product decisions. I’ve written enough bad code (and broken enough builds) to understand how security fits into a developer’s real workflow. That perspective helps me build security tools that feel natural for developers rather than bolted-on obstacles.

Focus areas I care deeply about:

  • Code-first security workflows
  • Developer-friendly CLIs and clear UX patterns
  • Policy-driven guardrails from source to runtime
  • Container and IaC security in modern CI/CD pipelines

🤖 Exploring AI (RAG, LLMs & Agentic Systems)

I’m fascinated by how AI is reshaping software development and security. Recently, I’ve been exploring:

  • Retrieval-Augmented Generation (RAG)
  • Large Language Models (LLMs)
  • Agentic AI and autonomous developer workflows
  • How AI can simplify complex security information
  • Practical ways to integrate AI into code security without overwhelming users

I recently built a code-first security agent using Azure AI Foundry, experimenting with how agents can understand project structure, analyze findings, and guide developers through remediation. It’s early work, but it’s expanding how I think about security UX.

🛠️ How I Build Products

Before anything reaches engineering, I like to prototype the entire user experience—CLI flows, UX copy, API interactions, or even small working demos. These prototypes help clarify intent, spark discussion, and make development smoother for everyone involved.

Some things I enjoy during the process:

  • Designing intuitive flows that “just make sense”
  • Writing draft documentation and sample outputs
  • Pairing with engineers to validate edge cases
  • Running early user testing with real developers

🌱 What I'm Learning Right Now

  • Better retrieval pipelines for RAG
  • Evaluation frameworks for LLM-powered tools
  • Techniques for grounding agents in real security signals
  • Bridging developer experience, AI, and cloud security in authentic ways

📫 Let’s Connect

If you’re building in the security, DevOps, or AI space—and especially if you’re experimenting with RAG, agents, or code security—I’m always happy to connect.

Pinned Loading

  1. checkmarx-ts/CxOverwatch checkmarx-ts/CxOverwatch Public

    Checkmarx Health Monitor

    PowerShell 18 13