Senior software security engineer who
Currently at Carta. Previously Sourcegraph, Dropbox, Yelp. Building Code Pathfinder, an open-source static code analysis engine (AI-Native), and writing about finding vulnerabilities in the wild. Curates vulnerability datasets using Code Pathfinder for CVE variant analysis and fine-tunes LLMs locally to achieve precision analysis beyond traditional static code analysis.
Bikes long distances, reads on Kindle, and embraces value investing. Based in Waterloo, Canada.
Recent Writing
Same Bug, Different Endpoint: Finding Path Traversal in Langflow with Code Pathfinder ↗ codepathfinder.dev
Apr 15, 2026
security · research
CVE-2026-33186: Bypassing gRPC-Go Authorization with a Missing Slash ↗ codepathfinder.dev
Apr 1, 2026
security · cve
2025 Wrapped
Dec 20, 2025
wrap · reflection
security · django
Claude Code for Security Analysis: Introducing SecureFlow CLI to Hunt Security Vulnerabilities
Oct 3, 2025
security · ai · sast
Notable Projects
Code Pathfinder ↗
Static code analysis engine for modern security teams
SecureFlow CLI ↗
AI-powered security scanning with 12+ model support