Under Construction
If you’re reading this, the migration is underway. The old site is gone and this one is being rebuilt from scratch on a new stack. Content, design, and features will be rolling out over the coming weeks.
In the meantime, the resume is up and the lights are on. More to come.
Below are some code samples to test syntax highlighting.
Python
from dataclasses import dataclassfrom typing import Optional
@dataclassclass Finding: severity: str description: str cwe: Optional[int] = None
def is_critical(self) -> bool: return self.severity in ("critical", "high")
findings = [ Finding("critical", "SQL injection in login handler", cwe=89), Finding("low", "Missing rate limiting on /api/health"),]
for f in findings: if f.is_critical(): print(f"[!] {f.description} (CWE-{f.cwe})")Go
package main
import ( "fmt" "net/http" "time")
func authMiddleware(next http.Handler) http.Handler { return http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) { token := r.Header.Get("Authorization") if token == "" { http.Error(w, "unauthorized", http.StatusUnauthorized) return } next.ServeHTTP(w, r) })}
func main() { mux := http.NewServeMux() mux.HandleFunc("/healthz", func(w http.ResponseWriter, r *http.Request) { fmt.Fprintf(w, "ok at %s", time.Now().Format(time.RFC3339)) })
srv := &http.Server{ Addr: ":8080", Handler: authMiddleware(mux), ReadTimeout: 5 * time.Second, WriteTimeout: 10 * time.Second, } srv.ListenAndServe()}Rust
use std::collections::HashMap;
#[derive(Debug)]struct ScanResult { target: String, findings: Vec<String>,}
fn scan_targets(targets: &[&str]) -> Vec<ScanResult> { targets .iter() .map(|t| ScanResult { target: t.to_string(), findings: run_checks(t), }) .filter(|r| !r.findings.is_empty()) .collect()}
fn run_checks(target: &str) -> Vec<String> { let mut results = Vec::new(); if !target.starts_with("https://") { results.push("TLS not enforced".into()); } results}Bash
#!/usr/bin/env bashset -euo pipefail
REPO_ROOT="$(git rev-parse --show-toplevel)"SCAN_DIR="${1:-$REPO_ROOT}"
echo "[*] Scanning $SCAN_DIR for secrets..."
if ! command -v gitleaks &>/dev/null; then echo "[!] gitleaks not installed" >&2 exit 1fi
gitleaks detect \ --source="$SCAN_DIR" \ --report-format=json \ --report-path="$REPO_ROOT/gitleaks-report.json" \ --verbose
FINDINGS=$(jq length "$REPO_ROOT/gitleaks-report.json")echo "[*] Found $FINDINGS potential secrets"YAML
name: Security Scanon: pull_request: branches: [main]
jobs: gitleaks: runs-on: ubuntu-latest permissions: contents: read steps: - uses: actions/checkout@v4 with: fetch-depth: 0
- uses: gitleaks/gitleaks-action@v2 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}Terraform
resource "aws_wafv2_web_acl" "api_protection" { name = "api-waf" scope = "REGIONAL"
default_action { allow {} }
rule { name = "rate-limit" priority = 1
action { block {} }
statement { rate_based_statement { limit = 2000 aggregate_key_type = "IP" } }
visibility_config { sampled_requests_enabled = true cloudwatch_metrics_enabled = true metric_name = "api-rate-limit" } }
visibility_config { sampled_requests_enabled = true cloudwatch_metrics_enabled = true metric_name = "api-waf" }}TypeScript
interface SecurityHeader { name: string; value: string; required: boolean;}
const SECURITY_HEADERS: SecurityHeader[] = [ { name: "Strict-Transport-Security", value: "max-age=31536000; includeSubDomains", required: true }, { name: "X-Content-Type-Options", value: "nosniff", required: true }, { name: "X-Frame-Options", value: "DENY", required: true }, { name: "Content-Security-Policy", value: "default-src 'self'", required: false },];
function audit(headers: Record<string, string>): string[] { return SECURITY_HEADERS .filter((h) => h.required && !headers[h.name.toLowerCase()]) .map((h) => `Missing required header: ${h.name}`);}