Five years auditing security controls at Grant Thornton and Coalfire. Seven months living out of a truck camper across the US & Canada. Now in Denver building AuditPilot, Keelix, and a seven-agent automation org that works while I sleep.
Building AuditPilot — an AI-assisted audit engagement platform for SOC 1 / SOC 2 firms, born from five years of audit pain — alongside Keelix, VoltForge, and a seven-agent automation org that works while I sleep.
Multi-tenant SaaS managing the full lifecycle of a compliance engagement — three role-scoped portals, a framework-agnostic control engine spanning five frameworks, cross-framework evidence reuse, and Claude woven through evidence coaching, review, and report drafting. ~970 automated tests. Born from five years of audit pain.
TypeScript · Next.js 16 · Supabase · Claude API · Tailwind v4
Probes your host from the outside to learn what is actually reachable from the internet, runs 35 deterministic checks across 9 groups, scores your posture 0–100, and emits audit-ready evidence mapped to SOC 2 and ISO 27001. Deterministic core, optional AI explanations, single static Go binary.
Go · Cobra · Next.js 16 · Supabase · Stripe
One intake form returns a complete LiFePO4 electrical design — battery bank, solar, DC-DC, inverter, NEC wire-gauge and fuse schedule. Every number comes from a tested engineering rules engine (269 assertions, property-based tests included); the LLM only writes the plain-English tradeoffs, never the math.
TypeScript · Next.js 16 · Supabase · Zod · fast-check
A self-hosted OpenClaw + Hermes Agent deployment that runs my life's back office: a daily intelligence digest delivered as email + audio brief, a health coach wired to a decade of Garmin data, market and research scans — 29 cron jobs across seven persona-scoped agents, speaking through MCP servers I built.
OpenClaw · MCP · Telegram · Discord · SQLite · launchd
Browser-based control plane that treats OpenClaw's on-disk state as the source of truth and projects it into six operator views — kanban, calendar, intervention queue, activity feed. Writes back through a mutex-serialized, atomic-rename pipeline. 47 tests.
TypeScript · React 19 · Express · SQLite · SSE
MCP server exposing two trail services with no public APIs as 19 structured tools — reverse-engineered session auth, a provenance-aware SQLite cache with per-entity TTLs, idempotent writes. An agent plans the route; it lands on my phone in GaiaGPS. 75 tests against real HTTP fixtures.
Python · FastMCP · httpx · SQLite · launchd
Reads your existing Slack Desktop session instead of provisioning credentials — decrypts the session cookie with a Keychain-derived AES key, recovers per-workspace tokens from LevelDB, and exposes seven read-only MCP tools. One ~400-line file, two dependencies.
Python · MCP SDK · cryptography · SQLite
Self-hosted Garmin Connect warehouse — sleep stages, HRV, body battery, training load and 24 tables more, synced hourly by launchd with idempotent upserts and an audit log. 2,300+ unattended runs, zero logged errors, ~3,700 days of history, daily markdown recaps.
Python · SQLite · garminconnect · launchd
Consultant · Coalfire
Led SOC 1 and SOC 2 Type I and Type II examinations for mid-market clients, evaluating control design and operating effectiveness across trust services criteria — security, availability, confidentiality, and processing integrity Scoped engagements, executed fieldwork, and delivered final reports end-to-end while managing project budgets, timelines, and junior team members Assessed control environments spanning access management, change management, encryption, monitoring, incident response, and business continuity Presented findings and remediation guidance directly to client leadership, translating control gaps into prioritized action plans
Remote
Since my time in college, I’ve always dreamt of taking a gap year and trying van life but I always put it off, until this year. Recently, I embarked on an enriching 6-month journey to travel North America living in a truck camper, covering over 16,000 miles and visiting some of the most stunning national parks the United States and Canada have to offer. I meticulously planned for this journey over the course of 2 years, where I saved up money, built out my camper and vehicle, and envisioned my route. I finally set off in March 2023 for a trip I will never forget. My favorite highlights include seeing a rocket launch in Cape Canaveral, camping on the beach in North Carolina, riding a downhill mountain bike in Whistler, BC, and soaking in a natural hot springs deep in the mountains of Idaho. I have a tremendous sense of pride and accomplishment, and I feel ready to rejoin the workforce with new direction and energy.
Risk Advisory Associate → Senior Associate · Grant Thornton LLP
Planned, organized, and executed SOC 1 and SOC 2 security risk assessments to enhance clients’ IT security control environments, including business continuity programs, incident response procedures, access management, encryption, threat monitoring and more Led a team of professionals in the execution of cybersecurity risk advisory projects, ensuring the timely completion of high-quality deliverables Collaborated with clients to understand their specific business processes, control objectives, and regulatory requirements Developed and implemented effective written information security policies and procedures to secure protected and sensitive data and ensure information security and compliance with NIST CSF and ISO 27001 Worked alongside clients to develop an effective incident response plan Prepared comprehensive workpapers and documentation to support audit findings and recommendations Presented audit findings and recommendations to clients, facilitating discussions to address control deficiencies and enhance risk management Monitored project budgets, resource allocation, and timelines to ensure the successful and cost-effective delivery of services Reviewed and approved work performed by junior associates, providing constructive feedback and guidance for professional development Built and maintained strong client relationships, earning trust and fostering long-term partnerships
Denver, CO
Leeds School of Business
BSBA — dual emphasis in Information Management and Operations Management. Delta Sigma Pi; Alpha Delta Phi founding class.
Boulder, CO
