Senior information security engineer on a CIRT by day, insomniac developer by night and the person behind Penumbra Forge — an independent studio building privacy-first security tools and open source software.

Everything I build runs locally, collects nothing and respects your privacy.

Gate — The first secret scanner that fixes what it finds. 148 detection rules, credential verification, auto-remediation across 9 languages, incident response workflows, and compliance reports. Free, open source, runs 100% on your machine.

vexes — Cross-ecosystem dependency security scanner with a 4-layer behavioral analysis engine. AST code inspection, typosquat detection, behavioral fingerprinting, and pre-install guarding across 9 ecosystems. Catches supply chain attacks that vulnerability databases miss. Zero dependencies.

mcp-librarian — Intelligent MCP skills server for AI coding agents. BM25 search, Ed25519 integrity, progressive disclosure, zero dependencies. Works with Claude Code, Ollama, and anything that speaks MCP.

penumbraforge.com — 78 privacy-first developer and security tools, 12 hands-on offensive and defensive security labs, and a technical blog. All tools run client-side with no tracking, no accounts, no data collection.

Umbra — A 100% local AI development environment. Full IDE with chat, agent mode, codebase RAG, inline completion, knowledge packs, and a plugin system. No cloud, no telemetry, no accounts — your code never leaves your machine.

• Expanding Gate's detection rules and adding SARIF integration for GitHub Advanced Security
• Expanding vexes ecosystem coverage and hardening the behavioral analysis engine
• Building community skill packs for mcp-librarian
• Writing new red team and blue team security labs (IDOR, race conditions, SSRF, SOAR playbooks)
• Writing about security engineering: JWT pitfalls, log analysis from an attacker's perspective, security headers

• Site: penumbraforge.com
• Twitter/X: @penumbraforge
• Location: Arizona