Security Researcher focused on AI and Cloud security, with recent work on AWS Bedrock and AgentCore, identity-centric attack paths, and automated threat detection.
- Mapping Every Privilege Escalation Path in AWS AgentCore
- The AWS Bedrock API Keys Security Guide Part 1: Risks, Vulnerabilities, and Attack Techniques
- The AWS Bedrock API Keys Security Guide Part 2: Detection, Prevention, and Response
- Bedrock's New API Keys: Convenience at a Hidden Security Cost
- Securing Your Amazon Bedrock Environments With Prowler
- CVE-2026-11931 - World-readable auth token in Kiro IDE (Medium, CVSS 6.8)
- bedrock-keys-security - security toolkit for AWS Bedrock API keys: scanning, key forensics, privilege-escalation analysis, and incident response
- RootedCON Madrid 2026: The Phantom of the Infrastructure: The Invisible Threat in Bedrock API Keys
- BSides Seattle 2026: The Phantom of the Infrastructure: Investigating the Hidden IAM Risks in Bedrock API Keys
- RootedCON Madrid 2025: Practical Threat Detection and Remediation in the Cloud
- Seasides India 2025: Open Source Multi-Cloud Security with Prowler: A Practitioner's Guide
- fwd:cloudsec NA 2024: Forged in Fire: Forging Multi-Cloud Open Source Swiss-Army Knife
- DEF CON Cloud Village 2022: Prowler Open Source Cloud Security: A Deep Dive Workshop
- BSides Las Vegas 2022: Prowler Open Source Cloud Security: A Deep Dive Workshop
- AWS Certified Solutions Architect – Professional
- AWS Certified Solutions Architect – Associate
- AWS Certified Security – Specialty
- AWS Authorized Instructor