Self-taught developer. I design, build, secure, and ship vulnerability-management software solo — and when the tool I need doesn't exist, I build it, then run my own releases through the same security gauntlet I'd expect from a vendor.
A developer with a vulnerability-management background and a builder's restlessness — happiest in a terminal, chasing a problem until the solution is simple and holds up.
I'm Elliot — a vulnerability-management analyst who kept hitting gaps no product filled, so I built the tools that would. I'm most at home in a terminal; it's where I think fastest, and nearly everything on this site began as a late-night shell session and a problem I couldn't put down.
What drives me is the problem itself. I get genuinely obsessed with a good one — I'll turn it over for days, rough out three approaches, throw two away, and keep refining until what's left is simple, honest, and holds up under its own edge cases. When nothing off the shelf fits, I don't wait for a vendor to solve it; I design and ship my own.
Where I'm strongest:
Under all of it is a real love of the craft — the discovery, the learning, the building. Cybersecurity is the field that pays that curiosity back best: there's always a deeper layer to understand, a sharper question to ask, something worth defending better than it was yesterday. That's why I'm in it for the long haul, and why I keep building even when no one has asked me to.
More on my background, certifications, and working principles on the about page.
One product, taken end-to-end from raw idea to a signed, Store-certified release, plus the companion toolchain and the security evidence around it. Every tile below maps to a problem solved or a bar met — and to a real artifact on request.
The case studies are the heart of this site: real problems I hit, the root cause, the engineering, and the proof — including the problems where no off-the-shelf answer existed and I had to invent one.
A Windows desktop app for VM teams: which findings are about to breach SLA, who owns the assets, and what got done about it. Store-certified, IV code-signed.
read more →Five problems, written the way I hit them: millions of findings on one desktop, ownership routing, zero-day exposure answers in seconds, the attack surface nobody scans, and letting operators customize ticket fields without handing them an injection vector.
read more →A self-built compliance gauntlet with pass/fail criteria and evidence artifacts, plus RFC 6962 Merkle logs, DSSE/in-toto provenance, and a real disclosure policy.
read more →The remediation pipeline and test infrastructure around the analyzer: idempotent ticketing, an encrypted dispatch layer, and a full mock-ServiceNow environment.
read more →Open to new roles in vulnerability management, security tooling, and security software engineering. Email is the best way to reach me, and I'm happy to give a live demo on request.