Projects

I work as a platform architect on AI-native security products at we45. My projects sit between security engineering, LLM systems, developer experience, and product architecture: the goal is to make security review workflows feel native to how teams already design, build, and ship software.

SecurityReview.ai

Platform architect - Agentic AI, threat modeling, RAG, OSCAL, compliance mapping

securityreview.ai

SecurityReview.ai is an AI-native security architecture review platform. It converts architecture documents, diagrams, tickets, code, and engineering notes into system-specific threat models, countermeasures, and compliance-ready reports. My role has focused on the platform architecture: shaping how messy engineering context becomes structured security ground truth, how specialized agents reason over it, and how the output stays useful for both security teams and builders.

Technical Architecture

  • Designed multi-modal ingestion for PDFs, diagrams, markdown, JSON, voice notes, and code artifacts.
  • Built code-profiling workflows with agents for architecture, APIs, data stores, dependencies, IaC, and existing controls.
  • Architected an agentic threat-modeling harness using category-specific reasoning, live threat intelligence, and implementation-aware countermeasures.
  • Mapped findings into OSCAL-backed compliance structures so reports connect engineering evidence to framework subsections.

Product Experience

  • Focused the workflow around how teams actually review systems: upload context, inspect assumptions, refine scope, and generate review artifacts.
  • Balanced security depth with legibility so outputs work for architects, application security engineers, and product teams.
  • Designed review outputs to move from abstract risks to concrete implementation guidance and defensible compliance evidence.

VibeReview

Platform architect - AI coding guardrails, MCP, GitHub, GitLab, IDE workflows

vibereview.app

VibeReview is a guardrail platform for AI-assisted development. It profiles repositories, generates threat-informed rules, and delivers that guidance into the tools where AI coding happens: IDEs, pull requests, MCP-enabled workflows, GitHub, and GitLab. The product is built around a simple idea: AI coding assistants should understand the security shape of the system before they suggest changes.

Technical Architecture

  • Architected repository profiling that extracts compact system context from code, dependencies, APIs, data flows, and existing security controls.
  • Designed rule-generation workflows that translate system profiles into practical, threat-informed guardrails for AI coding tools.
  • Built integration patterns for MCP, GitHub, GitLab, and IDE delivery so guidance can appear close to the developer's change loop.
  • Focused on keeping guardrails specific to the repository instead of relying on generic secure-coding checklists.

Product Experience

  • Designed the platform around developer ergonomics: low-friction onboarding, understandable rules, and review guidance that fits PR workflows.
  • Connected security architecture context to day-to-day coding decisions, especially when developers are using AI agents or copilots.
  • Shaped VibeReview as a bridge between application security intent and the fast, iterative style of AI-assisted software development.