AI security and product security work, shown as proof.

AI Security EngineeringAI Security ReportLabor Market ResearchCybersecurity Hiring

The State of AI Security Engineering Report 2026

A flagship research report turning AI security job-market noise into evidence about roles, skills, control gaps, hiring signals, and the emerging AI security engineering discipline.

Designed and authored a flagship 2026 research report on AI security engineering, using a corpus of AI and security job descriptions, role analysis…

People

Ai Security Research Ai Security Engineering Ai Product Security Security Program Strategy

Services

AI Security LLC

Open case study

The AI Security Engineering Field Guide portrait cover

aisecurity.llc2026

AI SecurityField GuidePractitioner ToolsRapid Reference

The AI Security Engineering Field Guide

A compact, action-oriented field guide for AI security engineering practitioners working in fast-moving environments.

The AI Security Engineering Field Guide is a compact, action-oriented companion for practitioners who need direct guidance — not long-form referenc…

People

Ai Security Research Ai Product Security Security Operating Model

Services

aisecurity.llc

Open case study

AI Product Security in the Age of Mythos portfolio cover

AI Security LLC2026

SurfacePublic-safe

AI Product Security in the Age of Mythos

A practical AI product-security framework for agentic systems, governance evidence, excessive agency, RAG authorization, and continuous threat modeling.

Created a flagship AI product-security framework explaining how agentic AI changes the product-security operating model: inventory becomes the firs…

AI Product SecurityAgentic AI SecurityProduct SecurityApplication Security

People

Ai Product Security Agentic Ai Security Ai Governance Threat Modeling

Services

AI Security LLC

Open case study

Consulting projects

Client-facing and methodology work that can support advisory, assessment, and sales conversations.

9 projects

Browser-Native Trust Boundary Security Model portfolio cover

Confidential Browser Security Research2025–2026

Browser SecurityTrust BoundariesProduct SecurityWebView

Browser-Native Trust Boundary Security Model

A product-security research model for browser-native applications, extension bridges, native sidecars, privileged pages, postMessage flows, host-object exposure, persistence, credential surfaces, and governed automation boundaries.

Developed a browser-native trust-boundary security model from deep assessment work on desktop browser architectures, privileged internal pages, nat…

People

Browser Security Product Security Application Security Ai Product Security

Services

Confidential Browser Security Research

Open case study

Mandiant — Operation Aurora DFIR & FBI Cybercrime Training hero image

Mandiant (Google Cloud)2009–2011

DFIRIncident ResponseOperation AuroraNation-State Threats

Mandiant — Operation Aurora DFIR & FBI Cybercrime Training

DFIR response to Operation Aurora at Adobe and Google; criminal attribution for FBI wanted financial fraud cases; FBI cybercrime academy instruction.

Principal consultant at Mandiant during one of the most consequential periods in enterprise security history — deployed on Operation Aurora DFIR ef…

People

Alex Eisen

Services

AI Security Advisory AI Security Research Briefing AI Security Architecture Review

Mandiant (Google Cloud)

Open case study

Disney IAM SIEM Alert Debugging & Executive Dashboard hero image

DisneyCareer Role

Disney IAM SIEM Alert Debugging & Executive Dashboard

A Splunk-based IAM monitoring and executive reporting project across Disney access-control and identity systems for campuses and offices.

Delivered Splunk-focused IAM and SIEM work for Disney, debugging identity and access-control alerts, building a custom Splunk app, and creating exe…

DisneySplunkSIEMIAM

People

Siem Engineering Splunk Development Iam Security Security Analytics

Services

Disney

Open case study

UNUM LLM Attack Story & Detection Engineering hero image

UNUM2024–2025

UNUMAI SecurityDetection EngineeringLLM Attack Stories

UNUM LLM Attack Story & Detection Engineering

A paid consulting engagement using LLM-assisted attack trees, MITRE ATT&CK mapping, ServiceNow asset inventory, enterprise architecture context, synthetic logs, and Splunk SPL detections.

Delivered a two-month consulting engagement for UNUM that used LLM-assisted attack-tree and attack-story generation, MITRE ATT&CK mapping, ServiceN…

People

AI Security Architecture Review AI Security Advisory AI Security Research Briefing

Services

UNUM

Open case study

Forex trading platform2010

Caya Forex PCI DSS Level 3 Compliance

PCI DSS Level 3 scoping, gap analysis, and compliance program delivery for a forex trading and payment processing platform.

Delivered a PCI DSS Level 3 compliance engagement for Caya, a forex trading and payment processing platform. Work covered scoping, cardholder data…

CayaForexPCI DSSLevel 3

People

Pci Dss Compliance Security Program Buildout Risk Management Consulting

Services

Forex trading platform

Open case study

Performance advertising platform2011

TradaData.comSalesforceRainmaker

Trada — Data.com B2B Sales Contact Intelligence & ABM Rainmaker

3x Salesforce Data.com Rainmaker recognition for OSINT-driven B2B contact mining, normalization, and ABM outreach campaign delivery for a performance advertising platform.

Delivered B2B contact intelligence, OSINT-driven contact mining, and ABM outreach campaign execution for Trada, a performance advertising platform.…

People

Osint B2b Sales Contact Intelligence Account Based Marketing

Services

Performance advertising platform

Open case study

Cogstate2012

CogstateAustralian Defence ForceHealth TechnologyClinical Research

Cogstate Cognitive Measurement Delivery for the Australian Defence Force

Clinical and cognitive-assessment technology delivery for Australian Defence Force-linked workflows, emphasizing data integrity, privacy, workflow reliability, evidence, and customer trust.

Contributed to technology delivery in a Cogstate engagement on behalf of the Australian Defence Force, where cognitive-assessment and regulated hea…

People

Regulated Systems Health Data Technology Enterprise Technology Delivery Security Control Evidence

Services

Cogstate

Open case study

Pathwwway iGaming2017

PathwwwayISO 27001ISMSAudit

Pathwwway ISO 27001 Audit & Management Consulting

ISO 27001 information security management system audit, gap analysis, and management consulting for a regulated iGaming platform.

Delivered ISO 27001 information security management system (ISMS) audit and management consulting for Pathwwway, a regulated iGaming platform. Work…

People

Iso 27001 Isms Audit Gap Analysis Management Consulting

Services

Pathwwway iGaming

Open case study

NIST NICE Cyber Workforce Research Program hero image

Sapient Search Group2024–2026

NIST NICE Cyber WorkforceSapient Search GroupAI RecruitingATS Platform

NIST NICE Cyber Workforce Research Program

A cyber-workforce research program featured at RSA Conference, bSides NYC, and Infosecurity Europe, translated into a talent-intelligence and ATS workflow layer.

Developed a NIST NICE Cyber Workforce research program focused on role language, workforce taxonomy, and cyber-workforce signal extraction, then tr…

People

AI Security Architecture Review AI Security Advisory

Services

Sapient Search Group

Open case study

Key FTE projects

Conservative public-safe summaries of prior operating work.

10 projects

Splunk Product Security Program Buildout hero image

Splunk2013–2014

Product SecuritySecure SDLCProgram BuildoutEnterprise SaaS

Splunk Product Security Program Buildout

Building a scalable, evidence-driven product security function for a global enterprise software platform.

Partnered with Splunk to build and scale the product security program, strengthen secure development practices, and create the evidence, process, a…

People

Product Security Security Program Buildout Secure Sdlc Threat Modeling

Services

Splunk

Open case study

Splunk2015

Product SecurityApplication SecurityMarketplace SecuritySecure SDLC

Splunkbase App Certification Program

Turning a sprawling marketplace security problem into a repeatable app certification, review, and trust program.

Led the security architecture, verification, and delivery model behind Splunkbase App Certification, transforming inconsistent security review acro…

People

Product Security Application Security Secure Sdlc Marketplace Security

Services

Splunk

Open case study

Forescout Smart IoT Security Lab hero image

Forescout2016–2017

IoT SecurityICS/SCADAOT SecurityRobotics Security

Forescout Smart IoT Security Lab

Established and directed a live Smart IoT Building security research lab spanning robotics, HVAC, ICS/SCADA, and SOC-style command center operations.

Built and directed Forescout's Smart IoT Building security research lab — a live, instrumented environment designed to surface real-world attack pa…

People

Alex Eisen

Services

Product Security OT / ICS Security Review AI Security Research Briefing

Forescout

Open case study

Forescout2017–2018

ForescoutRapid ResponseProduct SecuritySecurity Research

Forescout Rapid Response Program

A security response operating model for urgent product, customer, vulnerability, and research-driven risk events in enterprise device-security environments.

Contributed to Forescout rapid response work by helping coordinate security research, product risk triage, technical validation, customer-impact an…

People

Product Security Security Research Vulnerability Response Rapid Response

Services

Forescout

Open case study

ServiceNow Principal Security Research Program hero image

ServiceNow2022–2025

Security ResearchAI RiskProduct SecurityAppSec

ServiceNow Principal Security Research Program

Advanced security research across ProdSec, AppSec, AI risk management, and AI voice threat modeling at enterprise SaaS scale.

Led advanced security research across product security, application security, and AI risk management at ServiceNow — one of the most widely deploye…

People

Alex Eisen

Services

Product Security Ai Security Research AI Security Architecture Review

ServiceNow

Open case study

Cornerstone FedRAMP Moderate ATO Security Controls hero image

Cornerstone OnDemand2015–2016

Cornerstone OnDemandFedRAMPFedRAMP ModerateATO

Cornerstone FedRAMP Moderate ATO Security Controls

A control-architecture and evidence-readiness effort translating FedRAMP Moderate requirements into policy, standards, technical controls, operational procedures, and audit-ready proof.

Supported Cornerstone's FedRAMP Moderate authorization effort by helping turn formal control requirements into security policies, standards, guidel…

People

Fedramp Readiness Cloud Security Product Security Security Architecture

Services

Cornerstone OnDemand

Open case study

Syntryx OSINT Platform Product Buildout hero image

Syntryx2006–2010

SyntryxOSINTOpen-Source IntelligenceProduct Leadership

Syntryx OSINT Platform Product Buildout

Leading product and engineering for a 2B-page open-source intelligence platform using high-throughput crawling, PostgreSQL-scale ingest, ML, NLP, clustering, search analytics, and graph visualization.

Led product and engineering for Syntryx, an open-source intelligence platform for multi-channel web and behavioral data, managing an 11-person team…

People

Product Leadership Data Platforms Machine Learning Osint Platforms

Services

Syntryx

Open case study

Cendant / Orbitz Affiliate Growth & ML Multileg Itinerary Generation hero image

Cendant / Orbitz2005

CendantOrbitzGTA Gullivers Travel AssociatesAffiliate Marketing

Cendant / Orbitz Affiliate Growth & ML Multileg Itinerary Generation

A technical marketing and machine-learning project generating high-value niche multileg flight itineraries to support affiliate growth, search demand capture, and travel-content expansion.

Supported affiliate-program growth and technical marketing by developing or contributing to machine-learning and data-driven methods for generating…

People

Technical Marketing Machine Learning Data Driven Growth Programmatic Content

Services

Cendant / Orbitz

Open case study

Cendant / Orbitz2006

CendantOrbitzGTA Gullivers Travel AssociatesTravel Technology

Cendant / Orbitz Geographic Waypoint & GDS Cleanup

A travel-data quality project cleaning geographic waypoints, inventory metadata, and GDS-linked destination structures to improve search, booking, routing, and content reliability.

Contributed to geographic waypoint, destination inventory, and GDS cleanup work in a travel-technology environment, improving the structure, accura…

People

Data Normalization Schema Cleanup Technical Marketing Search Optimization

Services

Cendant / Orbitz

Open case study

Pathwwway iGaming2017

PathwwwayiGamingDeputy Head of TechnologyTechnology Leadership

Pathwwway iGaming Deputy Head of Technology

Technology leadership for an iGaming platform, spanning delivery ownership, platform operations, engineering coordination, regulated gaming constraints, data workflows, and security-aware execution.

Served in a Deputy Head of Technology capacity for a Pathwwway iGaming engagement before Forescout, helping guide technology delivery, platform ope…

People

Technology Leadership Platform Architecture Enterprise Technology Delivery Regulated Systems

Services

Pathwwway iGaming

Open case study

Reports and assessments

Research, assessment, and proof artifacts that translate technical work into reusable evidence.

10 projects

DuckDuckGo Browser Security Assessment hero image

DuckDuckGo2026

Product SecurityBrowser SecurityDesktop SecurityWebView2

DuckDuckGo Browser Security Assessment

A product-security assessment of browser trust boundaries, privileged page handling, native bridge exposure, and persistence pathways.

Conducted a deep product-security assessment of DuckDuckGo desktop browser architecture, focusing on WebView2 trust boundaries, duck:// privileged…

People

Product Security Ai Product Security Browser Security Desktop Application Security

Services

DuckDuckGo

Open case study

Forescout Device Cloud Elastic/Kibana Analytics Platform hero image

Forescout2019–2020

ForescoutDevice CloudElasticKibana

Forescout Device Cloud Elastic/Kibana Analytics Platform

Large-scale connected-device analytics using Forescout Device Cloud, Elastic, Kibana, and security-research workflows to turn millions of device records into report-ready security evidence.

Built and executed Elastic/Kibana-style analytics workflows over Forescout Device Cloud data to support security research, sector-specific report f…

People

Security Research Data Analysis Security Analytics Device Security

Services

Forescout

Open case study

Forescout2019–2021

ForescoutConnected Medical DevicesHealthcare SecurityIoMT

Forescout Connected Medical Device Security Report

Device Cloud research on connected medical-device segmentation, insecure protocols, default credentials, legacy systems, and clinical-network exposure.

Contributed to Forescout connected medical-device research using Device Cloud analytics to examine segmentation failures, insecure protocols, defau…

People

Security Research Healthcare Security Iomt Security Iot Security

Services

Forescout

Open case study

Forescout2020

ForescoutEnterprise of ThingsState of IoT Security 2020Device Cloud

Forescout Enterprise of Things Security Report 2020

Device Cloud research identifying the riskiest IoT devices across financial services, government, healthcare, manufacturing, and retail.

Contributed to Forescout's Enterprise of Things Security Report research, using Device Cloud analytics and Elastic/Kibana-style workflows to help i…

People

Security Research Iot Security Device Security Data Analysis

Services

Forescout

Open case study

Forescout2020

ForescoutBanking on SecurityFinancial Services SecurityDevice Cloud

Forescout Banking on Security Financial Services Research

Device Cloud research on financial-services device risk, flat networks, IoT/OT proximity, POS exposure, Windows lifecycle risk, and segmentation gaps.

Contributed to Forescout's Banking on Security financial-services research, using Device Cloud analytics and Elastic/Kibana-style workflows to help…

People

Security Research Financial Services Security Iot Security Ot Security

Services

Forescout

Open case study

Forescout2019–2020

ForescoutOperational TechnologyOT SecurityIndustrial IoT

Forescout Operational Technology Security Research

Device Cloud and research-backed analysis of OT, IoT, industrial, unmanaged, and cyber-physical systems as enterprise attack surfaces.

Contributed to Forescout operational-technology and Enterprise-of-Things research by using Device Cloud analytics and Elastic/Kibana-style workflow…

People

Security Research Ot Security Iot Security Device Security

Services

Forescout

Open case study

ForescoutCareer Role

ForescoutDTENWIREDOffensive Security Research

Forescout DTEN / WIRED-Featured Offensive Security Research

Offensive security research into connected-device risk, enterprise exposure, and real-world exploitability, later featured in WIRED coverage.

Contributed to offensive security research involving DTEN and connected-device risk, helping expose how enterprise collaboration and IoT-style devi…

People

Security Research Offensive Security Product Security Iot Security

Services

Forescout

Open case study

Devo Security Research & Conference Program hero image

Devo2022–2023

DevoSecurity ResearchConference ResearchRSA

Devo Security Research & Conference Program

A public security research program turning SIEM deployment analysis, cloud detection patterns, architecture innovation, and SOC maturity findings into RSA, Infosecurity Europe, and CloudNativeSecurityCon-ready narratives.

Developed and contributed to Devo security research that converted customer deployment analysis, SIEM maturity patterns, detection taxonomy work, c…

People

David Wolf Joshua Smith

Services

Security Research Conference Speaking Detection Engineering Cloud Security

Devo

Open case study

Devo2022–2023

DevoSIEMCloud SIEMReference Architecture

Devo SIEM Reference Architecture, Taxonomy & Detection Validation

Architecture innovation work redesigning SIEM reference architectures, standardizing detection taxonomy, validating Exchange content, and turning hundreds of enterprise deployments into maturity patterns.

Led and contributed to Devo architecture innovation work focused on SIEM reference architectures, detection taxonomy, Exchange-content validation,…

People

Detection Engineering Cloud Security Siem Modernization Security Analytics

Services

Devo

Open case study

Mapping Motives: Analysis of 2,000 Enterprise Cloud Detections hero image

Devo2023