Software security engineer who
Currently at Carta. Previously Sourcegraph, Dropbox, Yelp. Building Code Pathfinder, an open-source static code analysis engine, and writing about finding vulnerabilities in the wild.
Bikes long distances, reads on Kindle, and embraces value investing. Based in Waterloo, Canada.
Recent Writing
CVE-2026-33186: Bypassing gRPC-Go Authorization with a Missing Slash ↗ codepathfinder.dev
Apr 1, 2026
security · cve
2025 Wrapped
Dec 20, 2025
wrap · reflection
security · django
Claude Code for Security Analysis: Introducing SecureFlow CLI to Hunt Security Vulnerabilities
Oct 3, 2025
security · ai · sast
Exploring fun parts of Neural Network
Aug 8, 2025
neural-networks
Notable Projects
Code Pathfinder ↗
Static code analysis engine for modern security teams
SecureFlow CLI ↗
AI-powered security scanning with 12+ model support