I build and operate production infrastructure, and direct AI agents to build it faster. Self-taught Linux systems administrator running a 49-service self-hosted environment on Ubuntu, CompTIA Security+ certified, CompTIA Network+ in progress. I spent 15 years in live sound and audio engineering — touring, running FOH, troubleshooting signal chains under pressure, before moving into infrastructure and security; that's where the instinct to stay calm and diagnose comes from.
I direct AI agents to build software, and I evaluate those agents for capability and safety.
- AI Agent Evaluation at Mindrift. I author and calibrate adversarial and capability test cases for LLM-powered agents. The adversarial side is indirect prompt-injection red-teaming and the capability side uses MCPs and a CI/CD pipeline gated by an LLM-as-judge quality review.
- llm-eval-harness: Open-source LLM-as-judge harness that scores model outputs against a rubric and gates CI on the result. It's a small, runnable version of the measurement work described above, built to run fully offline with recorded fixtures.
- Subgeneratorr: Open-source subtitle generator that orchestrates Deepgram Nova-3 with your choice of LLM (Claude / GPT / Gemini / Ollama) for keyterm extraction. Built to fill the gaps Bazarr can't cover.
A real, daily-driver environment, secured and automated end to end.
- Infrastructure Showcase: Reference architecture for the full 49-service stack, covering Docker Compose, nginx reverse proxy, Google OAuth2 on every web UI, wildcard SSL via certbot, fail2ban, and a 5-wave tiered startup that prevents boot-time CPU spikes.
- Server Monitoring Suite: Observability stack covering container health, resource-threshold alerts, SSL-expiry checks, and log-health auditing, all with Discord alerting and cooldown/dedup logic.
- Restic Backup System: Modular, encrypted, versioned backups with offsite Google Drive sync, retention pruning, and integrity verification.
- Boo Bot: Production Discord bot automating the server's community. It rebrands every notification under one identity, suppresses floods, handles requests, and pulls trailers.
- Homelab Scripts: Service orchestration and automation, including tiered startup, inotify-driven file watchers, and a 6-source API fallback chain for metadata enrichment.
- Penetration Testing: 3-day pen test covering SQL injection, RCE on Struts/Tomcat, Shellshock, and credential cracking.
- Splunk SIEM: Custom detection rules for brute-force, SQLi, and DoS, with incident-response writeups.
- Azure Cloud Security: Multi-VM deployment with NSGs, Jump Box architecture, and Ansible automation.
- IoT Vulnerability Analysis: TP-Link smart bulb security assessment, CVE reproduction, and MITM demonstration.
- CompTIA Security+ (SY0-701): earned 2026
- CompTIA Network+ (N10-009): in progress (exam summer 2026)

