I work on security problems that break at scale.

Fragmented telemetry. Brittle detections. Manual response workflows. Compliance that looks complete until it's tested under pressure.

My approach: treat detection and response as data engineering problems, not tool collection problems. Fix signal quality at source. Build detection logic that holds under real-world failure conditions.

What I'm working on

• Detection engineering at cloud scale: rules, pipelines, and MITRE ATT&CK mapping

• Detection-as-code: Python, YAML, custom DSLs

• Security data integration across multi-cloud environments Building in public

• ai-security-mastery - ML fundamentals → LLM internals → production AI detection systems

• detection-engineering-at-scale - Field guide to building detection pipelines that hold under real-world conditions

• living-threat-intel - Continuously updated threat intelligence mapped to MITRE ATT&CK

• aegis - Hybrid quantum-safe cryptography (Kyber-1024 + Dilithium-5 + AES-256-GCM)

• hsed - Unix-style permission model for KMS/HSM cryptographic operations

• security-operating-manual - How I think about and run security operations Pinned repos reflect the problems I work on and how I think about them.

ruwgxo.com · linkedin.com/in/ruwgxo · Working in security since 2012