Application · Cloud · AI Security · Chicago, IL

Application. Cloud. AI Security.
Security & Thought Leader.

12 years leading enterprise application, cloud, and AI security programs.Application, Cloud and AI Security at The Aspen Group.
MBA · OSCE · OSCP · OSWP

Read my thinkingBook me to speak
DEF CON SpeakerThotcon SpeakerBSides ChicagoGDG ChicagoFederal Expert Witness
Scroll
12+Years in Security
400+Professionals Trained
OSCE | OSCP | OSWPCertified
DEF CONSpeaker
ThotconSpeaker
BSides ChicagoSpeaker
GDG ChicagoGoogle Developer Group
AppSec & Cloud Security@ The Aspen Group
5Business Units Secured
CRTO | CREST CRTCertified
IIT · Lewis · DePaulGuest Lecturer
Federal CourtsExpert Witness
NISS & HackersDayConference Founder
12+Years in Security
400+Professionals Trained
OSCE | OSCP | OSWPCertified
DEF CONSpeaker
ThotconSpeaker
BSides ChicagoSpeaker
GDG ChicagoGoogle Developer Group
AppSec & Cloud Security@ The Aspen Group
5Business Units Secured
CRTO | CREST CRTCertified
IIT · Lewis · DePaulGuest Lecturer
Federal CourtsExpert Witness
NISS & HackersDayConference Founder

About

Building security from the inside out.

I operate across application security, cloud infrastructure, and AI systems, thinking like an attacker to lead programs that hold under real-world pressure.

At The Aspen Group I own both the AppSec and cloud security programs across 5 business units. My work spans the full stack: secure architecture, cloud posture, identity risk, developer security enablement, and red team validation.

My current research focuses on cryptographic provenance chains for LLM and agent pipelines, building trust anchors in a world where the boundary between code and data is dissolving.

Application Security

Secure SDLC · OWASP · Threat Modeling · Code Review

Cloud Security

CSPM · CIEM · Cloud-Native Architecture · Multi-Cloud Posture

Offensive Security

Red Team · Penetration Testing · OSCE · OSCP · OSWP

AI / LLM Security

Agent Pipelines · Prompt Injection · Cryptographic Provenance

Currently Researching

Cryptographic provenance chains for LLM & agent pipelines

Oct 2023 – Present

Application & Cloud Security

The Aspen Group

Owning application, cloud, and AI security programs across 5 business units: secure SDLC, architecture reviews, cloud posture management, threat modeling, and red team operations.

5 Years

Senior Security Engineer & Lead Instructor

Evolve Security

Led offensive security engagements and trained 400+ security professionals in hands-on penetration testing methodologies.

Ongoing

Guest Lecturer

IIT · Lewis University · DePaul

Delivering applied security curriculum covering OWASP, cloud-native security, adversarial ML, and applied cryptography.

Founder

Conference Organizer

NISS & HackersDay

Founded and organized two security conferences bringing together practitioners, researchers, and enterprise security leaders.

Active

Expert Witness

Federal & Civil Courts

Retained as expert witness in federal and civil proceedings on matters involving digital forensics and cybersecurity.

2024

MBA

Westcliff University

Bridging technical depth with business strategy to lead security programs at the executive level.

Certifications

Industry-recognized credentials across offensive security and enterprise risk

OSCE
OSCP
OSWP
CRTO
CREST CRT
CHFI
CEH
Security+
OSCE
OSCP
OSWP
CRTO
CREST CRT
CHFI
CEH
Security+

Speaking

Where ideas meet the field.

From DEF CON main stage to university lecture halls, I translate deep technical complexity into insights that move security programs forward.

Application Security ArchitectureCloud Security & PostureRed Team OperationsLLM & Agent Pipeline SecuritySecurity Program LeadershipAdversarial AIEnterprise Threat ModelingOffensive Security Tradecraft
Book Ramandeep to Speak
DEF CONConference Talk

Offensive Security Operations at Scale

2023

ThotconConference Talk

Breaking Application Trust Chains

2022

BSides ChicagoConference Talk

Red Team Tradecraft for the Modern Enterprise

2023

GDG ChicagoConference Talk

Securing AI-Powered Applications & Agent Pipelines

2025

IIT ChicagoAcademic

Applied Penetration Testing

Guest Lecture

Lewis UniversityAcademic

Adversarial ML & LLM Security

Guest Lecture

DePaul UniversityAcademic

Enterprise AppSec & Cloud Security Programs

Guest Lecture

Writing

Field notes from 12 years in the trenches.

All posts
LLM SecurityCryptography

Cryptographic Provenance for LLM Agent Pipelines

As LLMs become first-class participants in enterprise workflows, the attack surface shifts from code to context. Here's how cryptographic provenance chains can anchor trust in agentic systems.

4 min read
Read more
AppSecRed Team

Why Your AppSec Program Needs a Red Team Mindset - Not Red Team Tools

Buying a DAST scanner and scheduling quarterly pentests is not an AppSec program. It's an audit exercise. The gap between the two is where breaches happen.

4 min read
Read more
AppSecEnterprise Security

Running AppSec Across 5 Business Units: What Actually Works

Scaling application security across multiple business units with different stacks, cultures, and risk appetites isn't a tooling problem. It's an organizational design problem.

4 min read
Read more

Get in touch

Let's work
together.

Whether you need a keynote speaker, an AppSec advisor, or an expert witness. I'd like to hear from you.

Schedule a call

Prefer to pick a time directly? Use the calendar below.

Open Calendly
LinkedInGitHub