About
Where curiosity meets code
I'm a security-focused builder who learns by making, breaking, and documenting systems in public.
The one you call when the principal engineers say it's impossible.
Origin story
I got pulled into security and systems engineering by practical problems: networks that failed at the worst moment, deployments that took forever, and tooling that was powerful but painful. The more I worked on those problems, the more I liked the mix of deep technical detail and real-world consequences.
My path wasn't direct. I started in signal processing and neural networks at Lockheed Martin, building sonar feature extraction algorithms and simulating massive cyber ranges. The research was interesting, but I wanted to build things that shipped: systems that real people depended on.
That led me to offensive security tooling, then to platform engineering, then to building my own products. Each step taught me something the previous one couldn't: research taught rigor, offense taught empathy for attackers, platforms taught operational reality, products taught the cost of complexity.
These days I build automated platforms that scale without adding headcount. One of them, GovCon Enclave, grew from an internal platform into the core IP behind Rimstorm's acquisition. The thread through all of it: I like understanding how systems actually work, not just how they're supposed to work.
Philosophy
Learn in public
Sharing work-in-progress invites correction earlier, which is usually cheaper than confident silence. I write about things I'm figuring out, not just things I've mastered. The mistakes are part of the record.
Build for operators
If the person on call can't reason about it at 2 AM, it's not done. I optimize for debuggability over cleverness. The best security controls are the ones people actually use because they're not painful.
Failure is data
Mistakes are expensive only when you hide them. I write postmortems for my own projects, even when no one's watching. The pattern recognition from documented failures is worth more than the ego protection of forgetting them.
The workshop
My actual setup, not an aspirational one.
Environment
- Pop!_OS on a System76 Bonobo WS. Plenty of RAM and cores for VMs
- Vim + tmux for most editing; VS Code when I need visual debugging
- GitLab for everything: repos, CI/CD, issue tracking
Lab
- KVM/QEMU with virt-manager: the native Linux choice
- Isolated VLANs for malware analysis and exploit development practice
Workflow
- Hypothesis → prototype → break it → write down what failed → repeat
- Heavy use of Ansible for anything I might do twice
- Notebook-driven debugging: timestamped logs of what I tried and why
Debugging
- strace and ltrace before reaching for a debugger
- tcpdump/Wireshark for anything network-related, even when I think I know the answer
- git bisect for regressions; printf debugging when I'm impatient
Non-technical interests
The stuff that isn't on a resume but shapes how I think.
Family
Married with three small kids. Most of my free time is hikes through Manassas Battlefield, cushion forts, Dr. Seuss, Star Wars, and hide-and-seek. We speak Portuguese at home; my wife is from Brazil.
Languages
I speak Imerina Malagasy from my LDS mission in Madagascar. In 2008 I interpreted English to Malagasy for a live conference broadcast.
Running
7 marathons finished. Member of the Marine Corps Marathon Runners Club.
Other pursuits
Eagle Scout. Motorcycle enthusiast: Honda Shadow Spirit VT1100C.
NAME
steven - chief architect and platform builder
SYNOPSIS
steven [--security] [--automation] [--scale] [--leadership]
DESCRIPTION
Chief Architect at BOOST, a Brydon Group company. Creator of GovCon Enclave, the platform behind Rimstorm's Dec 2025 CMMC Level 2 certification and 2026 acquisition. Founder of Stormblest. Builds automated platforms for cybersecurity and infrastructure.
OPTIONS
--security
Architecture that thinks like an attacker. CISSP + eCXD + OSCP.
--automation
2-hour deploys, not 2-week projects. Infrastructure-as-code.
--scale
50+ environments from one codebase. Customers self-serve.
--leadership
Lead from the front. Share the wins, own the losses. Mistakes are tuition, surprises are debt. Speak up early and we'll figure it out.
SEE ALSO
Credentials
Education
M.S. Computer Science
Georgia Institute of Technology
B.S. Electrical Engineering
Brigham Young University
Security certifications
CISSP
Certified Information Systems Security Professional
Broad security management certification covering 8 domains.
Valid through Sep 2027
eCXD
eLearnSecurity Certified eXploit Developer
Advanced exploit development on 32-bit and 64-bit Windows and Linux: bypassing DEP/NX, ASLR, SafeSEH, Stack Canaries.
OSCP
Offensive Security Certified Professional
Hands-on penetration testing under time constraints.
OSWP
Offensive Security Wireless Professional
Wireless network security assessment and exploitation.
Clearance
Former TS/SCI (2010–2023)
Amateur radio
Amateur Extra: KW4TD
Selected open-source contributions
Android port of ntru_endian.h in a post-quantum
NTRU cryptography implementation.
Three merged PRs: WireGuard IPv6 leak fix, DNS-over-HTTPS via cloudflared, upstream DNS hardening.
Archive-unpack bugfix for non-zip sources in the Python-to-APK build pipeline.
Non-interactive installer support for scripted Raspberry Pi access point deployments.
Work history 15+ years
boost-a-brydon-group-company BOOST, a Brydon Group company | bash 2026 – Present
$ cat boost.log
Chief Architect, Secure Enclave Platform
Remote (Northern Virginia)
- Named Chief Architect for the Secure Enclave Platform following BOOST LLC's acquisition of Rimstorm
- Architecting next-generation platform-scale delivery of secure enclave environments
- Leading secure platform architecture across the BOOST portfolio
rimstorm-inc-acquired-by-boost-llc-2026 Rimstorm, Inc. (acquired by BOOST LLC, 2026) | bash 2021 – 2026
$ cat rimstorm.log
Chief Technology Officer
Herndon, VA
- Created GovCon Enclave from concept through acquisition, building the security platform for protecting CUI that became part of the BOOST portfolio
- Led GovCon Enclave through its first successful independent C3PAO assessment for CMMC Level 2 (Dec 2025)
- Built automation framework reducing enclave deployment from 2 weeks to 2 hours
- Scaled to 50+ production enclaves supporting hundreds of users
stormblest Stormblest | bash 2019 – Present
$ ./mistborn --status
Founder / Principal Engineer
- Created Mistborn: open-source zero-trust networking platform
- Built on Debian + WireGuard with Nextcloud, Jitsi, Vaultwarden
- Designed reproducible deployments for non-specialist admins
redlattice REDLattice | bash 2018 – 2021
$ strings redlattice.bin
Senior Software Engineer
Chantilly, VA
- Built binary analysis and automation pipelines for advanced cyber operations
- Designed and built advanced testing harnesses for virtual and physical hardware
mantech-card ManTech CARD | bash 2015 – 2018
$ ansible-playbook deploy.yml
Principal CNO Software Engineer
Reston, VA
- Production automation frameworks for network deployment and monitoring
- Trained customer-site engineers on secure systems
lockheed-martin-atl Lockheed Martin ATL | bash 2009 – 2015
$ python3 research.py --extract features
Research Scientist (Engineering Leadership Development Program)
Manassas & Arlington, VA
- Neural networks for sonar feature extraction; submitted IP on novel architectures
- Engineered cyber ranges of 10,000+ virtual and physical nodes
- Special Recognition Awards (2012, 2014, 2015)
Say hello
I'm always happy to talk about security architecture, systems design, or whatever you're building. If you found something useful here, or if you think I got something wrong, I'd like to hear about it.
Get in touch