Steven Foerster

About

I build security-critical systems where failure is expensive.

I'm a CTO and founder who builds security-critical systems with a product mindset. I work hands-on in code and architecture to make infrastructure resilient, scalable, and automatable.

  • Design system primitives for identity, networking, and multi-tenant boundaries.
  • Automate deployment, telemetry, and integrity checks to reduce drift.
  • Build crypto-aware tooling that respects real-world UX constraints.
  • Harden platforms so reliability holds under production pressure.

My work lives at the intersection of security, infrastructure, and automation. I start with operational reality: how identity, access, deployment, and observability actually run. Then I productize the parts that keep teams fast without compromising safety.

Through Stormblest, I build open-source tools like Mistborn (a zero-trust collaboration platform on Debian + WireGuard) and a Headscale + Traefik FIPS bundle. Earlier roles covered binary analysis automation, CNO tooling, and large-scale cyber ranges at REDLattice, ManTech CARD, and Lockheed Martin ATL.

This site reflects independent technical work, experimentation, and writing. It does not offer compliance audits, assessments, or consulting services.

What I do

  • Turn complex security and infrastructure demands into shippable products.
  • Automate deployment pipelines, telemetry workflows, and integrity checks.
  • Design identity and access patterns that scale with real-world operations.
  • Build reliable CI/CD and configuration automation with safe rollback paths.
  • Engineer observability and SIEM pipelines for high-volume environments.
  • Document architecture patterns and operational decision-making lessons.

A few concrete examples

  • Reduced GovCon Enclave deployments from about two weeks to roughly two hours through automation and standardization.
  • Scaled the enclave model to 50+ isolated environments with repeatable controls and automation workflows.
  • Built and operated a Kubernetes-based Wazuh SIEM processing 200k+ events per day with automated enrichment and alerting.
  • Open-sourced Mistborn, a zero-trust collaboration platform on Debian + WireGuard, plus a Headscale + Traefik FIPS bundle.
  • Led the GovCon Enclave platform through a third-party certification effort in 2025.

Background

Education

  • M.S. Computer Science, Georgia Tech
  • B.S. Electrical Engineering, BYU

Selected credentials

  • CISSP (valid through Sep 2027)
  • OSCP, OSWP, eCXD
  • Former TS/SCI (2010–2023; last held Jan 2021)

Focus areas

  • Linux systems and automation
  • Secure networking and identity
  • Distributed systems and CI/CD
  • Applied security and detection

If you're building something security-sensitive or operationally complex, I'm open to a thoughtful conversation.

Contact Steven