About this blog
CyberWillow is a space for long-form technical writing on the things I find most compelling in cybersecurity — detection engineering, threat research, supply chain security, and the intersection of deep technical work with clear, deliberate thinking.
The name comes from the idea that good security, like a willow tree, needs deep roots and the flexibility to bend without breaking. Too many defenses are rigid. The ones that last are the ones that adapt.
About me
I'm a security engineer based in Minnesota with roughly six years of experience spanning threat detection, incident response, and cloud security. I'm currently a Concierge Security Engineer at Arctic Wolf, where I manage MDR services and work directly with organizations on threat detection and response. Previously, I spent several years at Securian Financial on their security team, focusing on threat detection, incident response, and nation-state threat work.
I'm most energized by the kind of work that lets me go deep — reverse engineering malware, building detections that actually hold up under adversary evasion, or mapping out privilege escalation paths that everyone else overlooked. Outside of those technical threads, I think about the human side of security: why analysts burn out, how philosophy informs good decision-making under pressure, and what sustainable operations actually look like.
Eagle Scout. I think the values stick.
Certifications & credentials
Projects
Research into supply chain attacks: ETW patching, APC injection, and credential harvesting techniques found in the wild.
A growing ruleset for detecting malicious npm packages — covering ETW patch patterns, process injection, and credential exfiltration.
Static analysis rules for detecting supply chain attack patterns in JavaScript packages before installation.
Custom SSG powering this blog — built to keep the publishing workflow simple and keep the output fast and dependency-free.
What I write about
Building detections that survive adversary evasion across SIEM, EDR, and cloud-native tooling.
Malware analysis and research into malicious packages across npm, PyPI, and open-source registries.
IAM misconfigurations, privilege escalation, and defensive architecture in AWS and multi-cloud environments.
Occasional writing on philosophy, mental models, and the human side of working in security.
Outside the terminal
I climb — bouldering mostly, some sport. It's the one activity that's genuinely hard to think about anything else while doing, which makes it good recovery from a job that's mostly in your head.
I play chess badly but persistently. I find Daoism and Stoicism more practically useful than most productivity frameworks — they're better models for operating under uncertainty, which is most of what security work is.
If you want to connect, the best way is LinkedIn or email. I'm always open to thoughtful conversation.