ls ./practice

Practice.

Eight areas I've spent meaningful time in. Each card links to the longer notes below.

method

Threat Modeling

Five-zone method for agentic AI. STRIDE/PASTA where they still fit.

STRIDE, PASTA, attack trees. The classical tooling still works for classical systems. For agentic AI, those frameworks miss most of what matters. The methodology I work from is a five-zone map of every place external data enters an agent's context: input, reasoning, action, state, coordination. Attack scenarios then get traced as chains across zones, not enumerated as events at boundaries.

Most of the writing on this site builds on this work. The STRIDE-breaks post is the clearest statement of the method.

Tools / frameworks

STRIDEPASTAFive-ZoneAttack Trees

offense

Application Security Testing

Manual + tool-assisted testing. Web, API, mobile. Reproducible POCs only.

Manual, tool-assisted, paired with code review when scope allows. Web, API, mobile. The bar I hold is: every finding gets a reproducible POC and a remediation patch the engineering team can actually merge, not a CVSS score with hand-waving below.

Scanner output without context is just a way to make engineers ignore real findings.

Tools / frameworks

BurpOWASP ZAPSemgrepMobSF

offense

Secure Code Review

Source-level audits. Python, Java, TS, Go, C#. Pairs with threat models.

Source-level audits with reproducible POCs and remediation patches. Languages I read fluently: Python, Java, JavaScript/TypeScript, Go, C#. I read enough Rust and C to be useful in either, but I won't pretend to be the deepest reviewer for those.

Best results come from pairing review with a threat model. The model says where risk lives; the review confirms whether the code keeps it contained.

Tools / frameworks

SemgrepCodeQLManual review

program

Vulnerability Management

Program design, not scanner runs. Triage, ownership, SLAs that compound.

The program work, not the scanner run. Triage discipline, ownership models, SLA design, the metrics that distinguish a real program from compliance theatre. Spent three years at Prudent Insurance building this end to end for a regulated practice.

Glamour-free, load-bearing. Most teams treat it as a tooling problem; it's an organisational design problem with a tooling component.

Tools / frameworks

TriageSLA designRisk scoring

offense

Adversary Simulation

Red-team and purple-team. Plus LLM/agent red-teaming with PyRIT.

Red-team and purple-team exercises. Traditional pentests have a place, but the more useful version maps adversary tactics to your stack and walks them end to end with the defending team watching.

For LLM-based products and agentic systems, the value is even clearer: the EchoLeak chain isn't catchable by a tool. It needs someone who thinks like the attacker, and a method for surfacing the chain. PyRIT and PromptFoo are part of how I run these now. See the Lab.

Tools / frameworks

MITRE ATT&CKPyRITPromptFooCaldera

infrastructure

Cloud Security

AWS, Azure, GCP. Posture + architecture reviews calibrated to the workload.

AWS, Azure, GCP. Architecture and posture reviews across IAM, segmentation, data protection, runtime, CI/CD. Findings calibrated to the actual workload, not benchmarked against a CIS checklist that doesn't know what the workload does.

The fastest wins are almost always at the IAM boundary. The hardest problems are almost always in CI/CD.

Tools / frameworks

AWS IAMAzure RBACGCP IAMSteampipe

program

DevSecOps

Pipeline integration. SAST/SCA/IaC. Adoption sequences that don't break velocity.

Pipeline integration and tooling. SAST, SCA, IaC scanning, secrets detection. Choosing tools is the easy part; the real work is the adoption sequence so security gates don't grind engineering velocity to zero.

Patterns scale from teams of 10 to organisations of 1000. What changes is the governance, not the tools.

Tools / frameworks

SASTSCAIaC scanningSecrets detection

ai method

Machine Learning Security

MAESTRO-aligned reviews. Pipeline integrity to inference-time risk.

Reviews aligned to the CSA MAESTRO framework. Layer by layer: training data integrity, model supply chain, training-time risk, inference-time risk, agentic composition. Data poisoning, model inversion, membership inference, adversarial evasion. Each gets concrete attention.

The Data Science M.Tech is the literacy that makes this work credible. Without it, ML security reviews tend to fall into 'classical AppSec applied to a model.bin' on one side, or 'AI policy without engineering reality' on the other.

Tools / frameworks

MAESTROMITRE ATLASMLSecOps

> The lab notebook, open-source work, and rolling notes live at /lab/. Talks I'm open to giving are at /speaking/. Anything else, say hello.

Practice areas, quick navigation