Making security measurable, AI trustworthy, and risk defensible.
I work at the intersection of data science, AI, and cybersecurity, applying statistical modeling, Bayesian inference, and machine learning to problems that are often treated as unmeasurable. From quantifying cyber risk with FAIR to securing LLM systems to building validation frameworks for AI decision support.
Writing
View all on Medium →What Question Are We Actually Answering?
Before trusting any output — from a model, a tool, or a team — ask what question the evidence actually answers, and whether that question is the one you need answered.
Between Black Swans and Bell Curves
Why the CRQ community needs a better map of what models can and cannot do. Taleb's taxonomy, gray swans, and honest uncertainty.
Decision Science AI Agents
What happens when you hand risk decisions to LLMs — and what validation looks like when the stakes are real.
In Cybersecurity Risk, You Don't Need More Data — You Need Bayesian Thinking
Encoding expert beliefs, updating with evidence, and why prior distributions are not guessing.
Security Through the Lens of Statistical Distributions
Normal, Poisson, Beta — the distributions that actually matter for security decisions, and why averages lie.
Power Analysis in Cybersecurity Risk Quantification
How much data do you actually need? When to trust your sample and when to keep collecting.