Home

I built this blog to document my accomplishments, research, and generally share what I'm working on. My interests pull me toward AI, cybersecurity, and embedded engineering, so that's mostly what you'll find here, but I won't promise it will stay perfectly on track.

Not every post will be research. Sometimes something just catches my attention and ends up there too. Either way, hope you find something worth reading.

Security is where most of my passion lives. There's something deeply satisfying about the puzzle-solving nature of it and peeling back layers of a system to understand how it really works. The technical depth keeps me hooked, and knowing that the work ultimately helps protect people makes it that much more meaningful.

Posts

    • Jun 23, 2025

      Consider the motive for the attack

      Motives are key aspects to a malicious actor’s agenda. If you can understand why they’re targeting, you then you may understand what is vulnerable. State actors for instance may target others to gather information for their own sake of having the data. Singular malicious actors may have a secret agenda that motivates them with monetary gains. How these are handled is different. With the state actor example, there isn’t much to be done but monitor for the information resurfacing and preventing the next potential incursion. The malicious actor on the other hand would include identification, monitoring for the data to resurface, confirming how much of the data has resurfaced, and what communities the data was released to for your users’ threat surface. Once that sensitive data changes hands it enters a new set of motives. Some may use SPII for social engineering, aggregate the data with other sources and resale, or even black mail. I plan to implement searching for the motive amongst my best practices by taking the time to place myself in their shoes.

    • Jun 22, 2025

      Don't Leave Security to the End

      In this blog post, I’ll elaborate on the statement “Don’t leave security to the end” and what that means in terms of best practices. Cybersecurity is a constantly changing field that requires critical thinking in a multitude of areas. We need specialists who know applications, databases, networks, and even physical security to name a few. The attack surface is growing as technology expands, and cybersecurity professionals need to be constantly learning. Even if a company hired security specialists for all these unique areas we would likely never be able to complete a project before the funding runs out. For this reason, we need to engage all members of a project or the staff of a company to participate in being a security specialist.

    • Jun 14, 2025

      AAA and Defense in Depth

      In this case study I’ll be taking a closer look at the LinkedIn data breach of June 2021. This case made the news because it was originally found on ‘RaidForums’ as a bulk selling lot for 700 million users (Mathews, 2021) or 92% of all users’ public data in a consolidated format only two months after a similar occurrence. A similar occurrence had a slightly smaller breach with 500 million users’ data becoming vulnerable (LinkedIn Update on 500 million, 2021). ‘RaidForums’ is a well-known data marketplace on the dark web where the user ‘Tomliner’ (Gibson, Townes, Lewis, & Bhunia, 2021) added onto the 500 million previously leaked data with an additional 200 million (LinkedIn Update on 700 million, 2021).

    • Feb 23, 2025

      Cartpole Problem Explained

      The cartpole problem is a notorious reinforcement learning objective where the goal is to balance a pole on a cart that has two directional movements. These movements combined with the velocity of the cart can change the angle of the pole in relation to the cart. The objective is just to balance the pole on the cart given the two controls, moving the cart left and right. At each stage of a given episode the state of the cart, pole angles, and cart velocity is collected and processed in some form to determine the highest possible reward or lowest penalty. How the next action is calculated is through various algorithms that might include two common ones known as Reinforce and A2C for an actor.

    • Aug 04, 2024

      Algorithm Ciphers

      Cryptography is changing rapidly, and many considerations need to be made while selecting the appropriate method of securing data. In this post we are working with securing data at rest instead of in transit, as such we do not need to concern ourselves with TLS encryption suites in this post. The difficulty with encrypting data at rest versus data in transit is we do not have an industry standard method such as TLS/SSL (Oracle, n.d.). Data at rest has two categories to consider when evaluating its well-being which are digital attacks and physical attacks. Digital attacks could be a bad actor with intent to obtain the data through means such as using falsified or stolen credentials, copies of data moved to unsecure locations, or even ransomware attacks where the attacker may not care for the data itself but hold the data ransom for the intended recipients (Cloudflare, n.d.). Physical attacks could be from direct access to a hard drive either through theft or copying the content.

    • 1