Security tooling · Vulnerability management · Software engineering

Elliot Anstey

I build the vulnerability-management tools I wish existed — then ship them the way a vendor would: Store-certified, code-signed, and run through my own security gauntlet.

flagship SLA Analyzer dashboard: fleet-wide findings sorted by time-to-breach, with KEV, owner and team

Explore the work

The case studies are the heart of this site: real problems I hit, the root cause, the engineering, and the proof — including the problems where no off-the-shelf answer existed and I had to invent one.

Beyond the flagship

Security tooling is where I go deepest — but I build across the whole stack, from a local-AI homelab to desktop tools. Same builder's instinct, different canvases.

local AI · homelab

An AI stack on my own metal

A self-hosted, all-AMD workstation (no CUDA): local LLMs at 100% GPU on ROCm, image generation, and MCP agents that drive Blender and Unreal directly. Getting there meant root-causing a bleeding-edge RDNA4 bug that had inference silently falling back to CPU — and fixing it.

Ollama · ROCm · LM Studio · gpt-oss / Qwen / Llama-vision · MCP

desktop tooling

Signet — a signing cockpit

A release-signing tool built as frameless, translucent "bubble" windows that dock to any screen edge; when the pipeline is ready, the final bubble runs a live signing ceremony that pauses, pulsing, for the physical YubiKey touch. A QThread step engine cleanly separates the automated steps from the human-in-the-loop ones.

Python · PySide6 / PyQt6 · QThread · Authenticode / YubiKey

Who I am

A developer with a vulnerability-management background and a builder's restlessness — happiest in a terminal, chasing a problem until the solution is simple and holds up.

I'm Elliot — a vulnerability-management analyst who kept hitting gaps no product filled, so I built the tools that would. I came up the formal way — a summa cum laude cyber degree, Security+, CEH — but I learn fastest by building, and I validate everything against the source instead of taking it on faith. I get genuinely obsessed with a hard problem: I'll rough out three approaches, throw two away, and keep refining until what's left is simple, honest, and holds up under its own edge cases. When nothing off the shelf fits, I don't wait for a vendor — I design and ship my own.

My mind runs constantly, and in parallel — pulled toward the unmapped, the unbuilt, the edge just past where the herd stops. What once read as an inability to hold a single thread turned out to be the capacity to hold many at once: I carry contingencies for scenarios that haven't happened yet, and a clear line to the outcome I'm steering toward.

How I work:

Where I'm strongest:

Underneath it all is a genuine love of the craft — the discovery, the learning, the building — which is why the work spills across security, local AI, and infrastructure alike. More on my background, certifications, and working principles on the about page.

Contact

Open to new roles in vulnerability management, security tooling, and security software engineering. Email is the best way to reach me, and I'm happy to give a live demo on request.