Systems

What I built

Systems built where commercial tools were costly, fragmented, or blind to risk specific to the company. Each write-up is the problem, the design, the decisions and their trade-offs, the running cost, and what I would change — architecture and reasoning only, no internal identifiers.

01 Cerberos A four-scanner cloud-posture suite, one scanner per attack surface. 4 services · AWS + Kubernetes · OpenSearch + ticketing 02 IAMGuru Multi-cloud IAM analysis: privilege-escalation paths, blast radius, cross-cloud trust. AWS + GCP · attack-path engine · ~$8/month to run 03 Pentagon A unified findings warehouse with bounded AI agents for triage and compliance. 6+ scanners · one taxonomy · agents under human review 04 Watchman AI-enriched SOC: raw EDR/WAF alerts become attributed, actionable assessments — with a human in the thread. real-time · Claude · confidence-gated, human-reviewed 05 JIT Access Slack-native just-in-time AWS access — request, approve in-channel, bounded session, auto-revoked at expiry. ECS + DynamoDB · Slack Socket Mode · no standing elevation

The thread between them — why build instead of buy, how cost shapes the design, and why the AI is kept on a short leash — is the approach.