My name is Ryan. I like solving problems and breaking things.
My current focus is AI security from both sides.
Building and governing it: At work, my team governs enterprise AI usage through a managed gateway with RBAC-controlled MCP connections, tool-call observability, and allow-listed skills. I recently shipped an agentic AI security bot (Python, Claude on Bedrock) that triages cloud security findings and opens remediation PRs, wrapped in a custom harness I built to enforce scoped tool access, call limits, and human escalation. I've also written my own MCP server to extend an LLM into an environment it couldn't natively reach β real-time Xcode build errors and console output, exposed to Cursor over MCP.
My working philosophy:
You don't bring AI into your world. You give parts of your world to AI in its own world.
Breaking it: I'm taking the AI Red Teamer path on Hack The Box and run security assessments against local OSS models like jailbreaking, prompt injection, and bypassing security controls using:
- Ollama β runs models locally
- Garak β vulnerability scanner for LLMs
- PyRIT β automated testing of AI security risks
I currently work at dbt Labs as a Senior Product Security Engineer. I collaborate with engineering and business stakeholders at the design and implementation phases of feature development, ensuring we shift left and think about security from the start. I help lead incident response practices to lower mean time to acknowledge and resolve, build security tooling, harden IAM, and respond to Wiz and Expel alerts. There's always something new to do.
Daily production tools:
I've spent nearly ten years building distributed systems in the public clouds and I'm always the security champion, whether in DevOps, SRE, or development. Now I do security full-time, and I'm loving it.
Talks I've given:
- Walk Through of the OWASP Top 10 (June 2021 β Cincinnati OWASP Chapter Meetup)
- Telepresence for Operations Teams (2021 β Devhouse Virtual Conference)
- Maximum Scylla Cluster Uptime with Ansible (Free On-Demand) (Scylla Summit β February 2023)
- Kubernetes Troubleshooting (Internal Engineering Training β August 2022)
- Docker Deep Dive and What It Means for Cloud-Native (April 2019 β Cincinnati Cloud Native Meetup)
π« Best way to reach me: email
π Pronouns: he/him



