How I work.

This page gives Upwork visitors context about how I work without off-platform solicitation. If you found this through an Upwork profile, the best place to engage is there.

What I work on

Application security, AI security, web application assessments, external exposure reviews, cloud security (Azure, AWS, M365), identity and access management, vulnerability triage and remediation planning, penetration testing support, and security communication for technical and non-technical stakeholders.

How I work

I start by understanding the system: what exists, who owns it, and what realistic risk looks like. I focus on what is actually exploitable in the specific environment. I build fixes that engineering teams can act on, and I write findings that the person responsible can understand without a translation meeting.

Public examples

Boundary note

This portfolio excludes employer data, client data, internal screenshots, private dashboards, exact environment counts, and NDA-protected details. I use mock data, generalized patterns, and public-safe tools so the work is inspectable without crossing trust boundaries.